Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ComboFix log [Solved]


  • This topic is locked This topic is locked

#1
LorPio

LorPio

    Member

  • Member
  • PipPip
  • 11 posts
Hi, my name is Lorenzo. I'm using a Pavilion notebook running win7 x64. Recently i had trouble with a PUP.bProtector infection. This is ComboFix log, hope everything is fine.

ComboFix 12-11-06.03 - Lore 07/11/2012 13:52:32.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.39.1040.18.4023.2621 [GMT 1:00]
Eseguito da: c:\users\Lore\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Creati Da 2012-10-07 al 2012-11-07 )))))))))))))))))))))))))))))))))))
.
.
2012-11-07 12:38 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1EEBB573-6C6B-4F7D-B064-96866512C81B}\mpengine.dll
2012-11-07 12:08 . 2012-11-07 12:08 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2012-11-06 18:16 . 2012-11-06 18:16 -------- d-----w- c:\users\Lore\AppData\Roaming\QuickScan
2012-11-05 15:06 . 2012-11-07 12:28 -------- d-----w- c:\users\Lore\AppData\Roaming\Anvisoft
2012-11-05 15:06 . 2012-11-05 15:06 -------- d-----w- c:\programdata\Anvisoft
2012-11-05 15:06 . 2012-11-07 12:28 -------- d-----w- c:\program files (x86)\Anvisoft
2012-11-05 13:59 . 2012-11-05 15:06 -------- d-----w- c:\program files\Enigma Software Group
2012-11-05 13:58 . 2012-11-05 15:05 -------- d-----w- c:\windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2012-11-05 13:50 . 2012-11-05 13:50 -------- d-----w- c:\users\Lore\AppData\Roaming\SpeedyPC Software
2012-11-05 13:50 . 2012-11-05 13:50 -------- d-----w- c:\users\Lore\AppData\Roaming\DriverCure
2012-11-05 13:50 . 2012-11-05 15:07 -------- d-----w- c:\programdata\SpeedyPC Software
2012-10-29 08:41 . 2012-10-29 08:41 -------- d-----w- c:\program files\Defraggler
2012-10-27 09:07 . 2012-10-27 09:07 -------- d-----w- c:\programdata\AVS4YOU
2012-10-27 08:28 . 2012-10-27 09:03 -------- d-----w- c:\users\Lore\AppData\Roaming\GlarySoft
2012-10-22 12:30 . 2012-09-24 21:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-16 11:23 . 2012-10-16 11:23 -------- d-----w- c:\program files\7-Zip
2012-10-14 07:56 . 2012-10-14 07:56 -------- d-----w- c:\windows\ShellNew
2012-10-14 07:55 . 2012-10-14 07:56 -------- d-----w- c:\program files (x86)\LibreOffice 3.5
2012-10-13 11:47 . 2012-10-26 16:35 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-13 11:47 . 2012-09-29 17:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-12 15:53 . 2012-10-12 15:53 -------- d-----w- c:\users\Lore\AppData\Roaming\CrystalIdea Software
2012-10-10 19:57 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 19:57 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 19:57 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 19:57 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 19:55 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 19:55 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 19:55 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 19:55 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 19:54 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 19:54 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 19:54 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 19:54 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 19:54 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 19:54 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 19:54 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 19:54 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 20:05 . 2010-03-17 14:14 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 14:11 . 2012-09-26 11:53 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 14:11 . 2011-06-01 21:03 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-30 07:38 . 2010-07-29 11:35 1656 ----a-w- c:\windows\system32\ASOROSet.bin
2012-09-27 06:11 . 2012-09-11 08:45 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-09-14 19:53 . 2012-09-14 19:53 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-09-12 07:35 . 2012-09-12 07:35 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-09-12 07:35 . 2012-09-12 07:35 4720704 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2012-09-12 07:35 . 2012-09-12 07:35 3905848 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2012-09-12 07:35 . 2012-09-12 07:35 3571512 ----a-w- c:\windows\system32\bcmihvui64.dll
2012-09-12 07:35 . 2010-01-29 00:22 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-09-11 08:45 . 2012-09-11 08:45 53248 ----a-r- c:\users\Lore\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-09-10 15:18 . 2012-06-06 22:10 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-10 15:18 . 2010-04-21 14:54 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-10 15:07 . 2012-09-10 15:07 289768 ----a-w- c:\windows\system32\javaws.exe
2012-09-10 15:07 . 2012-09-10 15:07 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-10 15:07 . 2012-07-20 20:01 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-10 15:07 . 2012-07-20 20:01 1034216 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-10 15:07 . 2010-01-09 00:32 189416 ----a-w- c:\windows\system32\javaw.exe
2012-09-10 15:07 . 2010-01-09 00:32 188904 ----a-w- c:\windows\system32\java.exe
2012-09-10 14:52 . 2012-09-10 14:52 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-08-24 11:15 . 2012-09-22 12:45 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-22 12:45 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-22 12:45 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-22 12:45 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-22 12:45 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-22 12:45 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-22 12:45 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-22 12:45 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-22 12:45 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-22 12:45 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-22 12:45 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-22 12:45 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-22 12:45 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-22 12:45 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-22 12:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-22 12:45 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-22 12:45 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-22 12:45 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-22 12:45 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 12:45 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 12:45 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-22 12:45 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-12 05:19 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 05:20 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 05:19 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 05:19 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 08:33 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:38 . 2012-10-10 19:56 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Lore\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Lore\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Lore\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2010-10-25 1216416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~3\BROWSE~1\23787~1.43\{16CDF~1\browsemngr.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"WirelessAssistant"=c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" /run
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"Corel File Shell Monitor"=c:\program files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
.
R3 7ByteIo;7ByteIo;c:\program files (x86)\Hot CPU Tester Pro 4 LE\SysInfoX64.sys [x]
R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*Deregistered* - asdrs
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-11-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-26 14:11]
.
2012-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 15:20]
.
2012-11-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-28 15:20]
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1323424393-2790944153-2253339693-1001Core.job
- c:\users\Lorenzo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-04 13:29]
.
2012-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1323424393-2790944153-2253339693-1001UA.job
- c:\users\Lorenzo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-04 13:29]
.
2012-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1323424393-2790944153-2253339693-1004Core.job
- c:\users\Lore\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-28 12:25]
.
2012-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1323424393-2790944153-2253339693-1004UA.job
- c:\users\Lore\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-28 12:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Lore\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Lore\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Lore\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Lore\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-12-22 445368]
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.babylon.com/?affID=110823&tt=120912_ccp_3812_4&babsrc=HP_ss&mntrId=8acc3162000000000000c417fe195bfe
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1:9421
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{50E4BE42-8E7B-496F-AF33-B1979F3ADD22}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{5CCA819E-544A-4983-AACE-5111B015415F}: NameServer = 192.168.0.1
TCP: Interfaces\{B9AB24AA-779C-44C1-B741-527439496312}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{FFA1F136-AB76-4D39-BAAB-4D3BA7C959A5}\64962756E6A75675966496: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\users\Lore\AppData\Roaming\Mozilla\Firefox\Profiles\iay7jgac.default\
FF - prefs.js: browser.search.selectedEngine - hxxp://www.google.com/search
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2012-09-19 08:18; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Lore\AppData\Roaming\Mozilla\Firefox\Profiles\iay7jgac.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-09-22 16:08; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - ExtSQL: 2012-10-03 10:09; {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}; c:\users\Lore\AppData\Roaming\Mozilla\Firefox\Profiles\iay7jgac.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - ExtSQL: 2012-10-05 13:46; artur.dubovoy@gmail.com; c:\users\Lore\AppData\Roaming\Mozilla\Firefox\Profiles\iay7jgac.default\extensions\artur.dubovoy@gmail.com.xpi
FF - ExtSQL: 2012-10-11 08:16; {b64982b1-d112-42b5-b1e4-d3867c4533f8}; c:\programdata\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension
FF - ExtSQL: 2012-11-07 12:48; browserprotect@browserprotect.com; c:\users\Lore\AppData\Roaming\Mozilla\Firefox\Profiles\iay7jgac.default\extensions\browserprotect@browserprotect.com.xpi
.
.
------- Associazioni dei file -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
SafeBoot-25087223.sys
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{9999A076-A9E2-4C99-8A2B-632FC9429223}"=hex:51,66,7a,6c,4c,1d,38,12,18,a3,8a,
9d,d0,e7,f7,09,f5,3d,20,6f,cc,1c,d6,37
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:15,23,6d,73,bc,90,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,91,7f,47,d8,9c,e0,7a,4f,ae,57,cc,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,91,7f,47,d8,9c,e0,7a,4f,ae,57,cc,\
.
[HKEY_USERS\S-1-5-21-1323424393-2790944153-2253339693-1004\Software\McNeel\Rhinoceros\4.0\Scheme: Default\Plug-ins\:*eh
W*]
@Class="REG_NONE"
.
[HKEY_USERS\S-1-5-21-1323424393-2790944153-2253339693-1004\Software\McNeel\Rhinoceros\4.0\Scheme: Default\Plug-ins\:*eh
W*\Settings]
@Class="REG_NONE"
"last_activation_day"="169"
.
[HKEY_USERS\S-1-5-21-1323424393-2790944153-2253339693-1004\Software\McNeel\Rhinoceros\4.0\Scheme: Default\Plug-ins\*eP3*]
@Class="REG_NONE"
.
[HKEY_USERS\S-1-5-21-1323424393-2790944153-2253339693-1004\Software\McNeel\Rhinoceros\4.0\Scheme: Default\Plug-ins\*eP3*\Settings]
@Class="REG_NONE"
"last_activation_day"="169"
.
[HKEY_USERS\S-1-5-21-1323424393-2790944153-2253339693-1004\Software\McNeel\Rhinoceros\4.0\Scheme: Default\Plug-ins\*e4*]
@Class="REG_NONE"
.
[HKEY_USERS\S-1-5-21-1323424393-2790944153-2253339693-1004\Software\McNeel\Rhinoceros\4.0\Scheme: Default\Plug-ins\*e4*\Settings]
@Class="REG_NONE"
"last_activation_day"="169"
.
[HKEY_USERS\S-1-5-21-1323424393-2790944153-2253339693-1004\Software\McNeel\Rhinoceros\4.0\Scheme: Default\Plug-ins\*j8r9*]
@Class="REG_NONE"
.
[HKEY_USERS\S-1-5-21-1323424393-2790944153-2253339693-1004\Software\McNeel\Rhinoceros\4.0\Scheme: Default\Plug-ins\*j8r9*\Settings]
@Class="REG_NONE"
"last_activation_day"="169"
.
[HKEY_USERS\S-1-5-21-1323424393-2790944153-2253339693-1004\Software\McNeel\Rhinoceros\4.0\Scheme: Default\Plug-ins\*s`S*]
@Class="REG_NONE"
.
[HKEY_USERS\S-1-5-21-1323424393-2790944153-2253339693-1004\Software\McNeel\Rhinoceros\4.0\Scheme: Default\Plug-ins\*s`S*\Settings]
@Class="REG_NONE"
"last_activation_day"="169"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2012-11-07 14:01:03
ComboFix-quarantined-files.txt 2012-11-07 13:01
ComboFix2.txt 2012-09-14 19:49
.
Pre-Run: 382.361.972.736 byte disponibili
Post-Run: 381.622.362.112 byte disponibili
.
- - End Of File - - 17179D1242EAEE1C44B6CA9718323165
  • 0

Advertisements


#2
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hello LorPio and welcome to Geeks To Go !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
  • Please follow the steps exactly as written, in the same order.
  • If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.

Hi,
Sorry for the delay -
Do you still need assistance?
If so, please do the following:
Step
Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 2
Download OTL to your Desktop

  • Right click on the icon and select Run as administrator to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
/md5stop
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs in your next response

Step 3
  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan

Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

In your next reply I would like to see:
  • checkup.txt file from security check
  • OTL log file and extras.txt
  • any RKreport.txt files

  • 0

#3
LorPio

LorPio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thank you for replying me. I know i'm in good hands now.

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware versione 1.65.1.1000
TuneUp Utilities 2013
TuneUp Utilities Language Pack (en-US)
TuneUp Utilities Language Pack (it-IT)
TuneUp Utilities 2013
MyPcCleaner versione 1.0
JavaFX 2.1.1
Java™ 6 Update 18
Java™ 6 Update 20
Java™ 6 Update 22
Java™ 6 Update 35
Java 7 Update 9
Adobe Flash Player 11.5.502.110
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.2)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
Anvisoft Anvi Smart Defender ASDSrv.exe
Kaspersky Lab Kaspersky Internet Security 2013 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

OTL:

OTL logfile created on: 15/11/2012 21:46:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lore\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,93 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 65,12% Memory free
7,86 Gb Paging File | 6,04 Gb Available in Paging File | 76,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,87 Gb Total Space | 341,02 Gb Free Space | 75,97% Space Free | Partition Type: NTFS
Drive D: | 16,59 Gb Total Space | 2,70 Gb Free Space | 16,29% Space Free | Partition Type: NTFS
Drive E: | 99,02 Mb Total Space | 92,44 Mb Free Space | 93,35% Space Free | Partition Type: FAT32

Computer Name: HPPAVILION | User Name: Lore | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/15 21:37:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lore\Desktop\OTL.exe
PRC - [2012/11/14 18:33:42 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2012/08/23 11:42:50 | 000,686,896 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
PRC - [2009/10/05 23:08:42 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/17 21:40:16 | 000,068,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\QtWebKit\qmlwebkitplugin4.dll
MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2009/10/05 23:08:38 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/05/13 17:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/02/01 13:45:34 | 006,159,656 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Windows\SysNative\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2009/11/23 14:53:54 | 005,556,520 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2012/11/14 18:33:42 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012/11/08 12:39:19 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/27 09:56:54 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/11 10:13:48 | 002,365,792 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/08/23 11:42:50 | 000,686,896 | ---- | M] (Anvisoft) [Auto | Running] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe -- (asdsrv)
SRV - [2012/08/01 15:07:16 | 000,724,888 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/15 11:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/03/12 22:39:18 | 000,314,880 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Programmi\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2011/11/29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/09/27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programmi\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/09/01 14:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2010/04/21 17:40:53 | 000,077,944 | ---- | M] (Autodesk) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/23 14:53:58 | 000,127,784 | ---- | M] (Wacom Technology, Corp.) [Disabled | Stopped] -- C:\Programmi\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/03 01:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Programmi\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2009/02/22 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/22 18:35:52 | 000,103,808 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/14 18:34:45 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012/11/14 18:34:44 | 000,613,720 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/11/08 11:31:50 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012/11/08 11:31:50 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/09/12 08:35:22 | 004,720,704 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012/08/20 10:23:36 | 000,023,376 | ---- | M] (Anvisoft) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\asdrs.sys -- (asdrs)
DRV:64bit: - [2012/08/20 10:23:36 | 000,018,768 | ---- | M] (Anvisoft) [File_System | System | Running] -- C:\Windows\SysNative\drivers\asdrm.sys -- (asdrm)
DRV:64bit: - [2012/08/20 10:23:36 | 000,017,232 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\asdws.sys -- (asdws)
DRV:64bit: - [2012/08/13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012/08/02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/06/27 14:18:52 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012/06/19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/06/18 11:09:19 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/06/06 18:05:30 | 000,174,200 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2012/04/18 18:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/15 19:12:20 | 000,426,768 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/03/15 19:12:18 | 000,021,264 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv)
DRV:64bit: - [2012/03/12 22:39:18 | 000,536,064 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/09 16:28:20 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2012/01/09 16:28:20 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012/01/09 16:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012/01/09 16:28:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012/01/09 16:28:18 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/11/30 14:53:24 | 000,026,200 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2011/11/29 18:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/09/02 07:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011/09/02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/05/18 12:50:02 | 000,058,368 | ---- | M] (GenesysLogic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GeneStor.sys -- (GeneStor)
DRV:64bit: - [2011/05/13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/02/27 06:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/24 13:32:24 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/12/25 13:09:36 | 000,076,112 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/11/27 16:45:06 | 000,295,424 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/10/14 18:08:34 | 000,036,760 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/29 08:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2008/06/27 06:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007/02/16 20:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2012/09/18 16:02:02 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/09/02 08:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/6
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0C4FC2B7-A72E-4CD5-9311-23C0DA9D7D25}
IE:64bit: - HKLM\..\SearchScopes\{0C4FC2B7-A72E-4CD5-9311-23C0DA9D7D25}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCON/6
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0C4FC2B7-A72E-4CD5-9311-23C0DA9D7D25}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2645238


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com

IE - HKU\S-1-5-21-1323424393-2790944153-2253339693-1004\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylo...000c417fe195bfe
IE - HKU\S-1-5-21-1323424393-2790944153-2253339693-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...000c417fe195bfe
IE - HKU\S-1-5-21-1323424393-2790944153-2253339693-1004\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1323424393-2790944153-2253339693-1004\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-1323424393-2790944153-2253339693-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000c417fe195bfe
IE - HKU\S-1-5-21-1323424393-2790944153-2253339693-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1323424393-2790944153-2253339693-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "http://www.google.com/search"
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..extensions.enabledAddons: artur.dubovoy@gmail.com:3.7.6
FF - prefs.js..extensions.enabledAddons: browserprotect@browserprotect.com:1.1.3
FF - prefs.js..extensions.enabledAddons: anti_banner@kaspersky.com:13.0.1.4190
FF - prefs.js..network.proxy.type: 4
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Lore\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Lore\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\emoticoons-toolbar@emoticoons.com: C:\Users\Public\Documents\Emoticoons\emoticoons-toolbar@emoticoons.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/09/22 15:08:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012/11/08 11:14:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012/11/08 11:14:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012/11/08 11:14:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012/11/08 11:14:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012/11/08 11:14:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/12 13:27:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/10/11 07:15:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/12 13:27:27 | 000,000,000 | ---D | M]

[2012/09/19 07:07:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lore\AppData\Roaming\mozilla\Extensions
[2012/11/07 12:48:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lore\AppData\Roaming\mozilla\Firefox\Profiles\iay7jgac.default\extensions
[2012/10/03 09:09:12 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Lore\AppData\Roaming\mozilla\Firefox\Profiles\iay7jgac.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/10/18 15:07:57 | 000,221,098 | ---- | M] () (No name found) -- C:\Users\Lore\AppData\Roaming\mozilla\firefox\profiles\iay7jgac.default\extensions\artur.dubovoy@gmail.com.xpi
[2012/11/07 12:48:35 | 000,047,822 | ---- | M] () (No name found) -- C:\Users\Lore\AppData\Roaming\mozilla\firefox\profiles\iay7jgac.default\extensions\browserprotect@browserprotect.com.xpi
[2012/09/19 07:18:25 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Lore\AppData\Roaming\mozilla\firefox\profiles\iay7jgac.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/10/27 09:56:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/08 11:14:05 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 2013\FFEXT\ANTI_BANNER@KASPERSKY.COM
[2012/10/27 09:56:54 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/06 02:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/14 19:56:13 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: https://www.google.it/
CHR - default_search_provider: DuckDuckGo (Enabled)
CHR - default_search_provider: search_url = https://duckduckgo.c...q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: https://www.google.it/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Lore\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Lore\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Lore\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Wajam (Enabled) = C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\plugins/PriamNPAPI.dll
CHR - plugin: Application Manager (Enabled) = C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\spext.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: MeasureIt! = C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\aonjhmdcgbgikgjapjckfkefpphjpgma\1.1.3_0\
CHR - Extension: WOT = C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.3.7_0\
CHR - Extension: WOT = C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.3.9_0\
CHR - Extension: YouTube = C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_2\
CHR - Extension: Ricerca Google = C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_2\
CHR - Extension: Controllo URL Kaspersky = C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Extension Automation = C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghopjgdkodchjclkkfdekhjfomdbakkb\1.1.2_0\
CHR - Extension: AdBlock = C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.47_0\
CHR - Extension: Safe Money = C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Blocco contenuto = C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Tastiera Virtuale = C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\
CHR - Extension: Wajam = C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.24_0\
CHR - Extension: Better Pop Up Blocker = C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0\
CHR - Extension: Bitdefender QuickScan = C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\
CHR - Extension: Settings Protector = C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0_0\
CHR - Extension: Google Reader = C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\
CHR - Extension: Gmail = C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
CHR - Extension: Anti-Banner = C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\

O1 HOSTS File: ([2011/01/27 14:00:57 | 000,001,211 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1323424393-2790944153-2253339693-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1323424393-2790944153-2253339693-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1323424393-2790944153-2253339693-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Aggiungi ad Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: &Tastiera Virtuale - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Programmi\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9:64bit: - Extra Button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Tastiera Virtuale - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_07)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50E4BE42-8E7B-496F-AF33-B1979F3ADD22}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CCA819E-544A-4983-AACE-5111B015415F}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9AB24AA-779C-44C1-B741-527439496312}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFA1F136-AB76-4D39-BAAB-4D3BA7C959A5}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\PROGRA~3\BROWSE~1\23787~1.43\{16CDF~1\browsemngr.dll) - c:\ProgramData\Browser Manager\2.3.787.43\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programmi\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/11/05 14:59:17 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/15 21:37:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lore\Desktop\OTL.exe
[2012/11/11 18:07:01 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012/11/11 18:06:58 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012/11/11 18:06:58 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012/11/11 18:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2012/11/11 18:06:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013
[2012/11/11 18:05:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012/11/11 17:44:30 | 000,023,376 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrs.sys
[2012/11/11 17:44:30 | 000,018,768 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrm.sys
[2012/11/11 16:11:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2012/11/11 15:55:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.5
[2012/11/11 15:55:31 | 000,000,000 | ---D | C] -- C:\Windows\ShellNew
[2012/11/08 11:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2012/11/08 11:14:35 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2012/11/08 11:14:12 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2012/11/08 11:14:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/11/08 11:13:51 | 000,613,720 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/11/08 11:13:51 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2012/11/08 11:01:59 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/11/08 11:01:59 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/11/08 11:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/11/07 18:12:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/07 14:01:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/07 13:46:02 | 004,997,881 | R--- | C] (Swearware) -- C:\Users\Lore\Desktop\ComboFix.exe
[2012/11/06 19:16:12 | 000,000,000 | ---D | C] -- C:\Users\Lore\AppData\Roaming\QuickScan
[2012/11/06 07:29:18 | 000,000,000 | ---D | C] -- C:\Users\Lore\Documents\Anti-Malware
[2012/11/05 16:06:50 | 000,000,000 | ---D | C] -- C:\Users\Lore\AppData\Roaming\Anvisoft
[2012/11/05 16:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2012/11/05 16:06:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2012/11/05 16:06:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2012/11/05 14:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/11/05 14:50:48 | 000,000,000 | ---D | C] -- C:\Users\Lore\AppData\Roaming\SpeedyPC Software
[2012/11/05 14:50:48 | 000,000,000 | ---D | C] -- C:\Users\Lore\AppData\Roaming\DriverCure
[2012/11/05 14:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/10/29 09:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2012/10/27 10:07:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012/10/27 09:56:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/10/27 09:28:39 | 000,000,000 | ---D | C] -- C:\Users\Lore\AppData\Roaming\GlarySoft
[2012/10/23 09:12:12 | 000,000,000 | ---D | C] -- C:\Users\Lore\Documents\My Downloads
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/15 21:41:22 | 000,673,280 | ---- | M] () -- C:\Users\Lore\Desktop\RogueKiller.exe
[2012/11/15 21:37:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lore\Desktop\OTL.exe
[2012/11/15 21:34:00 | 000,001,166 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1323424393-2790944153-2253339693-1001UA.job
[2012/11/15 21:27:04 | 000,001,156 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1323424393-2790944153-2253339693-1004UA.job
[2012/11/15 20:57:00 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/15 20:52:10 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/15 19:12:43 | 000,054,957 | ---- | M] () -- C:\Users\Lore\Desktop\capolettera.pdf
[2012/11/15 18:51:44 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLore.job
[2012/11/15 17:05:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1323424393-2790944153-2253339693-1004Core.job
[2012/11/15 14:34:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1323424393-2790944153-2253339693-1001Core.job
[2012/11/15 08:57:00 | 000,001,142 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/15 07:52:52 | 000,023,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/15 07:52:52 | 000,023,248 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/15 07:51:29 | 001,654,670 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/15 07:51:29 | 000,739,482 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012/11/15 07:51:29 | 000,652,376 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/15 07:51:29 | 000,146,522 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012/11/15 07:51:29 | 000,121,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/15 07:44:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/14 18:34:45 | 000,054,104 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kltdi.sys
[2012/11/14 18:34:44 | 000,613,720 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2012/11/14 07:10:32 | 005,633,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/12 13:27:19 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/11/11 18:06:50 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Manutenzione in 1 clic.lnk
[2012/11/11 18:06:50 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2012/11/11 17:44:30 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk
[2012/11/11 15:55:39 | 000,001,088 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 3.5.lnk
[2012/11/08 12:08:06 | 000,002,484 | ---- | M] () -- C:\Users\Lore\Desktop\Google Chrome.lnk
[2012/11/08 11:31:50 | 000,029,528 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klmouflt.sys
[2012/11/08 11:31:50 | 000,029,016 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klkbdflt.sys
[2012/11/08 11:15:24 | 000,002,304 | ---- | M] () -- C:\Users\Lore\Desktop\Safe Money.lnk
[2012/11/08 11:14:36 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2012/11/08 11:11:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/11/07 13:46:16 | 004,997,881 | R--- | M] (Swearware) -- C:\Users\Lore\Desktop\ComboFix.exe
[2012/11/05 20:44:03 | 000,002,052 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/11/05 14:59:17 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2012/11/04 22:18:24 | 000,021,485 | ---- | M] () -- C:\Users\Lore\Desktop\Architesi.pdf
[2012/10/30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/10/29 09:41:04 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/10/26 21:19:05 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Content Viewer.lnk
[2012/10/26 20:31:45 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/26 17:35:03 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/15 21:41:17 | 000,673,280 | ---- | C] () -- C:\Users\Lore\Desktop\RogueKiller.exe
[2012/11/15 19:12:37 | 000,054,957 | ---- | C] () -- C:\Users\Lore\Desktop\capolettera.pdf
[2012/11/14 04:27:00 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/14 04:22:01 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/12 13:27:19 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/11/12 00:03:30 | 005,633,560 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/11 18:06:50 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Manutenzione in 1 clic.lnk
[2012/11/11 18:06:50 | 000,002,157 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2012/11/11 18:06:50 | 000,002,145 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2012/11/11 17:44:30 | 000,017,232 | ---- | C] () -- C:\Windows\SysNative\drivers\asdws.sys
[2012/11/11 17:44:30 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk
[2012/11/11 15:55:39 | 000,001,088 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 3.5.lnk
[2012/11/08 18:27:58 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForLore.job
[2012/11/08 11:15:24 | 000,002,304 | ---- | C] () -- C:\Users\Lore\Desktop\Safe Money.lnk
[2012/11/08 11:14:51 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2012/11/08 11:02:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/11/05 14:59:17 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2012/11/04 22:18:24 | 000,021,485 | ---- | C] () -- C:\Users\Lore\Desktop\Architesi.pdf
[2012/10/29 09:41:04 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk
[2012/10/27 09:13:44 | 000,001,175 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS5.5.lnk
[2012/10/27 09:11:28 | 000,001,149 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2012/10/27 09:10:34 | 000,001,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS5.5.lnk
[2012/10/26 21:19:05 | 000,001,057 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
[2012/10/26 21:19:05 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Content Viewer.lnk
[2012/10/26 18:08:47 | 000,001,317 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.exe.lnk
[2012/09/14 20:31:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/14 20:31:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/14 20:31:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/14 20:31:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/14 20:31:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/09/14 13:28:12 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/09/11 09:58:04 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\ustor.dll
[2012/09/11 09:58:04 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\UMonit.exe
[2012/09/11 09:55:30 | 000,172,097 | ---- | C] () -- C:\Windows\SysWow64\NoMSGuninstall.exe
[2012/09/11 09:55:30 | 000,000,840 | ---- | C] () -- C:\Windows\SysWow64\ProductName.ini
[2012/09/11 09:55:29 | 000,000,187 | ---- | C] () -- C:\Windows\SysWow64\IconCfg0.ini
[2012/07/22 13:50:27 | 000,001,456 | ---- | C] () -- C:\Users\Lore\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/07/06 09:11:18 | 000,004,055 | ---- | C] () -- C:\Users\Lore\AppData\Local\unins000.dat
[2012/06/18 12:35:53 | 000,034,764 | ---- | C] () -- C:\Users\Lore\AppData\Local\dt.dat
[2012/04/10 15:38:03 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/04/10 15:30:23 | 001,683,126 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/24 06:30:44 | 000,000,132 | ---- | C] () -- C:\Users\Lore\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2011/12/04 13:16:21 | 000,000,028 | ---- | C] () -- C:\Windows\v2d.INI
[2011/11/04 17:32:35 | 000,000,132 | ---- | C] () -- C:\Users\Lore\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/10/26 10:20:04 | 000,005,613 | ---- | C] () -- C:\Users\Lore\AppData\Local\Temp5.html
[2011/10/25 12:19:53 | 000,008,718 | ---- | C] () -- C:\Users\Lore\AppData\Local\Temp7.html
[2011/10/25 12:07:36 | 000,008,718 | ---- | C] () -- C:\Users\Lore\AppData\Local\Temp17.html
[2011/10/25 12:04:50 | 000,001,892 | ---- | C] () -- C:\Users\Lore\AppData\Local\Temp1.html
[2011/08/28 14:04:58 | 000,852,968 | ---- | C] () -- C:\Users\Lore\AppData\Local\census.cache
[2011/08/28 14:04:18 | 000,135,100 | ---- | C] () -- C:\Users\Lore\AppData\Local\ars.cache
[2011/08/28 13:56:10 | 000,000,036 | ---- | C] () -- C:\Users\Lore\AppData\Local\housecall.guid.cache
[2011/08/28 10:19:34 | 000,007,605 | ---- | C] () -- C:\Users\Lore\AppData\Local\Resmon.ResmonCfg
[2011/07/29 16:55:37 | 000,003,584 | ---- | C] () -- C:\Users\Lore\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/06 09:18:12 | 000,000,132 | ---- | C] () -- C:\Users\Lore\AppData\Roaming\Adobe BMP Format CS5 Prefs

========== ZeroAccess Check ==========

[2012/09/20 17:20:32 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/11 17:44:56 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\Anvisoft
[2012/09/01 12:48:38 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\Autodesk
[2012/01/05 19:32:12 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\AVG2012
[2012/09/18 20:30:49 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\Babylon
[2011/03/05 15:30:08 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\Canon
[2012/07/16 19:25:14 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/03/03 22:52:34 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\CheckPoint
[2012/01/31 21:57:59 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/10/12 16:53:32 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\CrystalIdea Software
[2012/09/18 20:28:06 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\DAEMON Tools Pro
[2012/11/05 14:50:48 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\DriverCure
[2012/09/14 14:10:27 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\driveridentifier
[2012/10/27 09:54:50 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\Dropbox
[2012/09/11 09:21:37 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\Easeware
[2012/02/07 12:47:06 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\GardenGnomeSoftware
[2012/10/27 10:03:11 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\GlarySoft
[2012/02/03 19:35:18 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\HDRsoft
[2012/09/11 09:45:45 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\Leadertech
[2012/07/16 09:48:48 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\LibreOffice
[2011/03/07 13:51:07 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\Luxology
[2012/08/14 17:19:39 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\Nokia
[2012/08/14 17:19:40 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\Nokia Suite
[2012/07/22 20:34:31 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\Notepad++
[2011/03/04 14:45:26 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\OpenOffice.org
[2011/07/29 16:13:26 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\PC Suite
[2012/09/14 16:10:43 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\PowerISO
[2012/09/14 17:25:30 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\Probit Software
[2012/11/06 19:16:15 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\QuickScan
[2012/11/05 14:50:48 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\SpeedyPC Software
[2011/04/08 15:09:49 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/09/30 16:51:10 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\Systweak
[2012/02/07 14:34:51 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\Thinstall
[2012/11/11 18:06:28 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\TuneUp Software
[2012/01/24 01:19:45 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\TypeDNA-FontManager.7DD754936347AC45CE70988FE6EE6CC92F266EC1.1
[2012/11/15 19:09:52 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\uTorrent
[2011/04/12 15:30:11 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\xrecode2
[2010/03/21 16:16:54 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\Ambient Design
[2010/12/09 19:59:39 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\Autodesk
[2012/10/27 09:52:20 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\Canon
[2010/10/10 20:05:26 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\CheckPoint
[2010/05/01 11:30:13 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/05 10:13:22 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\com.gugga.inTouch.5F38BFD43016A92ECF6B8272C407E5E3E2F4A2AF.1
[2011/02/07 10:29:45 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\com.levitation.ColorBrowser.E8C85B0D1658562C6BF4EE77663EB3C86B87123C.1
[2012/10/27 09:52:20 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\DAEMON Tools Lite
[2012/10/27 09:52:20 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\Dropbox
[2010/05/17 18:43:05 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\GlarySoft
[2010/06/23 14:06:29 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\Luxology
[2010/05/15 21:21:28 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\OpenOffice.org
[2010/10/11 17:36:19 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\SuperAdBlocker.com
[2010/07/05 10:33:14 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\Thunderbird
[2010/10/10 19:40:36 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\TuneUp Software
[2010/07/29 10:53:00 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\Uniblue
[2011/05/13 09:48:14 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\uTorrent
[2010/04/23 10:35:26 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\widestream
[2010/03/18 15:23:00 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\ZipGenius
[2010/03/21 16:19:52 | 000,000,000 | ---D | M] -- C:\Users\Lorenzo\AppData\Roaming\_MDLogs

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/14 02:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010/11/20 14:25:40 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 02:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 14:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 14:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/14 02:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 23:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2012/06/02 06:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2012/06/02 05:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 14:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 14:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 13:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 07:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/14 02:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 02:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/14 02:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 14:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/14 02:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 02:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 02:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 02:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 18:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 02:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 12:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 07:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/14 02:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 14:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 14:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 14:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 07:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/14 02:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 14:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 14:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 13:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 14:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 14:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 13:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/14 02:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 06:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 14:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 14:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 14:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 14:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
No service found with a name of WinDefend
SRV:64bit: - [2010/11/20 14:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 14:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 14:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 14:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 13:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/14 02:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 23:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 14:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 02:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 14:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2010/01/09 07:44:10 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/01/09 07:44:10 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2009/08/03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/01/09 07:44:10 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/01/09 07:44:10 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe

< MD5 for: QMGR.DLL >
[2010/11/20 14:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\erdnt\cache64\qmgr.dll
[2010/11/20 14:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 14:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009/07/14 02:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: SERVICES >
[2009/06/10 22:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.AIP >
[2010/04/07 20:47:20 | 000,132,544 | ---- | M] (Adobe Systems Incorporated) MD5=3E69B3D98D1B184EA96CFBC18CE07CA5 -- C:\Program Files (x86)\Adobe\Adobe Illustrator CS5\Plug-ins\Extensions\Services.aip

< MD5 for: SERVICES.ASFX >
[2010/10/25 14:15:46 | 000,000,230 | ---- | M] () MD5=2577B66F38E0DEA25F328DA4A0FED322 -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\fr_FR\Services\Services.asfx
[2012/07/27 21:51:42 | 000,002,605 | ---- | M] () MD5=5A2C5D0DA3EAAB2AA77F16947D0E14FF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\it_IT\Services\Services.asfx
[2010/10/25 14:15:46 | 000,000,231 | ---- | M] () MD5=9F2731666F5771CC5C1E4EEDC8FB8607 -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Locale\de_DE\Services\Services.asfx

< MD5 for: SERVICES.CFG >
[2012/07/27 21:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2010/10/25 14:13:46 | 000,032,633 | ---- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Services\Services.cfg

< MD5 for: SERVICES.DAT >
[2012/10/17 00:07:39 | 000,010,240 | ---- | M] () MD5=7814834A37AB14614D8A4913E1ACC378 -- C:\Users\Lore\AppData\Roaming\Adobe\Acrobat\10.0\Security\services.dat

< MD5 for: SERVICES.EXE >
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/01/09 07:39:16 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=2DB09CB5CC5E025D1381123F00AAA71D -- C:\Windows\SysNative\it-IT\services.exe.mui
[2010/01/09 07:39:16 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=2DB09CB5CC5E025D1381123F00AAA71D -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_it-it_529d01e809d121ed\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2010/01/09 07:39:30 | 000,092,755 | ---- | M] () MD5=1452B2812DA789ABB1998CB07F97524A -- C:\Windows\SysNative\it-IT\services.msc
[2010/01/09 07:39:19 | 000,092,755 | ---- | M] () MD5=1452B2812DA789ABB1998CB07F97524A -- C:\Windows\SysWOW64\it-IT\services.msc
[2010/01/09 07:39:30 | 000,092,755 | ---- | M] () MD5=1452B2812DA789ABB1998CB07F97524A -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_it-it_8cded1d3e03abbe0\services.msc
[2010/01/09 07:39:19 | 000,092,755 | ---- | M] () MD5=1452B2812DA789ABB1998CB07F97524A -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_it-it_30c0365027dd4aaa\services.msc
[2009/06/10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/06/10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.RDB >
[2012/10/03 09:05:58 | 000,008,060 | ---- | M] () MD5=365F626303EBC6DB5DCA7BBC4FAE0564 -- C:\Program Files (x86)\LibreOffice 3.5\URE\misc\services.rdb
[2012/10/04 00:22:12 | 000,180,201 | ---- | M] () MD5=FB73C2F46884319721B2BBA533490429 -- C:\Program Files (x86)\LibreOffice 3.5\program\services\services.rdb

< MD5 for: SERVICES.TICO >
[2009/09/25 14:00:00 | 000,002,038 | ---- | M] () MD5=D669B1B2EBE288A61680C3C863828D28 -- C:\Program Files (x86)\TuneUp Utilities 2013\data\services.tico

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache86\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/09/29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\erdnt\cache64\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/09/29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< End of report >

Extras.txt :
OTL Extras logfile created on: 15/11/2012 21:46:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lore\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,93 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 65,12% Memory free
7,86 Gb Paging File | 6,04 Gb Available in Paging File | 76,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,87 Gb Total Space | 341,02 Gb Free Space | 75,97% Space Free | Partition Type: NTFS
Drive D: | 16,59 Gb Total Space | 2,70 Gb Free Space | 16,29% Space Free | Partition Type: NTFS
Drive E: | 99,02 Mb Total Space | 92,44 Mb Free Space | 93,35% Space Free | Partition Type: FAT32

Computer Name: HPPAVILION | User Name: Lore | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1323424393-2790944153-2253339693-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{086235B5-626C-4F9A-AC9B-D1B1AF8113D8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0C96ACFB-DCBF-40C5-8910-FD305A5CEF9E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{0D841358-F13D-47D3-88C5-D53E13A07D05}" = lport=445 | protocol=6 | dir=in | app=system |
"{166419F0-B586-46E3-BEF5-BB9956DB8713}" = rport=445 | protocol=6 | dir=out | app=system |
"{17F94900-0B62-42F2-9646-CAE3F12EE0B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{19BD6CF9-C31A-4939-8DEA-088E8FEB7B02}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1C5E98ED-4592-4960-A38E-CC944756B02F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{24B5A6C0-69BA-4847-A4A6-5F687A9D108D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{26A30D93-7FA5-4EDB-8F93-246E522F4F8F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{28255844-0832-4B9E-B3E4-7223A101952D}" = lport=139 | protocol=6 | dir=in | app=system |
"{282E79A3-6F35-451D-B601-08A335DB4785}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{5FEDBE0D-A422-464B-BCF8-8BD3AF4907B6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7692D34B-D499-44A4-BD6F-D2835D673120}" = rport=139 | protocol=6 | dir=out | app=system |
"{827376BB-0539-44A9-8F54-BA853DB3F039}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8CF476B2-6AAD-4FA5-8E86-4836B64FC459}" = rport=10243 | protocol=6 | dir=out | app=system |
"{92F942B1-5A33-4764-806E-4D92B086F307}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{93DBCB6F-9862-402D-98E9-B3332F629751}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{98F0E228-D0C9-45BA-A2CF-D23EF7EF3EFA}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{A1AD8B32-CCF3-46EA-ACD8-60F0E2FD043B}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{A1FD09C4-9C8D-4AF8-9242-A6B04003EC52}" = rport=137 | protocol=17 | dir=out | app=system |
"{A659C6EB-8495-491C-A737-6D4E7E59D246}" = rport=138 | protocol=17 | dir=out | app=system |
"{C5FAF454-D21B-4B90-942C-EAC9091730E1}" = lport=138 | protocol=17 | dir=in | app=system |
"{CA59DBD9-B9BA-40AD-BCC9-2B2DF2D34AEB}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{CB49D10C-A485-4430-98A1-F7D99B3380B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D27251A4-62C7-4116-880C-A5FB56423827}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F5BEB8E7-C7F0-4FA1-A4EB-71B1C6E17251}" = lport=137 | protocol=17 | dir=in | app=system |
"{FB11ECF5-4BF1-4255-BF48-F1D193D40D94}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0572B318-156F-4D83-B117-29CE60A0D236}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0AD60A39-99B3-4B42-B100-17059CBB8A42}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{161982DC-28E0-4906-A643-514CE79D3A4A}" = protocol=6 | dir=out | app=system |
"{178D5FDB-DB8B-4ED3-8E8D-1CA572164CB8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{197308E6-C4C3-4E5B-8101-F76F31CC582E}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{1A053FD7-B0C5-453B-B140-2AA6D145E835}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{236D8CC4-BD21-4799-BFCC-D48A6BA97997}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{295453AB-431D-4775-98BB-C436D0B73670}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
"{30266B99-F8A5-411F-B278-8A12B42FB8EB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{35B9A3E3-95E7-43CF-A1A4-16A1668F90BF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{35F54229-40A2-4F26-9794-024C071D8015}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3644DA8D-0F51-49C5-8603-89E80D720484}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{3E11449F-9402-4660-8C1B-DFCFE41FD0EB}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{40F840BA-A37B-4A4E-A599-3232840B4028}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{4484E090-5786-4D36-B708-4AC2D59E5BA1}" = protocol=6 | dir=in | app=c:\users\lore\appdata\roaming\dropbox\bin\dropbox.exe |
"{46825174-670F-49E4-9CF4-5E93D4CA105A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{4EC2F099-C4F2-4CA6-98B7-E97C03600127}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{536EA08F-EFA6-4ED9-A181-B223C1D243F8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{547932B6-33B2-4119-A8B7-9D456C432FAB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{55032874-D869-410A-BE5F-AA0E75A8EF27}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{561278FA-84BD-4CEE-BE22-95DF9DFF6918}" = protocol=17 | dir=in | app=c:\users\lore\appdata\roaming\dropbox\bin\dropbox.exe |
"{68A95C1C-9470-4AFB-A198-933EF7CDD253}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{81EB9C55-4D58-415A-9394-C8ECE8B70F0C}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{887124C2-5E20-43B4-A05E-61F31E0C61A1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8A2A6F62-4B53-42B0-B1D8-5C4C84E8C06B}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{944CED6D-AE4D-47D1-A794-17C0B9837EAE}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{A43A7BB8-0940-4EE1-9D17-B05158FC6F6B}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{A45F8DD5-1991-43CD-A8ED-72894AFB972E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A510CF09-BEEA-4DC3-97E3-2071EAF83CE4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AE1ECBB2-A4BC-4497-AA51-12FD0CEE6140}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{B1EFB55D-4935-485C-B23C-DB6DD0705150}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{BCAF9878-EF4B-4508-922E-825AC55F6D67}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BD4EFD54-53A5-4EB8-B96B-33581DDBAF2E}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{C841A1C6-A050-4B96-920D-F00799EB0DA0}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
"{D49309F1-EEDC-455D-A3EF-5CC7548518DD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D69B7703-13FC-4E04-90FE-2CE31B132BE3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DD700C94-8755-4375-9E64-72BF85995523}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{E10B804E-0181-475E-B1B6-F2FAF3D42A61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E8A94937-1727-4A24-B819-A47A7035D138}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EA034DC7-8938-4E69-9F23-723F83741FB6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EA9A236C-9413-43F6-A99D-9D568AB10A02}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F4270366-CBBF-4744-ABD5-089F93DB1C54}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"TCP Query User{1516D350-099F-4275-9FEF-8A9FB505A86C}C:\users\lore\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\lore\appdata\local\akamai\netsession_win.exe |
"TCP Query User{29036526-5FC7-48D9-8367-5991A2AC0D03}C:\users\lore\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\lore\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{88F2483F-AC64-4B1B-B7E1-5B517A5AC79C}C:\users\lore\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\lore\appdata\local\akamai\netsession_win.exe |
"UDP Query User{1DA8E7C5-19B1-44F4-927A-90FD9FCEB1EE}C:\users\lore\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\lore\appdata\local\akamai\netsession_win.exe |
"UDP Query User{25163AC7-0D4B-4A89-9C7D-1C75D8D85447}C:\users\lore\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\lore\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{BA778709-FA04-485F-951E-3497386C6813}C:\users\lore\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\lore\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01651F94-6956-4F93-8AFE-0A30DB230BDB}" = HP 3D DriveGuard
"{1111706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 (64-bit)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413" = CanoScan LiDE 100 Scanner Driver
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{2222706F-666A-4037-7777-203648764D10}" = JavaFX 2.0.3 SDK (64-bit)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{25B473DB-CC8D-384A-ACE7-7CFB119B7E03}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416035FF}" = Java™ 6 Update 35 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java™ SE Development Kit 6 Update 15 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0160350}" = Java™ SE Development Kit 6 Update 35 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java™ SE Development Kit 7 Update 3 (64-bit)
"{64A3A4F4-B792-11D6-A78A-00B0D0170070}" = Java SE Development Kit 7 Update 7 (64-bit)
"{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6C8D7973-31F9-32E1-A820-8DD857910323}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{84452C2C-BDCC-36F3-A189-CE15F02A47FB}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{89026002-A893-42D9-9E20-6829B844735E}" = Application Verifier (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{951E6223-AC28-345E-BCF4-B55C1267E321}" = Microsoft Windows SDK for Windows 7 Samples (30514)
"{9B57A772-BC72-3430-A198-46D48D4F1CCA}" = Microsoft .NET Framework 4 Extended ITA Language Pack
"{A0B0F02C-410B-3DE3-9740-EC4C3D902532}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{AB79B2CD-4555-4D3F-BC37-8948598223F2}" = runtime64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Pannello di controllo NVIDIA 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver grafico 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aggiornamenti NVIDIA 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Driver audio HD 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Pacchetto driver Windows - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"9201E5BD02AE4540AF31E8A23F8E4A0A8FEFB31C" = ENE CIR Receiver Driver
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"sp6" = Logitech SetPoint 6.32
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Unlocker" = Unlocker 1.9.0-x64
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{0215A652-E081-4B09-9333-DC85AAB67FFA}" = Adobe Dreamweaver CS5.5
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0DFFF131-8BA6-4236-850C-7279B9C446F1}" = LibreOffice 3.5
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{13C96625-28E4-4c58-ADE0-CDAFC64752EB}" = JMicron 1394 Filter Driver
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{248d327f-8554-45dc-b1af-78338dc97516}" = Nero Move it
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java™ 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java™ 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java™ 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft VC80 Support DLLs
"{34A08914-7A33-4040-A959-1577BF5AFF8A}" = Microsoft Works
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3B69A712-4CBC-40B1-AE55-0203075FD093}" = Nokia Suite
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41c3b678-2c27-460e-ba5c-0cadcaf3130b}" = DTS Plug-in
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{4F38594F-2C4A-4C42-B2C4-505E225F6F80}" = HP Product Detection
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}" = Rhinoceros 4.0
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635E8116-E451-4E27-BF28-AD11C489D28E}_is1" = MyPcCleaner versione 1.0
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{691BD252-796D-4AE3-924C-C48A1CD4BEDF}" = OpenOffice.org 3.2
"{6d01d6ad-1ce6-46f6-9b22-72215ae22959}" = Gracenote Plug-in
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7390478C-8581-415E-92E9-2997D9306B81}" = PC Connectivity Solution
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{82c7f767-62da-40e8-bed1-a382dd11a790}" = mp3PRO Plug-in
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{857CC5F0-040E-1016-A173-D55ADD80C260}" = Adobe InDesign CS5.5
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D5088A9-4376-4765-B5E4-695AFFBA4F7A}" = TuneUp Utilities Language Pack (it-IT)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{959B7F35-2819-40C5-A0CD-3C53B5FCC935}" = Genesys USB Mass Storage Device
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0c648d0-693b-42dd-975d-02b25695cc45}" = Nero MediaHome 4
"{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Franais, Deutsch
"{AC76BA86-7AD7-1040-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Italiano
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B51605BF-6326-4553-AE96-6D7F1813D5F5}" = HP User Guides 0154
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{b6fa7348-162f-493f-a6cb-8648680c923d}" = Nero BackItUp 4
"{B7DD783E-EE11-4B68-AF39-71AE2C457015}" = Windows Live Sync
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C71067FC-288F-4E0B-88C6-44DFDA8311E2}" = System Requirements Lab for Intel
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB7BD99D-8C39-5691-33FF-0B891AADED18}" = inTouch
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{dcaed3d2-0be5-4553-9c76-7f696787b59c}" = Blu-ray Disc Authoring Plug-in
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{ECC0CADD-0491-4FB0-AAB8-5DC6C371890E}" = Rhinoceros 4.0 SR7
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Supporto applicazioni Apple
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Anvi Smart Defender" = Anvi Smart Defender 1.6
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CDisplay_is1" = CDisplay 1.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"com.gugga.inTouch.5F38BFD43016A92ECF6B8272C407E5E3E2F4A2AF.1" = inTouch
"Guitar Pro 5_is1" = Guitar Pro 5.2
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Nokia Suite" = Nokia Suite
"Notepad++" = Notepad++
"Pen Tablet Driver" = Bamboo
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"uTorrent" = Torrent
"VLC media player" = VLC media player 2.0.3
"Wacom Tablet Driver" = Tavoletta Wacom
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Windows Media Encoder 9" = Windows Media Encoder 9 Series

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1323424393-2790944153-2253339693-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/11/2012 09:41:39 | Computer Name = HpPavilion | Source = SideBySide | ID = 16842827
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Errore nel
file manifesto o dei criteri "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe",
riga 2. Non sono consentiti pi elementi requestedPrivileges nel manifesto.

Error - 13/11/2012 02:41:32 | Computer Name = HpPavilion | Source = VSS | ID = 8193
Description =

Error - 13/11/2012 10:44:58 | Computer Name = HpPavilion | Source = SideBySide | ID = 16842827
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Errore nel
file manifesto o dei criteri "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe",
riga 2. Non sono consentiti pi elementi requestedPrivileges nel manifesto.

Error - 13/11/2012 23:21:34 | Computer Name = HpPavilion | Source = VSS | ID = 8193
Description =

Error - 14/11/2012 02:14:23 | Computer Name = HpPavilion | Source = VSS | ID = 8193
Description =

Error - 14/11/2012 05:50:45 | Computer Name = HpPavilion | Source = Application Hang | ID = 1002
Description = Il programma firefox.exe versione 16.0.2.4680 non interagisce pi
con Windows ed stato chiuso. Per vedere se sono disponibili ulteriori informazioni
sul problema, verificare la cronologia del problema in Centro operativo nel Pannello
di controllo. ID processo: 13d8 Ora di avvio: 01cdc23892dc2817 Ora di chiusura: 4430

Percorso
applicazione: C:\Program Files (x86)\Mozilla Firefox\firefox.exe ID segnalazione:
9a50398a-2e40-11e2-a667-ddbebf8583db

Error - 15/11/2012 04:46:52 | Computer Name = HpPavilion | Source = Application Error | ID = 1000
Description = Nome dell'applicazione che ha generato l'errore: Illustrator.exe,
versione: 15.0.0.399, timestamp: 0x4bad3bbf Nome del modulo che ha generato l'errore:
AGM.dll, versione: 4.20.68.7602, timestamp: 0x4b980061 Codice eccezione: 0xc0000005
Offset
errore 0x002cce50 ID processo che ha generato l'errore: 0xd30 Ora di avvio dell'applicazione
che ha generato l'errore: 0x01cdc3060f4b0691 Percorso dell'applicazione che ha generato
l'errore: C:\Program Files (x86)\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Illustrator.exe
Percorso
del modulo che ha generato l'errore: C:\Program Files (x86)\Adobe\Adobe Illustrator
CS5\Support Files\Contents\Windows\AGM.dll ID segnalazione: ffcd0a9f-2f00-11e2-8cf7-b934e9a0e8d5

Error - 15/11/2012 06:08:08 | Computer Name = HpPavilion | Source = SideBySide | ID = 16842827
Description = Generazione del contesto di attivazione non riuscita per "C:\Program
Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Errore nel
file manifesto o dei criteri "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe",
riga 2. Non sono consentiti pi elementi requestedPrivileges nel manifesto.

Error - 15/11/2012 07:10:03 | Computer Name = HpPavilion | Source = Application Error | ID = 1000
Description = Nome dell'applicazione che ha generato l'errore: Illustrator.exe,
versione: 15.0.0.399, timestamp: 0x4bad3bbf Nome del modulo che ha generato l'errore:
AGM.dll, versione: 4.20.68.7602, timestamp: 0x4b980061 Codice eccezione: 0xc0000005
Offset
errore 0x002cce50 ID processo che ha generato l'errore: 0x1338 Ora di avvio dell'applicazione
che ha generato l'errore: 0x01cdc30dc900541a Percorso dell'applicazione che ha generato
l'errore: C:\Program Files (x86)\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Illustrator.exe
Percorso
del modulo che ha generato l'errore: C:\Program Files (x86)\Adobe\Adobe Illustrator
CS5\Support Files\Contents\Windows\AGM.dll ID segnalazione: 00a7959f-2f15-11e2-8cf7-b934e9a0e8d5

Error - 15/11/2012 16:48:17 | Computer Name = HpPavilion | Source = VSS | ID = 8193
Description =

[ Hewlett-Packard Events ]
Error - 08/05/2010 09:54:44 | Computer Name = HpPavilion | Source = Hewlett-Packard | ID = 0
Description = it-IT Impossibile trovare il file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib in System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) in System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) in System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) in System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

in System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) in System.IO.StreamReader..ctor(String path, Encoding encoding)

in System.IO.File.ReadAllText(String path, Encoding encoding) in n.a(Object
A_0, EventArgs A_1)

Error - 08/05/2010 09:54:45 | Computer Name = HpPavilion | Source = Hewlett-Packard | ID = 0
Description = it-IT Impossibile trovare il file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib in System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) in System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) in System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) in System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

in System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) in System.IO.StreamReader..ctor(String path, Encoding encoding)

in System.IO.File.ReadAllText(String path, Encoding encoding) in n.a(Object
A_0, EventArgs A_1)

Error - 04/06/2010 02:13:38 | Computer Name = HpPavilion | Source = Hewlett-Packard | ID = 0
Description = it-IT Accesso negato System in System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) in n.c()

Error - 04/06/2010 02:15:46 | Computer Name = HpPavilion | Source = Hewlett-Packard | ID = 0
Description = it-IT Accesso negato System in System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) in n.c()

Error - 04/07/2010 17:26:11 | Computer Name = HpPavilion | Source = Hewlett-Packard | ID = 0
Description = it-IT Impossibile trovare il file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib in System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) in System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) in System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) in System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

in System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) in System.IO.StreamReader..ctor(String path, Encoding encoding)

in System.IO.File.ReadAllText(String path, Encoding encoding) in n.a(Object
A_0, EventArgs A_1)

Error - 21/01/2011 15:53:25 | Computer Name = HpPavilion | Source = Hewlett-Packard | ID = 0
Description = it-IT Impossibile trovare il file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib in System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) in System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) in System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) in System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

in System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) in System.IO.StreamReader..ctor(String path, Encoding encoding)

in System.IO.File.ReadAllText(String path, Encoding encoding) in n.a(Object
A_0, EventArgs A_1)

Error - 21/01/2011 15:53:25 | Computer Name = HpPavilion | Source = Hewlett-Packard | ID = 0
Description = it-IT Impossibile trovare il file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib in System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) in System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) in System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) in System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

in System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) in System.IO.StreamReader..ctor(String path, Encoding encoding)

in System.IO.File.ReadAllText(String path, Encoding encoding) in n.a(Object
A_0, EventArgs A_1)

Error - 03/02/2011 13:11:50 | Computer Name = HpPavilion | Source = Hewlett-Packard | ID = 0
Description = it-IT Impossibile trovare il file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib in System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) in System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) in System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) in System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

in System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) in System.IO.StreamReader..ctor(String path, Encoding encoding)

in System.IO.File.ReadAllText(String path, Encoding encoding) in n.a(Object
A_0, EventArgs A_1)

Error - 03/02/2011 13:11:51 | Computer Name = HpPavilion | Source = Hewlett-Packard | ID = 0
Description = it-IT Impossibile trovare il file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib in System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) in System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) in System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) in System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

in System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) in System.IO.StreamReader..ctor(String path, Encoding encoding)

in System.IO.File.ReadAllText(String path, Encoding encoding) in n.a(Object
A_0, EventArgs A_1)

Error - 07/04/2011 12:16:56 | Computer Name = HpPavilion | Source = Hewlett-Packard | ID = 0
Description = it-IT Impossibile trovare il file 'C:\Program Files (x86)\Hewlett-Packard\HP
Support Framework\Logs\SystemInfoAA.xml'. mscorlib in System.IO.__Error.WinIOError(Int32
errorCode, String maybeFullPath) in System.IO.FileStream.Init(String path, FileMode
mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy) in System.IO.FileStream..ctor(String path, FileMode mode,
FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
msgPath, Boolean bFromProxy) in System.IO.FileStream..ctor(String path, FileMode
mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

in System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
Int32 bufferSize) in System.IO.StreamReader..ctor(String path, Encoding encoding)

in System.IO.File.ReadAllText(String path, Encoding encoding) in n.a(Object
A_0, EventArgs A_1)

[ Media Center Events ]
Error - 23/07/2012 04:07:04 | Computer Name = HpPavilion | Source = MCUpdate | ID = 0
Description = 10:07:00 - Errore di connessione a Internet. 10:07:00 - Impossibile
contattare il server..

Error - 24/07/2012 04:52:05 | Computer Name = HpPavilion | Source = MCUpdate | ID = 0
Description = 10:52:05 - Errore di connessione a Internet. 10:52:05 - Impossibile
contattare il server..

Error - 24/07/2012 04:52:15 | Computer Name = HpPavilion | Source = MCUpdate | ID = 0
Description = 10:52:10 - Errore di connessione a Internet. 10:52:10 - Impossibile
contattare il server..

Error - 24/07/2012 06:52:58 | Computer Name = HpPavilion | Source = MCUpdate | ID = 0
Description = 12:52:53 - Impossibile recuperare Broadband (Errore: Connessione sottostante
chiusa: Errore imprevisto durante un'operazione di ricezione..)

Error - 24/07/2012 08:46:47 | Computer Name = HpPavilion | Source = MCUpdate | ID = 0
Description = 14:46:40 - Errore di connessione a Internet. 14:46:41 - Impossibile
contattare il server..

Error - 24/07/2012 09:47:39 | Computer Name = HpPavilion | Source = MCUpdate | ID = 0
Description = 15:47:08 - Errore di connessione a Internet. 15:47:08 - Impossibile
contattare il server..

Error - 25/07/2012 04:37:07 | Computer Name = HpPavilion | Source = MCUpdate | ID = 0
Description = 10:37:07 - Errore di connessione a Internet. 10:37:07 - Impossibile
contattare il server..

Error - 25/07/2012 04:37:26 | Computer Name = HpPavilion | Source = MCUpdate | ID = 0
Description = 10:37:13 - Errore di connessione a Internet. 10:37:13 - Impossibile
contattare il server..

Error - 30/07/2012 09:54:54 | Computer Name = HpPavilion | Source = MCUpdate | ID = 0
Description = 15:54:54 - Errore di connessione a Internet. 15:54:54 - Impossibile
contattare il server..

Error - 30/07/2012 09:55:03 | Computer Name = HpPavilion | Source = MCUpdate | ID = 0
Description = 15:54:59 - Errore di connessione a Internet. 15:54:59 - Impossibile
contattare il server..

[ System Events ]
Error - 15/11/2012 16:27:04 | Computer Name = HpPavilion | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Errore durante il tentativo di lettura del file degli host locali.

Error - 15/11/2012 17:00:04 | Computer Name = HpPavilion | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Errore durante il tentativo di lettura del file degli host locali.

Error - 15/11/2012 17:00:49 | Computer Name = HpPavilion | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Errore durante il tentativo di lettura del file degli host locali.

Error - 15/11/2012 17:00:49 | Computer Name = HpPavilion | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Errore durante il tentativo di lettura del file degli host locali.

Error - 15/11/2012 17:00:49 | Computer Name = HpPavilion | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Errore durante il tentativo di lettura del file degli host locali.

Error - 15/11/2012 17:00:50 | Computer Name = HpPavilion | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Errore durante il tentativo di lettura del file degli host locali.

Error - 15/11/2012 17:00:50 | Computer Name = HpPavilion | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Errore durante il tentativo di lettura del file degli host locali.

Error - 15/11/2012 17:00:50 | Computer Name = HpPavilion | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Errore durante il tentativo di lettura del file degli host locali.

Error - 15/11/2012 17:00:51 | Computer Name = HpPavilion | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Errore durante il tentativo di lettura del file degli host locali.

Error - 15/11/2012 17:00:53 | Computer Name = HpPavilion | Source = Microsoft-Windows-DNS-Client | ID = 1012
Description = Errore durante il tentativo di lettura del file degli host locali.


< End of report >

RKreport:
RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Lore [Admin rights]
Mode : Scan -- Date : 11/15/2012 22:10:34

Bad processes : 0

Registry Entries : 10
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{50E4BE42-8E7B-496F-AF33-B1979F3ADD22} : NameServer (176.31.229.24,176.31.229.25) -> FOUND
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{B9AB24AA-779C-44C1-B741-527439496312} : NameServer (176.31.229.24,176.31.229.25) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{50E4BE42-8E7B-496F-AF33-B1979F3ADD22} : NameServer (176.31.229.24,176.31.229.25) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{B9AB24AA-779C-44C1-B741-527439496312} : NameServer (176.31.229.24,176.31.229.25) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver : [NOT LOADED]

HOSTS File:
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net


MBR Check:

+++++ PhysicalDrive0: TOSHIBA MK5056GSY +++++
--- User ---
[MBR] a4b16d4330d227ad6691321c387ad58f
[BSP] fe2c5f9259ea02958488d25f3653a56d : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 459644 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 941760512 | Size: 16992 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 2cf0b128e71abac0c7dd33f334cceafe
[BSP] fa37ad38ebaf60691bb97dcc455ea04f : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 409600 | Size: 69632 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 143015936 | Size: 25000 Mo
2 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 194215936 | Size: 600 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 195444736 | Size: 200 Mo

Finished : << RKreport[1]_S_11152012_02d2210.txt >>
RKreport[1]_S_11152012_02d2210.txt
  • 0

#4
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hi there-
Next time you post log files for me, please copy and paste them in just like you did with the combofix log. I pasted in the last set - makes it easier for me to research them. :)
I see a few things wrong and would like to remove them.

Programs to uninstall --
Please click on the Start Orb, select Control Panel and click Uninstall a program
In that list I would like you to uninstall these programs:
  • Java 6 Update 18
  • Java 6 Update 20
  • Java 6 Update 22
  • Java 6 Update 35
They are all older versions of Java and are vulnerable.

Now while you are in there, please consider removing these programs as well --
  • PCtuneup
  • pccleaner
  • ccleaner
  • Tuneup Utilities 2013
These programs all have features to "clean" or "optimize" the registry - this is never a good idea, cleaning the registry at best will do nothing, and at worst can break your computer to the point that it won't boot any more. At best, if you decide to keep them, please stay away from the registry cleaning features.

I don't know much about this program Anvi Smart Defender 1.6 - but I do believe that you will have to disable it while we are doing any fixes. I have read good and bad about it. For what it does do, I would replace it with the paid version of MalwareBytes, I know that is a quality product.

I notice that you have one or more P2P (Peer to Peer) file sharing programs installed on your computer.
  • utorrent
This is a very easy way to get infected, as many of the files that can be downloaded with these P2P programs are infected with all sorts of malware.
You put your system at a very big risk by downloading these files, and that is why we recommend
that you remove these programs from your computer.
If you do not want to remove them, please DO NOT use them while we are cleaning your machine.

If you need any help removing them I will be glad to assist you.

Finally, can you tell me what anti virus products you were using in the past, before you installed Kaspersky?

Now for the fix:
Step 1
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL by right clicking on the icon and selecting Run as Administrator
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :OTL
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2645238
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
    IE - HKU\S-1-5-21-1323424393-2790944153-2253339693-1004\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://search.babylo...000c417fe195bfe
    IE - HKU\S-1-5-21-1323424393-2790944153-2253339693-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...000c417fe195bfe
    IE - HKU\S-1-5-21-1323424393-2790944153-2253339693-1004\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKU\S-1-5-21-1323424393-2790944153-2253339693-1004\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKU\S-1-5-21-1323424393-2790944153-2253339693-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000c417fe195bfe
    [2012/09/18 20:30:49 | 000,000,000 | ---D | M] -- C:\Users\Lore\AppData\Roaming\Babylon
    :commands
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

Step 2
Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it
Posted Image

Click the [Scan] button to start scan
Posted Image

On completion of the scan click [Save log], save it to your desktop and post in your next reply

Step 3
Download AdwCleaner from here to your desktop
Run AdwCleaner (by right clicking on the icon and selecting Run as Administrator) and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please post that

In your next reply I would like to see:
  • OTL fix log
  • ASWmbr log file
  • ADWCleaner log file
  • Answers to my questions
  • How is your computer running now?

  • 0

#5
LorPio

LorPio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I need some additional help, i can't download ASWmbr.exe. My internet connection drops down while trying to download the file.
As a precaution i decided not to go to step 3.

I uninstalled Anvi Smart Defender. I'm thinking of get rid of the other programs but i'm not an expert user and i need them to keep my pc efficient (am i wrong?)
To answer your question: AdAware, AVG, Avast, Avira.

This is the log i got from OTL. I repeated it twice, because i made an error while copying the code("Error: Unable..."):

All processes killed
Error: Unable to interpret <Under the Custom Scans/Fixes box at the bottom, paste in the following> in the current context!
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1323424393-2790944153-2253339693-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\BrowserMngr Start Page| /E : value set successfully!
HKU\S-1-5-21-1323424393-2790944153-2253339693-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-1323424393-2790944153-2253339693-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-1323424393-2790944153-2253339693-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1323424393-2790944153-2253339693-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
C:\Users\Lore\AppData\Roaming\Babylon folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lore
->Temp folder emptied: 29203315 bytes
->Temporary Internet Files folder emptied: 49073131 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 66109145 bytes
->Google Chrome cache emptied: 7295679 bytes
->Flash cache emptied: 57015 bytes

User: Lorenzo
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2337947 bytes
->Java cache emptied: 29427239 bytes
->Google Chrome cache emptied: 347555204 bytes
->Flash cache emptied: 79500 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1715819 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 62503513 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 700669 bytes
RecycleBin emptied: 366742823 bytes

Total Files Cleaned = 918,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11172012_093045

Files\Folders moved on Reboot...
C:\Users\Lore\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1323424393-2790944153-2253339693-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\BrowserMngr Start Page| /E : value set successfully!
HKU\S-1-5-21-1323424393-2790944153-2253339693-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-1323424393-2790944153-2253339693-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-1323424393-2790944153-2253339693-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1323424393-2790944153-2253339693-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Folder C:\Users\Lore\AppData\Roaming\Babylon\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Lore
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 12013083 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 602 bytes

User: Lorenzo
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 304676 bytes

Total Files Cleaned = 12,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11172012_094119

Files\Folders moved on Reboot...
C:\Users\Lore\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#6
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hi there-
Please do go ahead with ADWcleaner, I will put the instructions in this post.
All of those programs I recommended that you uninstall are not doing anything positive for your computer, and they might even be the cause of some of your issues. I personally stay far away from any program that claims to clean or optimize the registry.
If you don't want to uninstall them, that's ok, but please don't use them while we are fixing the machine.

First off I would like you to run the removal tools for all of the old anti virus programs you used. They usually leave parts behind that can confilct with each other, and your current anti virus.

Step 1
Please download the AVG removal tool from here, download it to your desktop, then right click on the icon and select Run as Administrator. The program may or may not require you to restart your computer, please do so.

Next, please download the avast! removal tool from here, download it to your desktop but don't run it yet.
  • Restart Windows in Safe Mode
  • Now run aswclear.exe
  • If you installed avast! in a different folder than the default, browse for it. (Note: Be careful! The content of any folder you choose will be deleted!)
  • Click REMOVE
  • Restart your computer

Next up,
download the Avira removal tool from here, download it to your desktop.
Right click on the icon and select Run as Administrator
Follow the instructions on the screen, and reboot your computer if asked to.

Step 2
This is the tool from my previous post, let's run it now.

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

Step 3
Now let's try aswmbr once again - if you can't download it please let me know.
Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it
Posted Image

Click the [Scan] button to start scan
Posted Image

On completion of the scan click [Save log], save it to your desktop and post in your next reply

In your next reply I would like to see:
  • ADWCleaner log file
  • ASWmbr log file
  • What are the current issues with your computer?

  • 0

#7
LorPio

LorPio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I really appreciate your effort and i'm thankful for your advice: i'll have them removed. I cannot download ASWmbr.exe.
However, i followed your indications. This is the result from ADWCleaner:

# AdwCleaner v2.007 - Logfile creato il 17/11/2012 alle 16:38:05
# Aggiornamento 06/11/2012 by Xplode
# Sistema Operativo : Windows 7 Home Premium Service Pack 1 (64 bits)
# Utente : Lore - HPPAVILION
# Modalit Avvio : Modalit Normale
# Eseguito da : C:\Users\Lore\Desktop\AdwCleaner.exe
# Opzioni [Elimina]


***** [Servizi] *****


***** [File / Cartelle] *****

Cartella Eliminato : C:\Program Files (x86)\Conduit
Cartella Eliminato : C:\ProgramData\Ask
Cartella Eliminato : C:\ProgramData\Browser Manager
Cartella Eliminato : C:\Users\Lore\AppData\Local\Conduit
Cartella Eliminato : C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Cartella Eliminato : C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Cartella Eliminato : C:\Users\Lore\AppData\Local\Wajam
Cartella Eliminato : C:\Users\Lore\AppData\LocalLow\BabylonToolbar
Cartella Eliminato : C:\Users\Lore\AppData\LocalLow\Conduit
Cartella Eliminato : C:\Users\Lorenzo\AppData\LocalLow\Conduit
Cartella Eliminato : C:\Users\Lorenzo\AppData\Roaming\widestream
Cartella Eliminato : C:\Windows\Installer\{835525BE-63BD-4EC4-9425-00CEAD4849C2}
File Eliminato : C:\user.js

***** [Registro] *****

Chiave Eliminata : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Chiave Eliminata : HKCU\Software\AppDataLow\Software\SmartBar
Chiave Eliminata : HKCU\Software\Ask&Record
Chiave Eliminata : HKCU\Software\BrowserMngr
Chiave Eliminata : HKCU\Software\Iminent
Chiave Eliminata : HKCU\Software\Microsoft\Babylon
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Chiave Eliminata : HKCU\Software\Softonic
Chiave Eliminata : HKLM\Software\Babylon
Chiave Eliminata : HKLM\Software\BrowserMngr
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Prod.cap
Chiave Eliminata : HKLM\Software\Conduit
Chiave Eliminata : HKLM\Software\DataMngr
Chiave Eliminata : HKLM\Software\Iminent
Chiave Eliminata : HKLM\Software\Messenger Plus!\OpenCandy
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Chiave Eliminata : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Valore Eliminata : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]

***** [Browser Internet] *****

-\\ Internet Explorer v9.0.8112.16421

Sostituito : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=110823&tt=120912_ccp_3812_4&babsrc=NT_ss&mntrId=8acc3162000000000000c417fe195bfe --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.2 (en-US)

Nome Profilo : default
File : C:\Users\Lore\AppData\Roaming\Mozilla\Firefox\Profiles\iay7jgac.default\prefs.js

[OK] File Pulito.

-\\ Google Chrome v23.0.1271.64

File : C:\Users\Lorenzo\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File Pulito.

File : C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File Pulito.

*************************

AdwCleaner[S1].txt - [13574 octets] - [17/11/2012 16:38:05]

########## EOF - C:\AdwCleaner[S1].txt - [13635 octets] ##########
  • 0

#8
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
What happens when you try to download aswmbr? Is there an error message, or perhaps your anti virus blocking it?
  • 0

#9
LorPio

LorPio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi, Crowbar. Problem fixed. Here is the log:

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-18 14:39:44
-----------------------------
14:39:44.704 OS Version: Windows x64 6.1.7601 Service Pack 1
14:39:44.704 Number of processors: 4 586 0x2502
14:39:44.704 ComputerName: HPPAVILION UserName: Lore
14:39:46.155 Initialize success
14:41:46.562 AVAST engine defs: 12111800
14:42:24.111 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:42:24.111 Disk 0 Vendor: TOSHIBA_ LH00 Size: 476940MB BusType: 3
14:42:24.142 Disk 0 MBR read successfully
14:42:24.142 Disk 0 MBR scan
14:42:24.158 Disk 0 unknown MBR code
14:42:24.174 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
14:42:24.189 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459644 MB offset 409600
14:42:24.220 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16992 MB offset 941760512
14:42:24.236 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
14:42:24.267 Disk 0 scanning C:\Windows\system32\drivers
14:42:33.066 Service scanning
14:42:56.793 Modules scanning
14:42:56.793 Disk 0 trace - called modules:
14:42:56.824 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys sptd.sys hal.dll
14:42:56.840 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007000060]
14:42:56.840 3 CLASSPNP.SYS[fffff88000fd143f] -> nt!IofCallDriver -> [0xfffffa8006e8eb10]
14:42:56.856 5 hpdskflt.sys[fffff88002fda189] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a8d050]
14:42:58.072 AVAST engine scan C:\Windows
14:43:00.896 AVAST engine scan C:\Windows\system32
14:45:25.150 AVAST engine scan C:\Windows\system32\drivers
14:45:37.318 AVAST engine scan C:\Users\Lore
14:51:38.957 AVAST engine scan C:\ProgramData
14:53:30.373 Scan finished successfully
14:53:34.678 Disk 0 MBR has been saved successfully to "C:\Users\Lore\Desktop\MBR.dat"
14:53:34.678 The log file has been saved successfully to "C:\Users\Lore\Desktop\aswMBR.txt"
  • 0

#10
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hi LorPio,
The aswmbr log looks good - What are the current symptoms on this computer?
  • 0

Advertisements


#11
LorPio

LorPio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I'm a designer, and i work a lot with Adobe products. The pc performance has slowed down in the last two-three months (browser speed, startup, ecc.) . It's not an infection that causes it... what should i do now? I bought it on January 2010, it's not that old.
  • 0

#12
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hi,
3 years old is not really old for a computer, but I would not call it new either! Middle aged, but it should function properly.

At this point, let's make sure there is no malware present, and then try to make things run a little better.

I would like to do a sweep for any lingering malware files

Step 1
Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 2
Posted Image Please run Malwarebytes' Anti-Malware

  • Go to the Update tab and check for updates, please install any updates found.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 3
Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image
You will however need to disable your current installed Anti-Virus, how to do so can be read here.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files (x86)/ESET/ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

In your next reply I would like to see:
  • Checkup.txt log
  • MalwareBytes log
  • Eset Online scan log - make sure you save the log file, it's easy to miss that part.

  • 0

#13
LorPio

LorPio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi,
I get this message from Eset: "Can not get updated. Is proxy configured?". Under Connections - LAN settings - "Use a proxy..." was NOT checked.

Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware versione 1.65.1.1000
TuneUp Utilities 2013
TuneUp Utilities Language Pack (en-US)
TuneUp Utilities Language Pack (it-IT)
TuneUp Utilities 2013
MyPcCleaner versione 1.0
JavaFX 2.1.1
Java 7 Update 9
Adobe Flash Player 11.5.502.110
Adobe Reader X (10.1.4)
Mozilla Firefox (16.0.2)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Internet Security 2013 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Versione database: v2012.11.19.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lore :: HPPAVILION [amministratore]

20/11/2012 08:54:34
mbam-log-2012-11-20 (08-54-34).txt

Tipo di scansione: Scansione veloce
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 248411
Tempo impiegato: 3 minuti, 13 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 0
(non sono stati rilevati elementi nocivi)

(fine)
  • 0

#14
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,130 posts
Hi again,
Never mind the ESET scan, let's try a different one - Important point now is to not remove anything that it finds, I will do that manually if there is a need to.

Please run a Bitdefender Online Virus Scan by following the instructions below:
  • Click this link to visit the Bitdeneder Online Virus Scan website.
  • Click on the green start scanner button near the top of the screen.
  • Click the green Scan now button (you may need to scroll down to see it).
  • A little yellowish bar may pop up at the top or the bottom of the page to notify you that the website is trying to install an add-on. Click on that yellowish bar and select to install the add-on.
  • If you had to install the add-on, then Internet Explorer may reload the page, and if so you will be back on step 2. Repeat steps 2 thru 4 again.
  • You may now be presented with a Security Warning popup asking if you want to install something from Bitdefender. Go ahead and click the Install button.
  • You should now be asked to accept the license agreement. You will need to click the I ACCEPT box in the lower-left corner before you can click on the OK button to continue.
  • The scan will begin running. This could take more than a few minutes.
  • Once it is done, it will tell you whether or not it found anything. Avoid removing anything for now, and click on the View report link. The link is kind of small and is toward the bottom, it's kind of easy to miss, but it's there.
  • Notepad will open with a copy of the report. Please save this on your desktop, and paste it into your next reply.

  • 0

#15
LorPio

LorPio

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi, result of the scan: no infection found.

QuickScan 32-bit v0.9.9.119
---------------------------
Data Scansione: Wed Nov 21 20:09:29 2012
ID del PC: 8ACC3162



Nessuna infezione trovata.
--------------------------



Processi
--------
Firefox 872 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Firefox 3564 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Kaspersky Anti-Virus 2192 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(verificato) CyberLink MediaLibray Service 3872 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe


Autoruns e files critici
------------------------
Apple Push C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
Kaspersky Anti-Virus C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(verificato) Google Update C:\Users\Lore\AppData\Local\Google\Update\GoogleUpdate.exe
(verificato) Sistema operativo Microsoft® Windows® c:\windows\system32\userinit.exe
(verificato) Windows® Internet Explorer c:\windows\syswow64\webcheck.dll


Browser plugins
---------------
Bitdefender QuickScan C:\Users\Lore\AppData\Roaming\Mozilla\Firefox\Profiles\iay7jgac.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
Java Deployment Toolkit 7.0.90.5 C:\Windows\SysWOW64\npdeployJava1.dll
Kaspersky Anti-Virus c:\program files (x86)\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll
Kaspersky Anti-Virus c:\program files (x86)\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll
Kaspersky Anti-Virus c:\program files (x86)\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
Kaspersky Anti-Virus c:\program files (x86)\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
Kaspersky Anti-Virus C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin\npUrlAdvisor.dll
Kaspersky Anti-Virus C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin\online_banking_npapi.dll
Kaspersky Anti-Virus C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin\content_blocker_npapi.dll
Kaspersky Anti-Virus C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin\npVKPlugin.dll
Kaspersky Anti-Virus C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin\npABPlugin.dll
Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
NPSWF32_11_5_502_110.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
Windows® Internet Explorer c:\windows\syswow64\ieframe.dll
(non contrassegnato) i-drop control C:\Windows\Downloaded Program Files\IDrop.ocx
(non contrassegnato) i-drop control C:\Windows\Downloaded Program Files\IDropENU.dll
(non contrassegnato) VLC Web Plugin C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

(verificato) Wacom Dynamic Link Library C:\Program Files (x86)\TabletPlugins\npwacom.dll
(verificato) AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
(verificato) Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
(verificato) Adobe PDF Toolbar for IE c:\program files (x86)\common files\adobe\acrobat\activex\acroiefavclient.dll
(verificato) Bitdefender QuickScan C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\npqscan.dll
(verificato) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
(verificato) ECOM Loader C:\Windows\Downloaded Program Files\ecmldr32.dll
(verificato) ECOM Server C:\Windows\Downloaded Program Files\ecmsvr32.dll
(verificato) Google Update C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
(verificato) Google Update C:\Users\Lore\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
(verificato) i-drop control C:\Windows\Downloaded Program Files\IDropITA.dll
(verificato) Java™ Platform SE 7 U9 c:\program files (x86)\java\jre7\bin\jp2ssv.dll
(verificato) Java™ Platform SE 7 U9 C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
(verificato) Java™ Platform SE 7 U9 c:\program files (x86)\java\jre7\bin\ssv.dll
(verificato) Microsoft Search Enhancement Pack c:\program files (x86)\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll
(verificato) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verificato) NAVAPI C:\Windows\Downloaded Program Files\navapi32.dll
(verificato) Nokia Suite Enabler Plugin C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
(verificato) Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
(verificato) Sistema operativo Microsoft® Windows® C:\Windows\system32\mswsock.dll
(verificato) Sistema operativo Microsoft® Windows® C:\Windows\system32\napinsp.dll
(verificato) Sistema operativo Microsoft® Windows® C:\Windows\system32\pnrpnsp.dll
(verificato) Skype Toolbars c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
(verificato) Symantec Antivirus Engine C:\Windows\Downloaded Program Files\naveng32.dll
(verificato) Symantec Antivirus Engine C:\Windows\Downloaded Program Files\navex32a.dll
(verificato) Symantec Security Check C:\Windows\Downloaded Program Files\avsniff.dll
(verificato) Symantec Security Check C:\Windows\Downloaded Program Files\rufsi.dll
(verificato) TODO: <Product name> C:\Windows\Downloaded Program Files\avsniffdlgs.dll


Files persi
-----------
File non trovato: c:\progra~3\browse~1\23787~1.43\{16cdf~1\browsemngr.dll
--> HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\"AppInit_DLLs"


Scansione
---------
MD5: d2dad71c96c113ed07f7bb79ad831c28 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
MD5: 587efd6a3a30a35a27904d21ae1fb882 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
MD5: c7c3d8e1147755147c27d3f436493f8c C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com\components\anti_banner_native_proxy.dll
MD5: 517f21cbba33954464e68ecc53f9297b c:\program files (x86)\kaspersky lab\kaspersky internet security 2013\ieext\contentblocker\ie_content_blocker_plugin.dll
MD5: 1d9fdaeaf878506cb826bc9dbdacb3d9 c:\program files (x86)\kaspersky lab\kaspersky internet security 2013\ieext\onlinebanking\online_banking_bho.dll
MD5: 5dc1c94dbcf4054318da1dd8a10f0f0a c:\program files (x86)\kaspersky lab\kaspersky internet security 2013\ieext\urladvisor\klwtbbho.dll
MD5: ee3a2c6b274a7f735b69c7566a3aae5a c:\program files (x86)\kaspersky lab\kaspersky internet security 2013\ieext\virtualkeyboard\ie_virtual_keyboard_plugin.dll
MD5: 4069a06436494c4de12f65477bb92ebe C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
MD5: e60e9d5f229cb8da347d48add6e8dc47 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
MD5: 340a842b7c5d21e08bfcbb7f9b58139d C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
MD5: b9a5a116229ff8e1d5994f6793eb6a6e C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
MD5: 7ef5d4b34137d053b9f4f843ae796802 C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
MD5: be852d6ad0a67ee9dd28c6f95e5896e1 C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
MD5: cc726292a4fdec2857688ca3c32a510d C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MD5: f9cf7ed9f44176962d182b80ae0c66d4 C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
MD5: 03e9314004f504a14a61c3d364b62f66 C:\Program Files (x86)\Mozilla Firefox\MSVCP100.dll
MD5: 67ec459e42d3081dd8fd34356f7cafc1 C:\Program Files (x86)\Mozilla Firefox\MSVCR100.dll
MD5: cebc736458c1f79c23b1bbc5493db4c2 C:\Program Files (x86)\Mozilla Firefox\nspr4.dll
MD5: e1fbacb92fe471c684546dd9336afef6 C:\Program Files (x86)\Mozilla Firefox\nss3.dll
MD5: f3b8464a02e793fd46bcf6f8f6da878d C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
MD5: a062f4f9f2e2a89f7c0ed75be5ab8d3f C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
MD5: d8474b89fd26b18eed414a42ae5175ac C:\Program Files (x86)\Mozilla Firefox\nssutil3.dll
MD5: a38276867df9ecfac4bae167ba34772d C:\Program Files (x86)\Mozilla Firefox\plc4.dll
MD5: 74e3fd55c2bcfedcecc80121e93ffec5 C:\Program Files (x86)\Mozilla Firefox\plds4.dll
MD5: b204707e5f48e90427da6874e72345f9 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
MD5: 94fb1d160021fe9f54c84ff587273868 C:\Program Files (x86)\Mozilla Firefox\smime3.dll
MD5: 7f1d7cfabb351d8f46a0b94d5787fcf3 C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
MD5: 5914766c39b2d62ce67e2509f78216ab C:\Program Files (x86)\Mozilla Firefox\ssl3.dll
MD5: 7f89683200960ffae7c6f7f99360949c C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
MD5: 819fa5f084b3174cf702320ce58aa7e6 C:\Program Files (x86)\Mozilla Firefox\xul.dll
MD5: aea69af0e4f27aaba1a4df66b43179a3 C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
MD5: 703bd9edb9065388e1cf0064d0a87390 C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin\npUrlAdvisor.dll
MD5: 3a82ee94bbffae6c9f0a06c07ed15d51 C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\plugin\online_banking_npapi.dll
MD5: 080349fe383ee89998f82381a8ff9877 C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin\content_blocker_npapi.dll
MD5: b86bb3a36759b5f587509b3cc96e0d57 C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\plugin\npVKPlugin.dll
MD5: 9b168bcb4d8e467f98197ccaca4a2bcc C:\Users\Lore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\plugin\npABPlugin.dll
MD5: c9e3864fb9cbfa93d9010bcfe18a5697 C:\Users\Lore\AppData\Roaming\Mozilla\Firefox\Profiles\iay7jgac.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: 3001732c8f2dc56aea0d6374727b4f18 C:\Windows\Downloaded Program Files\IDrop.ocx
MD5: 8e8cea4d58bbaa30fdf39ee1936360f2 C:\Windows\Downloaded Program Files\IDropENU.dll
MD5: c940f2f5c60b3727c5f18840735b229c C:\Windows\system32\AUDIOSES.DLL
MD5: 35cede6439ff0d8903223a0817ffe46c C:\Windows\system32\d2d1.dll
MD5: 2de90400a63818fa38c4c5c9adb166bf C:\Windows\system32\d3d10_1.dll
MD5: 9c36a3ca80f9b204c670336d344f5df8 C:\Windows\system32\d3d10_1core.dll
MD5: 81f6c1ae23b1c493d9e996c3103915d7 C:\Windows\system32\dhcpcsvc6.DLL
MD5: a29d734f650f958424743be3baa052c8 C:\Windows\system32\dwrite.dll
MD5: 0411b7958c524bb2e91ee1b3035fe321 C:\Windows\system32\dxgi.dll
MD5: 243974ec02f7ae49e4179c54624143ab C:\Windows\System32\MMDevApi.dll
MD5: 0ba65122ffa7e37564ee86422dbf7ae8 C:\Windows\system32\NLAapi.dll
MD5: 28c3047ae1413ae3cde25235c081c76b C:\Windows\system32\nvwgf2um.dll
MD5: a6b73fcb9496db101f3066caf5a7da4b c:\windows\syswow64\ieframe.dll
MD5: 3178c47db9f1615e5334029607bd3459 C:\Windows\syswow64\iertutil.dll
MD5: 0cb0aa071c7b86a64f361dcfdf357329 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
MD5: a3e477acda2c5a427e56fb075adeb536 C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
MD5: 2c82d753ef779945977c82a3908da20a C:\Windows\SysWOW64\npdeployJava1.dll
MD5: fc4ee980c3bd87d35816ec55007e00b5 C:\Windows\syswow64\urlmon.dll
MD5: 9cb0d2a9a77d91d9614355ee9ff00519 C:\Windows\syswow64\WININET.dll


Nessun file inviato.

Scan finished - communication took 0 sec
Total traffic - 0.00 MB inviati, 0.18 KB ricevuti
Scanned 274 files and modules - 23 seconds

==============================================================================

Edited by LorPio, 21 November 2012 - 01:13 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP