Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Suspected malware disables Windows Security & site redirects

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Suspected malware disables Windows Security & site redir

Unread postby ssantola » May 16th, 2012, 5:45 am

Here're the Contents of OTL.txt log file after OTL Fresh Scan run:

OTL logfile created on: 16/05/2012 11:25:11 - Run 2
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Sheila\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1,87 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 66,28% Memory free
3,73 Gb Paging File | 2,46 Gb Available in Paging File | 65,85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,40 Gb Total Space | 222,46 Gb Free Space | 78,50% Space Free | Partition Type: NTFS

Computer Name: SHEILA-PC | User Name: Sheila | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/11 17:49:00 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Sheila\Desktop\OTL.exe
PRC - [2012/01/04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2011/10/26 23:12:04 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Real\RealPlayer\Update\realsched.exe
PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/12 09:05:36 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programmi\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/05/03 06:43:31 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir Desktop\sched.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/23 17:11:22 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programmi\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/10/12 03:28:18 | 005,249,024 | ---- | M] (Dell Inc.) -- C:\Programmi\Dell\DW WLAN Card\WLTRAY.EXE
PRC - [2010/10/12 03:28:18 | 000,040,960 | ---- | M] (Dell Inc.) -- C:\Programmi\Dell\DW WLAN Card\WLTRYSVC.EXE
PRC - [2010/10/12 03:28:14 | 004,539,392 | ---- | M] (Dell Inc.) -- C:\Programmi\Dell\DW WLAN Card\BCMWLTRY.EXE
PRC - [2010/09/21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programmi\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010/09/21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programmi\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010/06/26 20:09:18 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Programmi\Freecorder\FLVSrvc.exe
PRC - [2010/05/20 02:39:42 | 000,206,336 | ---- | M] (Microsoft) -- C:\dell\DBRM\Reminder\DbrmTrayicon.exe
PRC - [2010/04/06 22:35:04 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Programmi\IDT\WDM\sttray.exe
PRC - [2010/04/06 22:35:04 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe
PRC - [2010/03/30 15:13:06 | 000,389,120 | R--- | M] (Teleca) -- C:\Programmi\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programmi\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/17 16:22:52 | 001,019,904 | R--- | M] (Teleca Sweden AB) -- C:\Programmi\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
PRC - [2010/03/17 16:08:22 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Programmi\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
PRC - [2010/03/17 16:08:04 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Programmi\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
PRC - [2010/01/15 17:26:52 | 003,873,648 | ---- | M] (Dell Inc.) -- C:\Programmi\Dell\QuickSet\quickset.exe
PRC - [2010/01/14 23:11:21 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/11 15:50:34 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Programmi\Common Files\Teleca Shared\Generic.exe
PRC - [2009/11/30 05:41:08 | 000,060,928 | ---- | M] () -- C:\Programmi\STMicroelectronics\Accelerometer\InstallFilterService.exe
PRC - [2009/11/19 17:19:48 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- C:\Programmi\HTC\HTC Sync\Application Launcher\Application Launcher.exe
PRC - [2009/11/04 07:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Programmi\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/11/04 07:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Programmi\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/10/20 09:11:58 | 002,364,704 | ---- | M] (Broadcom Corporation.) -- C:\Programmi\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/10/20 09:11:58 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/10/20 09:11:58 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Programmi\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/07/22 14:52:12 | 002,384,896 | ---- | M] () -- C:\Programmi\STMicroelectronics\Accelerometer\FF_Protection.exe
PRC - [2009/07/14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Windows Media Player\wmpnetwk.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/06 21:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Programmi\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/06/24 23:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Programmi\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/03 10:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Programmi\Common Files\Teleca Shared\logger.exe
PRC - [2009/04/14 13:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Programmi\Common Files\Teleca Shared\CapabilityManager.exe
PRC - [2009/03/02 20:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe
PRC - [2009/02/26 19:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/09 11:32:59 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\82a4878fa9c3f8b634ad38909c99db7c\System.Web.ni.dll
MOD - [2012/05/09 11:32:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 11:32:26 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90d42781d5b19478870e412f7b7c71eb\System.Windows.Forms.ni.dll
MOD - [2012/05/09 11:32:19 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e65dbd1b68789fc21b9fb3c605b699a7\System.Drawing.ni.dll
MOD - [2012/05/09 11:31:57 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/09 11:31:49 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012/04/28 17:31:26 | 002,236,416 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2012/04/28 17:31:26 | 001,396,736 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2012/04/28 17:31:26 | 000,868,352 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2012/04/28 17:31:26 | 000,847,872 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2012/04/28 17:31:26 | 000,782,336 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2012/04/28 17:31:26 | 000,688,128 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2012/04/28 17:31:26 | 000,528,384 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2012/04/28 17:31:26 | 000,462,848 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2012/04/28 17:31:26 | 000,237,568 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2012/04/28 17:31:26 | 000,155,648 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2012/04/28 17:31:26 | 000,143,360 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2012/04/28 17:31:25 | 001,564,672 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2012/04/28 17:31:25 | 000,688,128 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocVistaControls.dll
MOD - [2012/04/28 17:31:25 | 000,471,040 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2012/04/28 17:31:25 | 000,406,016 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2012/04/28 17:31:25 | 000,356,352 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2012/04/28 17:31:25 | 000,315,392 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2012/04/28 17:31:25 | 000,264,192 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2012/04/28 17:31:25 | 000,217,088 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocESUpload.dll
MOD - [2012/04/28 17:31:25 | 000,163,840 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocESEmail.dll
MOD - [2012/04/28 17:31:25 | 000,151,552 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocVistaCDBackup.dll
MOD - [2012/04/28 17:31:25 | 000,129,536 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2012/04/28 17:31:25 | 000,094,208 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocVistaPrintOnLine.dll
MOD - [2012/04/28 17:31:25 | 000,094,208 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2012/04/28 17:31:25 | 000,084,480 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2012/04/28 17:31:25 | 000,062,464 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2012/04/28 17:31:25 | 000,052,224 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2012/04/28 17:31:25 | 000,044,544 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2012/04/28 17:31:25 | 000,010,752 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocVistaAdapter.dll
MOD - [2012/04/28 17:31:25 | 000,009,728 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2012/04/28 17:31:25 | 000,009,728 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\locPcd.dll
MOD - [2012/04/28 17:31:24 | 011,503,616 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2012/04/28 17:31:24 | 000,761,856 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2012/04/28 17:31:24 | 000,684,032 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2012/04/28 17:31:24 | 000,339,968 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2012/04/28 17:31:24 | 000,234,496 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2012/04/28 17:31:24 | 000,171,520 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2012/04/28 17:31:24 | 000,152,576 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2012/04/28 17:31:24 | 000,098,304 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2012/04/28 17:31:24 | 000,084,480 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2012/04/28 17:31:24 | 000,078,848 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2011/07/29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programmi\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programmi\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programmi\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programmi\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/28 23:04:56 | 000,140,800 | ---- | M] () -- C:\Programmi\WinRAR\RarExt.dll
MOD - [2010/03/31 10:08:50 | 000,240,552 | R--- | M] () -- C:\Programmi\HTC\HTC Sync\Mobile Phone Monitor\fsync.dll
MOD - [2010/03/31 10:08:50 | 000,240,552 | R--- | M] () -- C:\Programmi\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll
MOD - [2010/03/17 16:20:30 | 000,139,264 | R--- | M] () -- C:\Programmi\HTC\HTC Sync\Mobile Phone Monitor\tcpsock_object.dll
MOD - [2009/10/20 09:12:10 | 000,132,384 | ---- | M] () -- C:\Programmi\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/07/22 14:52:12 | 002,384,896 | ---- | M] () -- C:\Programmi\STMicroelectronics\Accelerometer\FF_Protection.exe
MOD - [2007/01/11 18:33:20 | 000,106,496 | R--- | M] () -- C:\Programmi\Common Files\Teleca Shared\boost_log-vc80-mt-1_33.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/05 12:00:19 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programmi\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmi\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programmi\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmi\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/12 09:05:36 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programmi\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/07/20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011/05/03 06:43:31 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programmi\Avira\AntiVir Desktop\sched.exe -- (AntiVirScheduler)
SRV - [2011/02/11 23:23:34 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programmi\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/10/19 07:44:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/10/12 03:28:18 | 000,040,960 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2010/09/23 00:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programmi\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/09/21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programmi\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/04/06 22:35:04 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe -- (STacSV)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programmi\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/11/30 05:41:08 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Programmi\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/11/04 07:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programmi\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/11/04 07:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programmi\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/10/20 09:11:58 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programmi\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programmi\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmi\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009/03/02 20:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe -- (AESTFilters)
SRV - [2009/02/26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2005/06/21 22:19:38 | 000,491,520 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\dlcdcoms.exe -- (dlcd_device)


========== Driver Services (SafeList) ==========

DRV - [2011/10/01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/09/12 09:05:38 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/12 09:05:38 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/02/11 23:23:34 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2010/10/12 06:12:56 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/10/12 03:28:13 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2010/09/02 12:08:56 | 000,114,688 | ---- | M] (ONDA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ONDAusbnet.sys -- (ONDAusbnet)
DRV - [2010/09/02 12:08:44 | 000,105,088 | ---- | M] (Onda Communication) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ondausbser6k.sys -- (ONDAusbser6k)
DRV - [2010/09/02 12:08:44 | 000,105,088 | ---- | M] (Onda Communication) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ondausbnmea.sys -- (ONDAusbnmea)
DRV - [2010/09/02 12:08:44 | 000,105,088 | ---- | M] (Onda Communication) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ondausbmdm6k.sys -- (ONDAusbmdm6k)
DRV - [2010/06/17 16:28:21 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/06 22:35:04 | 000,423,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/02/26 10:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/02/03 00:36:34 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Audio schermo Intel(R)
DRV - [2009/09/17 06:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/08/10 05:06:08 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/15 20:05:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/05/28 17:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{AAB8CC18-CCC2-47E3-BCFE-1F7FD48BCBB3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USSMB/11
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://dell.it.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 25 E6 DD 2D 32 33 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {AAB8CC18-CCC2-47E3-BCFE-1F7FD48BCBB3}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sheila\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sheila\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/26 23:12:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/22 20:20:12 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sheila\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sheila\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sheila\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sheila\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Ricerca Google = C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programmi\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programmi\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programmi\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programmi\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [C:\Program Files\Free Video Zilla\FVZilla.exe] File not found
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [FreeFallProtection] C:\Programmi\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] c:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickSet] C:\Programmi\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [RemoteControl9] c:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programmi\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - Startup: C:\Users\Sheila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programmi\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmi\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programmi\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programmi\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/ ... emLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FF36590-FACB-4DD2-AC80-5B7827175BE3}: DhcpNameServer = 192.168.1.1 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C91CA12B-6D6E-4458-9624-76BBD466BEE2}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programmi\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1c16be3c-3774-11e1-89fb-5cac4ceb56f5}\Shell - "" = AutoRun
O33 - MountPoints2\{1c16be3c-3774-11e1-89fb-5cac4ceb56f5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/16 11:21:38 | 000,000,000 | ---D | C] -- C:\Users\Sheila\Desktop\Malware docs
[2012/05/16 09:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/05/16 05:41:37 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dispositivi Bluetooth
[2012/05/11 17:52:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/11 17:48:57 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Sheila\Desktop\OTL.exe
[2012/05/10 09:03:22 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Roaming\InstallShield
[2012/05/10 08:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/05/10 08:31:21 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/05/09 08:12:19 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/05/09 08:12:19 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/05/09 08:12:18 | 002,342,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/05/09 08:12:17 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/05/09 08:12:17 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/05/09 08:12:17 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/05/09 08:12:17 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/05/09 08:12:17 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/05/06 12:03:26 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Local\HTC
[2012/05/06 12:03:25 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Roaming\Teleca
[2012/05/06 12:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\HTC
[2012/05/06 12:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Teleca Shared
[2012/05/06 12:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Teleca
[2012/05/06 12:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2012/05/06 12:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spirent Communications
[2012/05/06 12:02:11 | 000,000,000 | ---D | C] -- C:\Program Files\HTC
[2012/04/29 09:46:03 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Roaming\KodakCredentialStore
[2012/04/28 17:32:34 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Local\KodakGallery
[2012/04/28 17:31:49 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Roaming\Skinux
[2012/04/28 17:31:41 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Local\Programs
[2012/04/28 17:31:08 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Local\ArcSoft
[2012/04/28 17:31:07 | 000,000,000 | ---D | C] -- C:\Users\Sheila\Documents\My Print Creations
[2012/04/28 17:31:07 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Roaming\Arcsoft
[2012/04/28 17:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
[2012/04/28 17:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Print Creations
[2012/04/28 17:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2012/04/28 17:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2012/04/28 17:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2012/04/28 17:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak
[2012/04/28 17:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Kodak
[2012/04/28 17:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012/04/28 17:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2012/04/28 17:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2012/04/26 16:45:16 | 000,000,000 | ---D | C] -- C:\Users\Sheila\Desktop\Linda
[1 C:\Users\Sheila\Desktop\*.tmp files -> C:\Users\Sheila\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/16 11:29:02 | 000,001,164 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-48174127-2646268663-3363889633-1001UA.job
[2012/05/16 11:00:00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/16 09:05:15 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/16 09:05:15 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/16 09:02:44 | 011,784,270 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2012/05/16 09:02:44 | 004,217,266 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/16 09:02:44 | 004,052,288 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2012/05/16 09:02:44 | 003,540,492 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/16 08:57:47 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\hlwttfy.job
[2012/05/16 08:57:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/16 08:57:40 | 1502,617,600 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/16 06:14:20 | 000,000,512 | ---- | M] () -- C:\Users\Sheila\Desktop\MBR.dat
[2012/05/15 07:29:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-48174127-2646268663-3363889633-1001Core.job
[2012/05/12 20:56:44 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2012/05/11 17:49:00 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Sheila\Desktop\OTL.exe
[2012/05/10 09:02:26 | 000,000,834 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012/05/10 08:58:38 | 000,002,569 | ---- | M] () -- C:\Users\Public\Desktop\Dell Backup and Recovery Manager.lnk
[2012/05/10 08:31:21 | 000,002,969 | ---- | M] () -- C:\Users\Sheila\Desktop\HiJackThis.lnk
[2012/05/09 11:30:32 | 000,440,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/08 07:03:17 | 000,141,312 | RHS- | M] () -- C:\Windows\System32\cmifwm.dll
[2012/05/05 12:00:07 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/05 12:00:07 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/05/02 14:30:22 | 000,002,407 | ---- | M] () -- C:\Users\Sheila\Desktop\Google Chrome.lnk
[2012/04/28 17:38:43 | 000,027,648 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2012/04/28 17:38:43 | 000,003,072 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2012/04/28 17:28:07 | 000,002,100 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[1 C:\Users\Sheila\Desktop\*.tmp files -> C:\Users\Sheila\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/16 06:14:20 | 000,000,512 | ---- | C] () -- C:\Users\Sheila\Desktop\MBR.dat
[2012/05/10 08:31:21 | 000,002,969 | ---- | C] () -- C:\Users\Sheila\Desktop\HiJackThis.lnk
[2012/05/08 07:03:17 | 000,141,312 | RHS- | C] () -- C:\Windows\System32\cmifwm.dll
[2012/05/08 07:03:17 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\hlwttfy.job
[2012/04/28 17:31:52 | 000,027,648 | R--- | C] () -- C:\Users\Public\Documents\ESBK.mb
[2012/04/28 17:31:52 | 000,003,072 | R--- | C] () -- C:\Users\Public\Documents\ESBK.mbb
[2012/04/28 17:28:07 | 000,002,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2012/04/28 17:20:03 | 000,000,402 | ---- | C] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2012/04/10 12:30:50 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2011/11/17 21:16:20 | 000,000,128 | ---- | C] () -- C:\Windows\AVIATION.DAT
[2011/09/15 15:38:24 | 000,000,424 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/04/17 14:29:42 | 000,013,312 | ---- | C] () -- C:\Users\Sheila\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/11 23:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/11/22 10:41:32 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2010/10/19 15:59:03 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dlcdcfg.dll
[2010/10/18 23:27:57 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/12 03:35:48 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010/10/12 03:28:27 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010/08/28 03:42:51 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/08/28 02:23:25 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2010/08/28 02:23:25 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/28 02:23:25 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/08/28 02:23:24 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010/08/28 02:23:24 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010/08/28 02:23:24 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/08/28 02:23:24 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

< End of report >

Thanks,
Sheila
ssantola
Regular Member
 
Posts: 16
Joined: May 10th, 2012, 5:29 am
Advertisement
Register to Remove

Re: Suspected malware disables Windows Security & site redir

Unread postby ssantola » May 16th, 2012, 5:51 am

Hi again pgmigg,

I happened to find a file named Extras.txt on my desktop as a result of all the things I did just know and I don't know if you need to see it as well. I'm posting the context of it here, just in case:


OTL Extras logfile created on: 16/05/2012 08:43:57 - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Sheila\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1,87 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 47,08% Memory free
3,73 Gb Paging File | 2,54 Gb Available in Paging File | 68,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,40 Gb Total Space | 222,42 Gb Free Space | 78,48% Space Free | Partition Type: NTFS

Computer Name: SHEILA-PC | User Name: Sheila | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{061B959E-28D5-4125-A80F-7E761F27E854}" = rport=10243 | protocol=6 | dir=out | app=system |
"{134430D7-2BA9-4392-A833-81547AA92481}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1CFD821F-1520-4FD5-9586-A23049567813}" = lport=61116 | protocol=6 | dir=in | name=trend micro client/server security agent update |
"{1E27E9C5-D2BE-4311-ABCB-D4E5245B445F}" = lport=61117 | protocol=17 | dir=in | name=trend micro client/server security agent broadcast |
"{2ED7E13F-A47F-4ABB-BCB1-967B395C49ED}" = lport=138 | protocol=17 | dir=in | app=system |
"{34EA7718-BF0B-4B29-88B9-A5EC844B422B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{37C04A50-40ED-403A-990F-0B7785F188B6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3C2F4CF6-1E67-481B-B389-3FB47206D7A3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D097E76-189F-417B-9EE0-D4DEAB55AAAE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4DA784F5-2169-4CE8-8398-132F3D615802}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{518E0A67-33F6-4E6F-89BF-CF3137D372E7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{52077CD8-7201-4673-92A7-C1D78ECB3441}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{55362264-00E0-4FA9-A15E-E2228D56FF84}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{6186274F-87E7-4EF8-9385-1F039D4BF41F}" = lport=445 | protocol=6 | dir=in | app=system |
"{64E7F670-51CD-4EFB-B37F-FED540E2F056}" = lport=10243 | protocol=6 | dir=in | app=system |
"{69AA0B4E-1A8F-4815-AD47-029A992ACD09}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{71E7DAEB-99C3-490B-99E9-C389A477354E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8018525D-FD2F-47C7-90EF-8668F27ACE43}" = rport=139 | protocol=6 | dir=out | app=system |
"{80D2B3EF-256A-4D0B-AAC8-E2E1BCA7C29F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{90D0EE8E-15EF-445D-8F9D-1A2E19D84964}" = rport=445 | protocol=6 | dir=out | app=system |
"{AA687AF3-D8F4-4939-AE9D-3601DABE298E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{AD40C3DD-B555-43D7-98BF-5218B020B499}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B37DEB14-277D-47DB-A7C0-8977C0065C78}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B8AB5097-D7E2-4C48-86C1-97701D3CAC20}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BD1C810F-FA40-4BF6-A6C8-A87F5DC60FAE}" = lport=137 | protocol=17 | dir=in | app=system |
"{C15BBD6D-0F96-46FC-AFE1-CEA49AC1FF11}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C40A913A-0032-4460-B25D-E9A5F9586818}" = rport=138 | protocol=17 | dir=out | app=system |
"{C990E3D4-2867-46F9-8E68-A09DE4141A7E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DD83E524-EC3A-4AD1-BB2F-3A9A30ED53E3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ED25B26B-98CB-450E-93AD-EA0B9F353BC6}" = rport=137 | protocol=17 | dir=out | app=system |
"{F18CE1A1-3016-44C7-ABAC-1AF27047C117}" = lport=139 | protocol=6 | dir=in | app=system |
"{F35F939C-86DA-4BA9-BF67-DB144492773E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{057957F9-1155-42F6-B6A8-E9BB37AC501F}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{1B533FD7-5E5C-4792-AFF4-911A37305DA1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D1FEBD0-1755-433D-84C2-1FFFAEA5255B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1FA9A0E4-4F11-4747-9EAD-08BCEE9802C4}" = protocol=6 | dir=out | app=system |
"{2153C459-43CA-4063-A790-1DB4F9AC6449}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{220D349A-5030-4707-A842-2078807C59DB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{22A4AF05-0399-4CEA-95B3-F591256A854D}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{27E7C167-E959-4861-B6BD-BD66890111D7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{36747065-5E37-4D3A-B670-4139B622B3B8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{36DF954B-A5E0-443C-8B72-7CC4AF16CA94}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C6DBF95-8A9B-4815-8256-87C1089087FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4B6B5C86-4611-421E-86D3-61137FB90C18}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5CBBED14-75A3-4BD5-A149-77CF3F901710}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{5E17599E-0582-41F0-9771-EEF6EA9261E4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{727275D5-1C0C-4D09-BCBA-0EFC6BD61D22}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7948FA1A-3545-479D-A64D-1B62840B477C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{81DFFBFD-0024-4A46-BCC3-B630A4F707FC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{85A11B21-D78C-42CE-9CDE-A8F29FFE0851}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8FD57B05-2E4A-4A5A-B1B9-32CED42493CA}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{9E4812F0-C034-483C-841E-9879E5B85D10}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AEA83C86-0D91-43BB-9FF9-236A7EE25D88}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BC587086-E11D-44C0-AF10-2B112F99EEC4}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{BD108816-BA39-4B07-8E96-9EEF5E4FB57D}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C47A7742-2305-4FFB-B620-5E6340CDE689}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CA81E812-4C80-4B23-BDFE-1C91B3A24305}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CB337CBF-C2D7-4CEA-BDB4-D848AC9F87F2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D4CE5897-89A7-46E8-920F-22C1F4FC2ED2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D5EA70BE-5BC6-4B22-B950-AF0DAC92C321}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D969634E-D1FB-4264-81D8-776F2891E784}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D9BEFD15-D0F2-4027-A3E1-51619B087466}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{F5BD8385-999C-4FF2-919F-89CBBEE65E49}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F7C6F5F3-FA97-4FE2-9D17-4F45EE4B90CC}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{FDE2742A-0356-40D8-B9A2-B8516687559F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"TCP Query User{6F4EACCB-44D7-4D29-9DA0-4C02B7034BF8}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{980F193A-30AD-465B-895D-1616753B701A}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{C7A43410-9F0E-441A-A0D4-3796B8DBDAD4}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{E26ADFFA-A013-433A-B5E2-DC52EB4CA650}C:\users\sheila\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\sheila\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{F1714823-B269-4F02-A34E-5D91C3405004}C:\program files\free video zilla\fvzilla.exe" = protocol=6 | dir=in | app=c:\program files\free video zilla\fvzilla.exe |
"TCP Query User{F45BBFC5-68DE-47A6-A803-E15CF0DEC2C9}C:\users\sheila\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\sheila\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{07B6925B-40FA-407C-9052-55FD348FB6DC}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{3B8AC868-D100-48B2-B2B8-F3816EA68481}C:\program files\free video zilla\fvzilla.exe" = protocol=17 | dir=in | app=c:\program files\free video zilla\fvzilla.exe |
"UDP Query User{6B3929F6-DF42-4E64-B240-8835A7CAD876}C:\users\sheila\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\sheila\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{8F995018-DFB7-45D0-8A3B-501689A12FD6}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{B9A666C4-2019-4567-A20A-22B0243DA65E}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{C1030DB9-8FFC-40B7-B99E-B4F2D31DAB7E}C:\users\sheila\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\sheila\appdata\local\google\chrome\application\chrome.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{41D6CED7-65E8-4EBB-BB1A-B45E2D8CF6D7}" = Windows Live Family Safety
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B1EDAFC-B0EB-465F-886C-24FAC1BED2AC}" = Windows Live Remote Client Resources
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1" = Poedit
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84814DF6-395C-4E12-A970-9489CDBCE898}" = In Company Second Edition Elementary CD-ROM
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = Accelerometer
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0015-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007
"{90120000-0044-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_ENTERPRISE_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2007
"{90120000-00BA-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-006D-0410-0000-0000000FF1CE}" = Microsoft Office a portata di clic 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = Chiavetta Internet MT191UP
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC0628FF-532F-4800-91EC-40903B04682F}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-1040-7B44-A95000000001}" = Adobe Reader 9.5.1 - Italiano
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7DD783E-EE11-4B68-AF39-71AE2C457015}" = Windows Live Sync
"{B7FB9195-E9FC-4316-930E-D799D5D712F7}" = Dell Backup and Recovery Manager
"{BC4174D1-7970-40E6-AC57-F095F961FB08}" = HTC Sync
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet32
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7DAD22D-29D4-438F-B986-03B9ED582EA4}" = Messenger Companion
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Software Kodak EasyShare
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46BC537-E841-442A-861E-784DB19CA7C3}" = Microsoft Mouse Mischief
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitZipper_is1" = BitZipper 2010
"Dell Photo AIO Printer 944" = Dell Photo AIO Printer 944
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup" = DivX Setup
"DW WLAN Card Utility" = DW WLAN Card Utility
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder4.1" = Freecorder
"HiDownload Platinum_is1" = HiDownloadPlatinum
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.Click2Run" = Microsoft Office a portata di clic 2010
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"RealPlayer 12.0" = RealPlayer
"Recuva" = Recuva
"SynTPDeinstKey" = Dell Touchpad
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR 4.01 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/05/2012 21:05:34 | Computer Name = Sheila-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6271

Error - 15/05/2012 21:05:35 | Computer Name = Sheila-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 15/05/2012 21:05:35 | Computer Name = Sheila-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7410

Error - 15/05/2012 21:05:35 | Computer Name = Sheila-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7410

Error - 15/05/2012 23:41:18 | Computer Name = Sheila-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 15/05/2012 23:41:22 | Computer Name = Sheila-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9350388

Error - 15/05/2012 23:41:22 | Computer Name = Sheila-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9350388

Error - 16/05/2012 02:43:26 | Computer Name = Sheila-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Le stringhe relative alle prestazioni nel valore Performance del Registro
di sistema sono state danneggiate durante l'elaborazione dell'estensione del provider
contatori Performance. Il valore BaseIndex è il primo valore DWORD della sezione
Data, il valore LastCounter è il secondo valore DWORD della sezione Data e il valore
LastHelp è il terzo valore DWORD della sezione Data.

Error - 16/05/2012 02:43:26 | Computer Name = Sheila-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Le stringhe relative alle prestazioni nel valore Performance del Registro
di sistema sono state danneggiate durante l'elaborazione dell'estensione del provider
contatori Performance. Il valore BaseIndex è il primo valore DWORD della sezione
Data, il valore LastCounter è il secondo valore DWORD della sezione Data e il valore
LastHelp è il terzo valore DWORD della sezione Data.

Error - 16/05/2012 02:43:26 | Computer Name = Sheila-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Scaricamento delle stringhe dei contatori delle prestazioni per il
servizio WmiApRpl (WmiApRpl) non riuscito. Il primo valore DWORD nella sezione
Data contiene il codice di errore.

[ OSession Events ]
Error - 25/03/2011 06:20:10 | Computer Name = Sheila-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7591
seconds with 900 seconds of active time. This session ended with a crash.

Error - 13/04/2011 03:04:55 | Computer Name = Sheila-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 05/06/2011 08:23:19 | Computer Name = Sheila-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 50
seconds with 0 seconds of active time. This session ended with a crash.

Error - 05/06/2011 08:23:36 | Computer Name = Sheila-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 05/06/2011 08:24:16 | Computer Name = Sheila-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 20
seconds with 0 seconds of active time. This session ended with a crash.

Error - 05/06/2011 08:24:33 | Computer Name = Sheila-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 04/07/2011 10:39:10 | Computer Name = Sheila-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 100
seconds with 0 seconds of active time. This session ended with a crash.

Error - 04/07/2011 10:39:38 | Computer Name = Sheila-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

Error - 06/02/2012 03:55:43 | Computer Name = Sheila-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 60
seconds with 0 seconds of active time. This session ended with a crash.

Error - 13/05/2012 08:57:31 | Computer Name = Sheila-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 13178
seconds with 9360 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 13/05/2012 03:35:29 | Computer Name = Sheila-PC | Source = Disk | ID = 262155
Description = Il driver ha rilevato un errore del controller su \Device\Harddisk1\DR1.

Error - 13/05/2012 03:35:29 | Computer Name = Sheila-PC | Source = Disk | ID = 262155
Description = Il driver ha rilevato un errore del controller su \Device\Harddisk1\DR1.

Error - 13/05/2012 03:35:30 | Computer Name = Sheila-PC | Source = Disk | ID = 262155
Description = Il driver ha rilevato un errore del controller su \Device\Harddisk1\DR1.

Error - 13/05/2012 03:35:30 | Computer Name = Sheila-PC | Source = Disk | ID = 262155
Description = Il driver ha rilevato un errore del controller su \Device\Harddisk1\DR1.

Error - 13/05/2012 16:57:55 | Computer Name = Sheila-PC | Source = BTHUSB | ID = 327697
Description = Errore indeterminato della scheda Bluetooth locale. Tale scheda non
verrà utilizzata. Il driver è stato scaricato.

Error - 14/05/2012 06:42:19 | Computer Name = Sheila-PC | Source = BTHUSB | ID = 327697
Description = Errore indeterminato della scheda Bluetooth locale. Tale scheda non
verrà utilizzata. Il driver è stato scaricato.

Error - 14/05/2012 06:51:04 | Computer Name = Sheila-PC | Source = EventLog | ID = 6008
Description = Precedente arresto del sistema inatteso a 12:46:25 su ?14/?05/?2012.

Error - 14/05/2012 16:45:48 | Computer Name = Sheila-PC | Source = Service Control Manager | ID = 7034
Description = Arresto imprevista del servizio Audio Service. Questo evento si è
già verificato 1 volta(e).

Error - 15/05/2012 17:23:13 | Computer Name = Sheila-PC | Source = BTHUSB | ID = 327697
Description = Errore indeterminato della scheda Bluetooth locale. Tale scheda non
verrà utilizzata. Il driver è stato scaricato.

Error - 15/05/2012 23:41:21 | Computer Name = Sheila-PC | Source = BTHUSB | ID = 327697
Description = Errore indeterminato della scheda Bluetooth locale. Tale scheda non
verrà utilizzata. Il driver è stato scaricato.


< End of report >
ssantola
Regular Member
 
Posts: 16
Joined: May 10th, 2012, 5:29 am

Re: Suspected malware disables Windows Security & site redir

Unread postby pgmigg » May 16th, 2012, 10:57 am

Thank you, Sheila! :)
Ok, looks like we've finally caught the culprit!
It is nice to hear! :D
But we are not finished yet. Absence of symptoms does not mean that everything is clear. Let continue our treatment...

Step 1.
OTL - Run Fix Script
You should still have OTL.exe on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe, select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Underneath Output at the top, make sure Standard Output is selected.
  3. Copy and Paste the following code into the Image text box. Do not include the word Code
    Code: Select all
    :OTL
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
    
    :Files
    C:\Windows\System32\cmifwm.dll
    C:\Users\Sheila\Desktop\*.tmp
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  4. Click under the Custom Scan/Fixes box and paste the copied text.
  5. Click the Run Fix button. If prompted... click OK.
  6. OTL may ask to reboot the machine. Please do so if asked.
  7. When the scan completes, Notepad will open with the scan results (OTL.txt). The report is saved in the same location as OTL.
  8. Please post the contents of report in your next reply.

Step 2.
Online Virus Total file scan
  1. Please go to Virus Total to upload the following files one by one for scanning:

    C:\Program Files\Uniblue\RegistryBooster\Launcher.exe
    C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe

  2. Press the Choose File button and navigate to the file in the list.
  3. Double click the located file name... The file name should now appear in the online scanner's text entry box.
  4. Click on Scan it! button.
  5. The file will be queued, uploaded and scanned by various antivirus scanners - this may take a few minutes.
      If you receive the message: File has already been analysed:
      Please press the Reanalyse button, so your file will be scanned.
  6. When all scans have completed... the results page is displayed
  7. Please highlight and copy the page web address link from your browser window.
    Example of web address:
    Image
  8. Please repeat steps 2-7 for every file in the list.
  9. Paste the Web address link(s) for the scan results in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the OTL.txt log file after OTL FixScript run
  3. The resulting web links after online file scan by Virus Total.
  4. Do you see any changes in computer behavior?

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Suspected malware disables Windows Security & site redir

Unread postby ssantola » May 16th, 2012, 5:10 pm

Hi pgmigg!

I've just completed the first step so am sending you the text before and after Run Fix.

Here's the OTL output BEFORE Run Fix:

OTL logfile created on: 16/05/2012 22:52:19 - Run 3
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Sheila\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

1,87 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 69,45% Memory free
3,73 Gb Paging File | 2,56 Gb Available in Paging File | 68,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,40 Gb Total Space | 222,39 Gb Free Space | 78,47% Space Free | Partition Type: NTFS

Computer Name: SHEILA-PC | User Name: Sheila | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/11 17:49:00 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Sheila\Desktop\OTL.exe
PRC - [2012/01/04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2011/10/26 23:12:04 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Programmi\Real\RealPlayer\Update\realsched.exe
PRC - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/12 09:05:36 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programmi\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/07/16 06:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/05/03 06:43:31 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir Desktop\sched.exe
PRC - [2011/02/26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/23 17:11:22 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Programmi\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/10/12 03:28:18 | 005,249,024 | ---- | M] (Dell Inc.) -- C:\Programmi\Dell\DW WLAN Card\WLTRAY.EXE
PRC - [2010/10/12 03:28:18 | 000,040,960 | ---- | M] (Dell Inc.) -- C:\Programmi\Dell\DW WLAN Card\WLTRYSVC.EXE
PRC - [2010/10/12 03:28:14 | 004,539,392 | ---- | M] (Dell Inc.) -- C:\Programmi\Dell\DW WLAN Card\BCMWLTRY.EXE
PRC - [2010/09/21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programmi\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010/09/21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programmi\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010/06/26 20:09:18 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Programmi\Freecorder\FLVSrvc.exe
PRC - [2010/05/20 02:39:42 | 000,206,336 | ---- | M] (Microsoft) -- C:\dell\DBRM\Reminder\DbrmTrayicon.exe
PRC - [2010/04/06 22:35:04 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Programmi\IDT\WDM\sttray.exe
PRC - [2010/04/06 22:35:04 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe
PRC - [2010/03/30 15:13:06 | 000,389,120 | R--- | M] (Teleca) -- C:\Programmi\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programmi\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/17 16:22:52 | 001,019,904 | R--- | M] (Teleca Sweden AB) -- C:\Programmi\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
PRC - [2010/03/17 16:08:22 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Programmi\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
PRC - [2010/03/17 16:08:04 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Programmi\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
PRC - [2010/01/15 17:26:52 | 003,873,648 | ---- | M] (Dell Inc.) -- C:\Programmi\Dell\QuickSet\quickset.exe
PRC - [2010/01/14 23:11:21 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programmi\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/12/11 15:50:34 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Programmi\Common Files\Teleca Shared\Generic.exe
PRC - [2009/11/30 05:41:08 | 000,060,928 | ---- | M] () -- C:\Programmi\STMicroelectronics\Accelerometer\InstallFilterService.exe
PRC - [2009/11/19 17:19:48 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- C:\Programmi\HTC\HTC Sync\Application Launcher\Application Launcher.exe
PRC - [2009/11/04 07:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Programmi\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/11/04 07:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Programmi\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/10/20 09:11:58 | 002,364,704 | ---- | M] (Broadcom Corporation.) -- C:\Programmi\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/10/20 09:11:58 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/10/20 09:11:58 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Programmi\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/07/22 14:52:12 | 002,384,896 | ---- | M] () -- C:\Programmi\STMicroelectronics\Accelerometer\FF_Protection.exe
PRC - [2009/07/14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Windows Media Player\wmpnetwk.exe
PRC - [2009/07/14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/06 21:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Programmi\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/06/24 23:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Programmi\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/03 10:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Programmi\Common Files\Teleca Shared\logger.exe
PRC - [2009/04/14 13:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Programmi\Common Files\Teleca Shared\CapabilityManager.exe
PRC - [2009/03/02 20:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe
PRC - [2009/02/26 19:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/09 11:32:59 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\82a4878fa9c3f8b634ad38909c99db7c\System.Web.ni.dll
MOD - [2012/05/09 11:32:52 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 11:32:26 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90d42781d5b19478870e412f7b7c71eb\System.Windows.Forms.ni.dll
MOD - [2012/05/09 11:32:19 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e65dbd1b68789fc21b9fb3c605b699a7\System.Drawing.ni.dll
MOD - [2012/05/09 11:31:57 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/05/09 11:31:49 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012/04/28 17:31:26 | 002,236,416 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2012/04/28 17:31:26 | 001,396,736 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2012/04/28 17:31:26 | 000,868,352 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2012/04/28 17:31:26 | 000,847,872 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2012/04/28 17:31:26 | 000,782,336 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2012/04/28 17:31:26 | 000,688,128 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2012/04/28 17:31:26 | 000,528,384 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2012/04/28 17:31:26 | 000,462,848 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2012/04/28 17:31:26 | 000,237,568 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2012/04/28 17:31:26 | 000,155,648 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2012/04/28 17:31:26 | 000,143,360 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2012/04/28 17:31:25 | 001,564,672 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2012/04/28 17:31:25 | 000,688,128 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocVistaControls.dll
MOD - [2012/04/28 17:31:25 | 000,471,040 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2012/04/28 17:31:25 | 000,406,016 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2012/04/28 17:31:25 | 000,356,352 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2012/04/28 17:31:25 | 000,315,392 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2012/04/28 17:31:25 | 000,264,192 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2012/04/28 17:31:25 | 000,217,088 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocESUpload.dll
MOD - [2012/04/28 17:31:25 | 000,163,840 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocESEmail.dll
MOD - [2012/04/28 17:31:25 | 000,151,552 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocVistaCDBackup.dll
MOD - [2012/04/28 17:31:25 | 000,129,536 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2012/04/28 17:31:25 | 000,094,208 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocVistaPrintOnLine.dll
MOD - [2012/04/28 17:31:25 | 000,094,208 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2012/04/28 17:31:25 | 000,084,480 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2012/04/28 17:31:25 | 000,062,464 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2012/04/28 17:31:25 | 000,052,224 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2012/04/28 17:31:25 | 000,044,544 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2012/04/28 17:31:25 | 000,010,752 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocVistaAdapter.dll
MOD - [2012/04/28 17:31:25 | 000,009,728 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2012/04/28 17:31:25 | 000,009,728 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\locPcd.dll
MOD - [2012/04/28 17:31:24 | 011,503,616 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2012/04/28 17:31:24 | 000,761,856 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2012/04/28 17:31:24 | 000,684,032 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2012/04/28 17:31:24 | 000,339,968 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2012/04/28 17:31:24 | 000,234,496 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2012/04/28 17:31:24 | 000,171,520 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2012/04/28 17:31:24 | 000,152,576 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2012/04/28 17:31:24 | 000,098,304 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2012/04/28 17:31:24 | 000,084,480 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2012/04/28 17:31:24 | 000,078,848 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2011/07/29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programmi\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programmi\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programmi\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programmi\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/28 23:04:56 | 000,140,800 | ---- | M] () -- C:\Programmi\WinRAR\RarExt.dll
MOD - [2010/03/31 10:08:50 | 000,240,552 | R--- | M] () -- C:\Programmi\HTC\HTC Sync\Mobile Phone Monitor\fsync.dll
MOD - [2010/03/31 10:08:50 | 000,240,552 | R--- | M] () -- C:\Programmi\HTC\HTC Sync\ClientInitiatedStarter\fsync.dll
MOD - [2010/03/17 16:20:30 | 000,139,264 | R--- | M] () -- C:\Programmi\HTC\HTC Sync\Mobile Phone Monitor\tcpsock_object.dll
MOD - [2009/10/20 09:12:10 | 000,132,384 | ---- | M] () -- C:\Programmi\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/07/22 14:52:12 | 002,384,896 | ---- | M] () -- C:\Programmi\STMicroelectronics\Accelerometer\FF_Protection.exe
MOD - [2007/01/11 18:33:20 | 000,106,496 | R--- | M] () -- C:\Programmi\Common Files\Teleca Shared\boost_log-vc80-mt-1_33.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/05/05 12:00:19 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programmi\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/04 15:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmi\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2011/10/01 09:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programmi\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmi\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/12 09:05:36 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programmi\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/07/20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011/05/03 06:43:31 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programmi\Avira\AntiVir Desktop\sched.exe -- (AntiVirScheduler)
SRV - [2011/02/11 23:23:34 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programmi\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/10/19 07:44:11 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/10/12 03:28:18 | 000,040,960 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2010/09/23 00:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010/09/22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programmi\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/09/21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programmi\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/04/06 22:35:04 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe -- (STacSV)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programmi\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/01/09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010/01/09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009/11/30 05:41:08 | 000,060,928 | ---- | M] () [Auto | Running] -- C:\Programmi\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009/11/04 07:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programmi\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/11/04 07:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programmi\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/10/20 09:11:58 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programmi\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programmi\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmi\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009/03/02 20:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe -- (AESTFilters)
SRV - [2009/02/26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2005/06/21 22:19:38 | 000,491,520 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\dlcdcoms.exe -- (dlcd_device)


========== Driver Services (SafeList) ==========

DRV - [2011/10/01 09:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011/10/01 09:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011/10/01 09:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011/10/01 09:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2011/09/12 09:05:38 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/12 09:05:38 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/02/11 23:23:34 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2010/10/12 06:12:56 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/10/12 03:28:13 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2010/09/02 12:08:56 | 000,114,688 | ---- | M] (ONDA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ONDAusbnet.sys -- (ONDAusbnet)
DRV - [2010/09/02 12:08:44 | 000,105,088 | ---- | M] (Onda Communication) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ondausbser6k.sys -- (ONDAusbser6k)
DRV - [2010/09/02 12:08:44 | 000,105,088 | ---- | M] (Onda Communication) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ondausbnmea.sys -- (ONDAusbnmea)
DRV - [2010/09/02 12:08:44 | 000,105,088 | ---- | M] (Onda Communication) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ondausbmdm6k.sys -- (ONDAusbmdm6k)
DRV - [2010/06/17 16:28:21 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/06 22:35:04 | 000,423,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/02/26 10:31:22 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/02/03 00:36:34 | 000,232,960 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Audio schermo Intel(R)
DRV - [2009/09/17 06:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/08/10 05:06:08 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/06/15 20:05:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/05/28 17:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{AAB8CC18-CCC2-47E3-BCFE-1F7FD48BCBB3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/USSMB/11
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://dell.it.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 25 E6 DD 2D 32 33 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {AAB8CC18-CCC2-47E3-BCFE-1F7FD48BCBB3}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sheila\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sheila\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\FirefoxExtension
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/26 23:12:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/22 20:20:12 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Sheila\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Sheila\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Sheila\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Sheila\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: YouTube = C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Ricerca Google = C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\Sheila\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programmi\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programmi\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programmi\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programmi\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [C:\Program Files\Free Video Zilla\FVZilla.exe] File not found
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [FreeFallProtection] C:\Programmi\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] c:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickSet] C:\Programmi\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [RemoteControl9] c:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programmi\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - Startup: C:\Users\Sheila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programmi\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmi\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programmi\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programmi\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/ ... emLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FF36590-FACB-4DD2-AC80-5B7827175BE3}: DhcpNameServer = 192.168.1.1 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C91CA12B-6D6E-4458-9624-76BBD466BEE2}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programmi\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\Program Files\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg.dll File not found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programmi\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1c16be3c-3774-11e1-89fb-5cac4ceb56f5}\Shell - "" = AutoRun
O33 - MountPoints2\{1c16be3c-3774-11e1-89fb-5cac4ceb56f5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/16 12:19:53 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Roaming\Help
[2012/05/16 12:19:53 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Local\Help
[2012/05/16 11:21:38 | 000,000,000 | ---D | C] -- C:\Users\Sheila\Desktop\Malware docs
[2012/05/16 05:41:37 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dispositivi Bluetooth
[2012/05/11 17:52:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/11 17:48:57 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Sheila\Desktop\OTL.exe
[2012/05/10 09:03:22 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Roaming\InstallShield
[2012/05/10 08:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/05/10 08:31:21 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/05/09 08:12:19 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/05/09 08:12:19 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/05/09 08:12:18 | 002,342,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/05/09 08:12:17 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/05/09 08:12:17 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/05/09 08:12:17 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/05/09 08:12:17 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/05/09 08:12:17 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/05/06 12:03:26 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Local\HTC
[2012/05/06 12:03:25 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Roaming\Teleca
[2012/05/06 12:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\HTC
[2012/05/06 12:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Teleca Shared
[2012/05/06 12:02:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Teleca
[2012/05/06 12:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2012/05/06 12:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Spirent Communications
[2012/05/06 12:02:11 | 000,000,000 | ---D | C] -- C:\Program Files\HTC
[2012/04/29 09:46:03 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Roaming\KodakCredentialStore
[2012/04/28 17:32:34 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Local\KodakGallery
[2012/04/28 17:31:49 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Roaming\Skinux
[2012/04/28 17:31:41 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Local\Programs
[2012/04/28 17:31:08 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Local\ArcSoft
[2012/04/28 17:31:07 | 000,000,000 | ---D | C] -- C:\Users\Sheila\Documents\My Print Creations
[2012/04/28 17:31:07 | 000,000,000 | ---D | C] -- C:\Users\Sheila\AppData\Roaming\Arcsoft
[2012/04/28 17:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
[2012/04/28 17:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Print Creations
[2012/04/28 17:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2012/04/28 17:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2012/04/28 17:29:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2012/04/28 17:28:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak
[2012/04/28 17:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Kodak
[2012/04/28 17:27:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012/04/28 17:27:42 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2012/04/28 17:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2012/04/26 16:45:16 | 000,000,000 | ---D | C] -- C:\Users\Sheila\Desktop\Linda
[1 C:\Users\Sheila\Desktop\*.tmp files -> C:\Users\Sheila\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/16 22:29:01 | 000,001,164 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-48174127-2646268663-3363889633-1001UA.job
[2012/05/16 22:11:03 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/16 22:11:03 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/16 22:07:57 | 011,854,790 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2012/05/16 22:07:57 | 004,240,476 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/16 22:07:57 | 004,077,638 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2012/05/16 22:07:57 | 003,562,742 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/16 22:03:35 | 000,000,312 | ---- | M] () -- C:\Windows\tasks\hlwttfy.job
[2012/05/16 22:03:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/16 22:03:27 | 1502,617,600 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/16 16:00:00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/16 06:14:20 | 000,000,512 | ---- | M] () -- C:\Users\Sheila\Desktop\MBR.dat
[2012/05/15 07:29:01 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-48174127-2646268663-3363889633-1001Core.job
[2012/05/12 20:56:44 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2012/05/11 17:49:00 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Sheila\Desktop\OTL.exe
[2012/05/10 09:02:26 | 000,000,834 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012/05/10 08:58:38 | 000,002,569 | ---- | M] () -- C:\Users\Public\Desktop\Dell Backup and Recovery Manager.lnk
[2012/05/10 08:31:21 | 000,002,969 | ---- | M] () -- C:\Users\Sheila\Desktop\HiJackThis.lnk
[2012/05/09 11:30:32 | 000,440,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/08 07:03:17 | 000,141,312 | RHS- | M] () -- C:\Windows\System32\cmifwm.dll
[2012/05/05 12:00:07 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/05/05 12:00:07 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/05/02 14:30:22 | 000,002,407 | ---- | M] () -- C:\Users\Sheila\Desktop\Google Chrome.lnk
[2012/04/28 17:38:43 | 000,027,648 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2012/04/28 17:38:43 | 000,003,072 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2012/04/28 17:28:07 | 000,002,100 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[1 C:\Users\Sheila\Desktop\*.tmp files -> C:\Users\Sheila\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/16 06:14:20 | 000,000,512 | ---- | C] () -- C:\Users\Sheila\Desktop\MBR.dat
[2012/05/10 08:31:21 | 000,002,969 | ---- | C] () -- C:\Users\Sheila\Desktop\HiJackThis.lnk
[2012/05/08 07:03:17 | 000,141,312 | RHS- | C] () -- C:\Windows\System32\cmifwm.dll
[2012/05/08 07:03:17 | 000,000,312 | ---- | C] () -- C:\Windows\tasks\hlwttfy.job
[2012/04/28 17:31:52 | 000,027,648 | R--- | C] () -- C:\Users\Public\Documents\ESBK.mb
[2012/04/28 17:31:52 | 000,003,072 | R--- | C] () -- C:\Users\Public\Documents\ESBK.mbb
[2012/04/28 17:28:07 | 000,002,100 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2012/04/28 17:20:03 | 000,000,402 | ---- | C] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2012/04/10 12:30:50 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2011/11/17 21:16:20 | 000,000,128 | ---- | C] () -- C:\Windows\AVIATION.DAT
[2011/09/15 15:38:24 | 000,000,424 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/04/17 14:29:42 | 000,013,312 | ---- | C] () -- C:\Users\Sheila\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/11 23:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010/11/22 10:41:32 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2010/10/19 15:59:03 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dlcdcfg.dll
[2010/10/18 23:27:57 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/12 03:35:48 | 000,000,074 | RHS- | C] () -- C:\Windows\CT4CET.bin
[2010/10/12 03:28:27 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010/08/28 03:42:51 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/08/28 02:23:25 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2010/08/28 02:23:25 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/28 02:23:25 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/08/28 02:23:24 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010/08/28 02:23:24 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010/08/28 02:23:24 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010/08/28 02:23:24 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

< End of report >



And here's the text AFTER Run Fix:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== FILES ==========
C:\Windows\System32\cmifwm.dll moved successfully.
C:\Users\Sheila\Desktop\~WRL3053.tmp moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Sheila
->Temp folder emptied: 194811 bytes
->Temporary Internet Files folder emptied: 8134981 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 70692611 bytes
->Flash cache emptied: 8450 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 52064 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 59176 bytes

Total Files Cleaned = 76,00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.42.3 log created on 05162012_225911

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Now I'm going to proceed to Step 2: Online Virus Total file scan.

Thanks, as always!
Sheila
ssantola
Regular Member
 
Posts: 16
Joined: May 10th, 2012, 5:29 am

Re: Suspected malware disables Windows Security & site redir

Unread postby ssantola » May 16th, 2012, 5:23 pm

Here I am again with the results from TotalVirus.

The link to the scan of C:\Program Files\Uniblue\RegistryBooster\Launcher.exe is: https://www.virustotal.com/file/5e68e7b ... 337202856/

The link to the scan of C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe is: https://www.virustotal.com/file/65336c7 ... 337203111/

Ok, let me know what the next steps are. It's late here so, good night! :salute:

Sheila
ssantola
Regular Member
 
Posts: 16
Joined: May 10th, 2012, 5:29 am

Re: Suspected malware disables Windows Security & site redir

Unread postby pgmigg » May 16th, 2012, 11:17 pm

Hello ssantola,

Your latest set of logs appear to be clean! :cheers:
This is my general post for when your logs show no more signs of malware.
Before I give you instructions how to keep your computer clean and secure, you need to make a few additional steps

Your Adobe Reade and Java are out of date.

Step 1.
Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without the word Code: into the open text entry box:
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    Adobe Reader 9.5.1
    Java Auto Updater
    Java(TM) 6 Update 31
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.
  6. Reboot you computer.

Step 2.
Latest Java Installation Needed!

Attention: Print these instructions or copy them. You will be closing your browser!!

DOWNLOAD LATEST VERSION
  1. Get the latest version (7u4) of Java Runtime Environment (JRE)... © Sun Microsystems, Inc.
  2. Click the "Download JRE" button to the right.
  3. Check "Accept License Agreement "
  4. Locate the entry for Windows x86 Offline (32 bit), click on the associated file name, and save the file to your Desktop.

INSTALL Java
  1. Close all open applications (standard), especially your browser.
  2. From Desktop please right-click on jre-7u4-windows-i586.exe select "Run As Administrator..." to
    install the newest version.
  3. Follow the on-screen directions. When installation is completed successfully, please reboot your computer normally.
  4. Once the computer has been restarted, you can delete the "downloaded" installation file from your desktop.

OPTIONAL:
To prevent some unnecessary JAVA components from running when you boot your computer each time...
  1. Go to Control Panel and click on the JAVA icon.
  2. Press the Update tab and UNCHECK "Check for Updates Automatically". (You can check for updates manually.)
      Reply "Never Check" to the warning prompt.
  3. Now press the Advanced tab. Press the [+] to expand the "Miscellaneous" options.
  4. UNCHECK "Java Quick Starter".
  5. Press Apply and OK, then close the Java Control Panel and exit Control Panel.

Step 3.
Update Adobe Reader
Your version of Adobe Reader is out-of-date. There are serious security issues with older versions of Adobe Reader.
I'm not asking you to update any Adobe Acrobat installation... this can be quite costly. I am going to insist that you update your Adobe Reader software.
Then use the Reader for viewing PDF files - you can use the Acrobat software for your other needs.

Please download the current version of Adobe Reader...Copyright © Adobe Systems Inc.
Please UNCHECK the box for the: Free McAfee® Security Scan Plus.
  1. Click the yellow Download now button. If you don't already have Adobe DLM... you may receive a prompt.
    Adobe DLM software removal instructions available here, if wanted.
  2. The Adobe installer will check your system and begin the installation process. Use the default installation parameters.
  3. When the installation is complete, please Close and re-open your Internet browser.

Adobe Reader X - recommended (safety) program settings
When the program is open, click on Edit and select Preferences. In the categories below, use these settings:
  • Javascript - Uncheck Enable Acrobat Javascript.
  • Security (Enhanced) - Uncheck Automatically trust sites from my Win OS security zones.
  • Secure Trust Manager- Uncheck Allow opening of non-PDF file attachments with external applications.

Step 4.
OTL - Run Fix Script
You should still have OTL on your desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Copy and Paste the following code into the Image
    text box. Do not include the word Code
    Code: Select all
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    

  3. Click under the Custom Scan/Fixes box and paste the copied text.
  4. Click the Run Fix button. If prompted... click OK.
  5. OTL may ask to reboot the machine. Please do so if asked.

Step 5.
OTL-Cleanup
  1. Right click on OTL.exe select "Run As Administrator..." to run it. If prompted by UAC, please allow it.
  2. Press the CleanUp button.
  3. When done, you will be prompted to reboot your system to finish file removal, please select OK to reboot your computer.


Then please don't forget to enable all your defense software!

Finally, please click HERE to find a short guide to staying safer online.

Please don't hesitate to ask any additional questions.

Stay Safe! ;)
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Suspected malware disables Windows Security & site redir

Unread postby ssantola » May 17th, 2012, 2:39 am

Good morning pgmigg,

Yes, it does seem to be clean now as I did a couple of Google searches and I didn't get redirected like before. But, I still can't activate Windows Security System (I still have the little flag with a red X on it at the bottom of my screen) and I'm still getting the same error message from Avira AntiVir Personal when I start up reading, "An error of unknown software exception has occured (0x0000417) in the application at position 0x73387256. Click on OK to end the application."

I haven't done the latest steps you sent me--should I or should we try to fix these other problems first?

Thanks!
Sheila
ssantola
Regular Member
 
Posts: 16
Joined: May 10th, 2012, 5:29 am

Re: Suspected malware disables Windows Security & site redir

Unread postby ssantola » May 17th, 2012, 3:00 am

Nevermind pgmigg! After I wrote you the previous post, I went into Avira and saw that there were 3 files (from Feb and mar) in quarantine. I deleted them and ran some updates. Then I went into Services and this time, when I tried to activate Windows Security, it took! I rebooted and I didn't get the error message anymore nor did the little flag with the red X appear! Obviously whatever malware you helped me get rid of was blocking these things.

I'll do the last steps you sent me now and get back to you for a final THANKS!

Sheila
ssantola
Regular Member
 
Posts: 16
Joined: May 10th, 2012, 5:29 am

Re: Suspected malware disables Windows Security & site redir

Unread postby ssantola » May 17th, 2012, 4:00 am

Hi again pgmigg,

Ok, I've just completed all of the latest steps you sent me. I wasn't able to do the optional things for Java because when I click on it, it tells me the application can't be found. (I deleted the downloaded version, is that why?) But everything else went smoothly and my computer is running really well!

Can I delete all the logs which resulted from the various steps? Should I keep OTL and HiJackThis? There was one thing you told me to keep--I'll look back through the posts to find that.

Now I'm going to go to the link you sent me to stay safer online so this doesn't happen again--what a mess!

Thanks again for everything!!!!
Sheila
ssantola
Regular Member
 
Posts: 16
Joined: May 10th, 2012, 5:29 am

Re: Suspected malware disables Windows Security & site redir

Unread postby pgmigg » May 17th, 2012, 10:46 am

Hello Sheila! :)
Nevermind pgmigg! After I wrote you the previous post, I went into Avira and saw that there were 3 files (from Feb and mar) in quarantine. I deleted them and ran some updates. Then I went into Services and this time, when I tried to activate Windows Security, it took! I rebooted and I didn't get the error message anymore nor did the little flag with the red X appear! Obviously whatever malware you helped me get rid of was blocking these things.
You made great job and it was absolutely right decision - very well! Every application you use should be up to date... :D
Can I delete all the logs which resulted from the various steps?
Sure, you can delete whatever you would like - all that logs were important during the process of cleaning but not now...
Should I keep OTL and HiJackThis?
Please tell me, did you run the Step 5. OTL-Cleanup from my previous post?
It looks like you skipped it somehow. The OTL-Cleanup removes itself as well as a number of other tools including directories and other stuff.
So, if you did not do it yet, please run.

Apropos of our talk, you can easily uninstall HiJackThis by the following step, especially in a case that HiJackThis is not so good with Windows 7 as DDS scanner.:

Remove Program(s)
  1. Click on Start, then click the Start Search box on the Start Menu.
  2. Copy and paste the value below without the word Code: into the open text entry box:
    Code: Select all
     appwiz.cpl 
    and press Enter - the Unistall or change a program list will be opened.
  3. Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:
    HiJackThis
  4. Take extra care in answering questions posed by any Uninstaller.
  5. When the program(s) have been uninstalled, please close Control Panel.
  6. Reboot you computer.

Stay Safe! ;)
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Suspected malware disables Windows Security & site redir

Unread postby ssantola » May 18th, 2012, 6:53 am

Hi pgmigg,

Yes, I did run Step 5, OTL Cleanup, and, in fact, it did remove a bunch of the things that had been created throughout the process. There were only a few things left over, like the MBR stuff and some other files I'd changed the name of (I didn't know if I needed a before and after of a text file), but I've just dumped them so I'm all good! Just now I also uninstalled HiJack This too.

Thanks again for your wonderful help and advice!

Have a great weekend!
Sheila
ssantola
Regular Member
 
Posts: 16
Joined: May 10th, 2012, 5:29 am

Re: Suspected malware disables Windows Security & site redir

Unread postby pgmigg » May 18th, 2012, 10:39 am

Thank you, Sheila!

You are very welcome! :D

Stay Safe! ;)
pgmigg
User avatar
pgmigg
Admin/Teacher
Admin/Teacher
 
Posts: 5457
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: Suspected malware disables Windows Security & site redir

Unread postby Cypher » May 18th, 2012, 10:53 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 128 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware