Stratusphere

July 4, 2012

Thanks for your support! You've been very helpful and kind!

July 4, 2012

I didn't follow the procedure for solving the other problem (the one regarding the SSL problem) but the message isn't coming out anymore so that's one good point. My system looks good, it was never slowed down too much in these days. Everything seems fine, it just worries me that everytime I install a new antivirus program (like in the steps you told me to follow) new infections keep popping out. Is that normal?

July 4, 2012

Plus, I don't know why, but when I went on the "Status" tab now he would show "Threats have been detected", so I clicked "Details" and now the only threat he shows me in the report is the one about c:\\Windows\assembly\GAC_64\Desktop.ini , like the other two disappeared.

Should I click "Disinfect all"?

July 4, 2012

Wow, it was quite of a drag to get everything to work out.. Yesterday evening my pc told me it needed "14 hours to complete", so I thought to leave it opened during the night but well, everytime it found a threat it would pop out a message asking me if I wanted to delete the object or other actions. I put delete to all of them, and followed the "special disinfection automatic procedure" that led to a reebot after it was completed. So basically the scan was suspended for a while and I turned the pc on this morning to complete it.

Here are the detected threads:

Status: Deleted (events: 3)
03/07/2012 22:55:03 Deleted Trojan program Backdoor.Win32.ZAccess.oun C:\Windows\assembly\GAC_32\Desktop.ini High
04/07/2012 09:00:15 Deleted Trojan program Backdoor.Win64.ZAccess.bs c:\Windows\assembly\GAC_64\Desktop.ini High
04/07/2012 09:55:26 Deleted Trojan program Backdoor.Win32.ZAccess.mbs C:\_OTL\MovedFiles\07022012_162952\C_Windows\Installer\{0167acfe-cd1f-1ccf-b785-cfeffef0c232}\U\000000cb.@ High

July 3, 2012

It's weird, it deleted the 6 files it found but all I got was a tiny (useless, I think), log:

log.txt:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

July 3, 2012

Should I check "Uninstall application on close" and "Delete quarantined files" before I click "Finish"?

July 2, 2012

Here it is the combofix.txt:

ComboFix 12-07-02.01 - Salvatore 02/07/2012 18:05:20.1.3 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.39.1040.18.4091.2866 [GMT 2:00]
Run from: c:\users\Salvatore\Downloads\ComboFix.exe
AV: McAfee Antivirus e Antispyware *Enabled/Outdated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Antivirus e Antispyware *Enabled/Outdated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Other deletes )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\FullRemove.exe
c:\windows\WindowsUpdate.log . . . . Eliminazione Fallita
.
Infect copy of c:\windows\system32\Services.exe has been found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Creati Da 2012-06-02 al 2012-07-02 )))))))))))))))))))))))))))))))))))
.
.
2012-07-02 16:18 . 2012-07-02 16:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-02 14:29 . 2012-07-02 14:29 -------- d-----w- C:\_OTL
2012-07-01 00:29 . 2012-07-01 16:02 -------- d-----w- C:\sh4ldr
2012-07-01 00:29 . 2012-07-01 00:29 -------- d-----w- c:\program files\Enigma Software Group
2012-07-01 00:28 . 2012-07-01 00:28 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-07-01 00:22 . 2012-07-01 00:22 -------- d-----w- c:\users\Salvatore\AppData\Roaming\Malwarebytes
2012-07-01 00:22 . 2012-07-01 00:22 -------- d-----w- c:\programdata\Malwarebytes
2012-07-01 00:22 . 2012-07-01 00:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-01 00:22 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-29 12:27 . 2012-02-23 15:11 28504 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-06-29 12:27 . 2012-02-23 15:23 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-29 12:25 . 2012-07-02 14:27 -------- d-----w- c:\programdata\AVAST Software
2012-06-29 12:25 . 2012-06-29 12:25 -------- d-----w- c:\program files\AVAST Software
2012-06-29 11:26 . 2012-06-29 11:26 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-06-28 10:51 . 2012-06-28 22:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-28 10:51 . 2012-06-28 22:56 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-06-27 12:50 . 2012-06-27 12:50 -------- d-----w- c:\program files (x86)\SDA
2012-06-27 12:49 . 2012-06-27 12:49 -------- d-----w- c:\users\Salvatore\AppData\Local\Downloaded Installations
2012-06-27 11:38 . 2012-06-27 11:38 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-27 11:38 . 2012-06-27 11:38 -------- d-----w- c:\windows\system32\Macromed
2012-06-25 15:36 . 2012-06-25 15:36 -------- d-----w- C:\found.000
2012-06-19 07:21 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 07:21 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 07:21 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 07:21 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 07:20 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 07:20 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 07:20 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 07:20 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 07:20 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 06:05 . 2012-05-18 02:02 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-27 11:38 . 2011-07-22 08:40 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xpadder"="c:\users\Salvatore\Downloads\eMule AdunanzA\Incoming\Xpadder 5.3 Win 7\Xpadder 5.3 Win 7\Xpadder.exe" [2009-01-13 932352]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-14 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1486392]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
"SwitchBoard"=c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 0264401328647758mcinstcleanup;McAfee Application Installer Cleanup (0264401328647758);c:\windows\TEMP\026440~1.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-13 135664]
R3 atillk64;atillk64;c:\program files (x86)\AMD GPU Clock Tool\atillk64.sys [x]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-13 135664]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 94992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]
R3 SIVDriver;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX64.sys [2011-11-14 116504]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 WatAdminSvc;Servizio Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-15 1255736]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-14 283744]
S1 aswKbd;aswKbd; [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-04-14 75160]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-07-07 203264]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McMPFSvc;McAfee Servizio Personal Firewall;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-04-14 149032]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-05-25 255744]
S2 WeGameClientService;WeGame Client Service;c:\program files (x86)\WeGame\WGClientService.exe [2011-07-28 18472]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-07-07 7195648]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-07-07 265728]
S3 AmdTools64;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools64.sys [2008-04-28 47160]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 63056]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-14 384040]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 441840]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-21 38456]
.
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contenuto della cartella 'Scheduled Tasks'
.
2012-07-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-717413042-2411848176-2783751854-1001Core.job
- c:\users\Salvatore\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-13 20:34]
.
2012-07-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-717413042-2411848176-2783751854-1001UA.job
- c:\users\Salvatore\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-13 20:34]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-13 13:24]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-13 13:24]
.
2012-07-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-717413042-2411848176-2783751854-1001Core.job
- c:\users\Salvatore\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-13 13:23]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-717413042-2411848176-2783751854-1001UA.job
- c:\users\Salvatore\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-13 13:23]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Scansione supplementare -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
Trusted Zone: tellmemorecampus.com\www6
Trusted Zone: tellmemorecampus.com\www6
TCP: DhcpNameServer = 62.101.93.101 83.103.25.250
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-AuralogComponentsUninstall9.exe - c:\windows\system32\\Auralog\tmm\Uninstall\AuralogComponentsUninstall9.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_USERS\S-1-5-21-717413042-2411848176-2783751854-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-717413042-2411848176-2783751854-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Ora fine scansione: 2012-07-02 19:46:56 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2012-07-02 17:46
.
Pre-Run: 138.263.691.264 byte disponibili
Post-Run: 138.660.388.864 byte disponibili
.
- - End Of File - - 94F78F7D5313F677696AA9B5B3F40649

Note: combofix downloaded and installed in my language, italian, and I was not able to find a way to change it so that the report could be in english and easy to understand. I translated a few things but then stopped because I think you experts know how to figure the log out anyway. If you need some words to be translated don't hesitate to ask. Sorry again and thanks for your help!

July 2, 2012

I followed all the procedure, here are the scans:

1) OTL:

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09630A35-54CC-4D4D-91AA-51A4EDE27669}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09630A35-54CC-4D4D-91AA-51A4EDE27669}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml moved successfully.
File C:\Users\Salvatore\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0 not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
C:\Windows\Installer\{0167acfe-cd1f-1ccf-b785-cfeffef0c232}\U\00000008.@ moved successfully.
C:\Windows\Installer\{0167acfe-cd1f-1ccf-b785-cfeffef0c232}\U\80000064.@ moved successfully.
C:\Windows\Installer\{0167acfe-cd1f-1ccf-b785-cfeffef0c232}\U\80000000.@ moved successfully.
C:\Windows\Installer\{0167acfe-cd1f-1ccf-b785-cfeffef0c232}\L\00000004.@ moved successfully.
C:\Windows\Installer\{0167acfe-cd1f-1ccf-b785-cfeffef0c232}\U\00000004.@ moved successfully.
C:\Windows\Installer\{0167acfe-cd1f-1ccf-b785-cfeffef0c232}\U\000000cb.@ moved successfully.
C:\Windows\Installer\{0167acfe-cd1f-1ccf-b785-cfeffef0c232}\@ moved successfully.
C:\Users\Salvatore\AppData\Local\{0167acfe-cd1f-1ccf-b785-cfeffef0c232}\@ moved successfully.
C:\Users\Salvatore\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.
C:\Users\Salvatore\AppData\Roaming\uTorrent\apps folder moved successfully.
C:\Users\Salvatore\AppData\Roaming\uTorrent folder moved successfully.
========== FILES ==========
C:\Users\Salvatore\AppData\Local\{0167acfe-cd1f-1ccf-b785-cfeffef0c232}\U folder moved successfully.
C:\Users\Salvatore\AppData\Local\{0167acfe-cd1f-1ccf-b785-cfeffef0c232}\L folder moved successfully.
C:\Users\Salvatore\AppData\Local\{0167acfe-cd1f-1ccf-b785-cfeffef0c232} folder moved successfully.
C:\Windows\Installer\{0167acfe-cd1f-1ccf-b785-cfeffef0c232}\U folder moved successfully.
C:\Windows\Installer\{0167acfe-cd1f-1ccf-b785-cfeffef0c232}\L folder moved successfully.
Folder move failed. C:\Windows\Installer\{0167acfe-cd1f-1ccf-b785-cfeffef0c232} scheduled to be moved on reboot.
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\Salvatore\Desktop\cmd.bat deleted successfully.
C:\Users\Salvatore\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Salvatore
->Temp folder emptied: 59663715 bytes
->Temporary Internet Files folder emptied: 200386723 bytes
->Java cache emptied: 117648 bytes
->Google Chrome cache emptied: 54265814 bytes
->Flash cache emptied: 1669 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1523615 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 301518370 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 589,00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.53.1 log created on 07022012_162952
Files\Folders moved on Reboot...
C:\Windows\Installer\{0167acfe-cd1f-1ccf-b785-cfeffef0c232}\U folder moved successfully.
C:\Windows\Installer\{0167acfe-cd1f-1ccf-b785-cfeffef0c232} folder moved successfully.
C:\Users\Salvatore\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
PendingFileRenameOperations files...
File C:\Windows\Installer\{0167acfe-cd1f-1ccf-b785-cfeffef0c232} not found!
File C:\Users\Salvatore\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012/07/02 16:34:33 | 000,000,000 | ---- | M] () C:\Windows\temp\dsiwmis.log : Unable to obtain MD5
Registry entries deleted on Reboot...

2) Malwarebytes (It did not found anything so it didn't ask me to reboot or anything):

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.07.02.02
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Salvatore :: SALVATORE-PC [administrator]
Protection: Enabled
02/07/2012 16:47:29
mbam-log-2012-07-02 (16-47-29).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206827
Time elapsed: 2 minute(s), 34 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

3) aswMBR:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-02 16:51:42
-----------------------------
16:51:42.390 OS Version: Windows x64 6.1.7600
16:51:42.390 Number of processors: 3 586 0x503
16:51:42.405 ComputerName: SALVATORE-PC UserName: Salvatore
16:51:46.005 Initialize success
16:54:23.839 AVAST engine defs: 12070201
16:55:57.788 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:55:57.788 Disk 0 Vendor: WDC_WD3200BEVT-22A23T0 01.01A01 Size: 305245MB BusType: 11
16:55:57.819 Disk 0 MBR read successfully
16:55:57.819 Disk 0 MBR scan
16:55:57.835 Disk 0 Windows 7 default MBR code
16:55:57.835 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 14336 MB offset 2048
16:55:57.866 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 106 MB offset 29362176
16:55:57.897 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 290795 MB offset 29591730
16:55:57.928 Disk 0 scanning C:\Windows\system32\drivers
16:56:11.220 Service scanning
16:56:57.008 Modules scanning
16:56:57.024 Disk 0 trace - called modules:
16:56:57.039 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:56:57.570 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800468c790]
16:56:57.570 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004610060]
16:56:59.161 AVAST engine scan C:\Windows
16:57:02.281 AVAST engine scan C:\Windows\system32
16:59:13.961 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
16:59:16.909 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
17:02:53.197 AVAST engine scan C:\Windows\system32\drivers
17:03:12.151 AVAST engine scan C:\Users\Salvatore
17:16:53.883 AVAST engine scan C:\ProgramData
17:20:48.991 Scan finished successfully
17:22:08.490 Disk 0 MBR has been saved successfully to "C:\Users\Salvatore\Desktop\MBR.dat"
17:22:08.506 The log file has been saved successfully to "C:\Users\Salvatore\Desktop\aswMBR.txt"

July 2, 2012

Here is the OTL.txt report. The Extras.txt report won't pop out neither be created in the folder where OTL.exe is.

OTL.txt:

OTL logfile created on: 02/07/2012 15:53:34 - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Salvatore\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
4,00 Gb Total Physical Memory | 2,71 Gb Available Physical Memory | 67,76% Memory free
7,99 Gb Paging File | 6,31 Gb Available in Paging File | 79,03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283,98 Gb Total Space | 128,59 Gb Free Space | 45,28% Space Free | Partition Type: NTFS
Drive D: | 4,29 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: SALVATORE-PC | User Name: Salvatore | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/07/02 15:52:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Salvatore\Desktop\OTL.exe
PRC - [2012/06/27 13:38:28 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/02/23 17:23:24 | 004,031,368 | ---- | M] (AVAST Software) -- C:\Programmi\AVAST Software\Avast\AvastUI.exe
PRC - [2012/02/23 17:23:21 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/11/25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/07/28 10:52:06 | 000,018,472 | ---- | M] (WeGame.com, Inc.) -- C:\Program Files (x86)\WeGame\WGClientService.exe
PRC - [2010/06/22 08:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/05/25 02:21:50 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
PRC - [2009/01/13 09:19:34 | 000,932,352 | ---- | M] () -- C:\Users\Salvatore\Downloads\eMule AdunanzA\Incoming\Xpadder 5.3 Win 7\Xpadder 5.3 Win 7\Xpadder.exe
========== Modules (No Company Name) ==========
MOD - [2009/07/14 03:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2009/01/13 09:19:34 | 000,932,352 | ---- | M] () -- C:\Users\Salvatore\Downloads\eMule AdunanzA\Incoming\Xpadder 5.3 Win 7\Xpadder 5.3 Win 7\Xpadder.exe
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/04/14 14:01:38 | 000,245,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/04/14 14:01:38 | 000,200,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010/07/07 03:50:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/23 17:23:21 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programmi\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/01/10 05:56:54 | 000,827,456 | ---- | M] () [Auto | Stopped] -- C:\Windows\Temp\0264401328647758mcinst.exe -- (0264401328647758mcinstcleanup) McAfee Application Installer Cleanup (0264401328647758)
SRV - [2011/11/25 17:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2011/07/28 10:52:06 | 000,018,472 | ---- | M] (WeGame.com, Inc.) [Auto | Running] -- C:\Program Files (x86)\WeGame\WGClientService.exe -- (WeGameClientService)
SRV - [2011/04/14 14:01:38 | 000,149,032 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programmi\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV - [2011/03/28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010/10/07 20:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programmi\mcafee\virusscan\mcods.exe -- (McODS)
SRV - [2010/07/14 12:34:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/22 08:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/06/11 14:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programmi\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010/06/02 00:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/25 02:21:50 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 17:12:43 | 000,817,496 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/02/23 17:12:42 | 000,335,704 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/02/23 17:11:26 | 000,028,504 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012/02/23 17:11:04 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/02/23 17:10:43 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/02/23 17:10:38 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/02/23 17:10:19 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/12/29 01:57:26 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/11/14 10:26:54 | 000,116,504 | ---- | M] (Ray Hinchliffe) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SIVX64.sys -- (SIVDriver)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/14 14:01:38 | 000,530,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,441,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/04/14 14:01:38 | 000,283,744 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,190,520 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,121,376 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,094,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/04/14 14:01:38 | 000,075,160 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,063,056 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/03/11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/07/09 05:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010/07/07 04:30:08 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/07/07 03:15:42 | 000,265,728 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/06/17 11:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/05/14 23:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink
DRV:64bit: - [2010/05/11 12:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/04/20 04:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2010/04/07 22:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/09 16:03:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/12/21 09:56:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/12/10 13:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/04/28 13:03:46 | 000,047,160 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmdTools64.sys -- (AmdTools64)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5552g&r=273605119835l0484z165v4822100r
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5552g&r=273605119835l0484z165v4822100r
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5552g&r=273605119835l0484z165v4822100r
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0085DB85-6F7C-4AD5-802B-18A84AFCD747}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{09630A35-54CC-4D4D-91AA-51A4EDE27669}: "URL" = http://startsear.ch/?aff=1&q={searchTerms}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=bde9d979-e22a-11e0-a74c-805c026f4e29&q={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-717413042-2411848176-2783751854-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&m=aspire_5552g&r=273605119835l0484z165v4822100r
IE - HKU\S-1-5-21-717413042-2411848176-2783751854-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKU\S-1-5-21-717413042-2411848176-2783751854-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-717413042-2411848176-2783751854-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-717413042-2411848176-2783751854-1001\..\SearchScopes\{0085DB85-6F7C-4AD5-802B-18A84AFCD747}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_itIT431
IE - HKU\S-1-5-21-717413042-2411848176-2783751854-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-717413042-2411848176-2783751854-1001\..\SearchScopes\{09630A35-54CC-4D4D-91AA-51A4EDE27669}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_itIT431
IE - HKU\S-1-5-21-717413042-2411848176-2783751854-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_itIT431
IE - HKU\S-1-5-21-717413042-2411848176-2783751854-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-717413042-2411848176-2783751854-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-717413042-2411848176-2783751854-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Salvatore\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Salvatore\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Salvatore\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/02/24 01:39:53 | 000,000,000 | ---D | M]
[2011/05/19 12:31:44 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Salvatore\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Salvatore\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Salvatore\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Salvatore\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Salvatore\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Salvatore\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Salvatore\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Ricerca Google = C:\Users\Salvatore\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Salvatore\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1407_0\
CHR - Extension: vshare plugin = C:\Users\Salvatore\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: Gmail = C:\Users\Salvatore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programmi\mcafee\msk\mskapbho64.dll ()
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programmi\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programmi\Common Files\mcafee\systemcore\ScriptSn.20110605204915.dll (McAfee, Inc.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programmi\mcafee\msk\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110605204915.dll (McAfee, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programmi\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programmi\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-717413042-2411848176-2783751854-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programmi\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-717413042-2411848176-2783751854-1001..\Run: [EPSON SX210 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFDE.EXE /FU "C:\Users\SALVAT~1\AppData\Local\Temp\E_S862F.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-717413042-2411848176-2783751854-1001..\Run: [Xpadder] C:\Users\Salvatore\Downloads\eMule AdunanzA\Incoming\Xpadder 5.3 Win 7\Xpadder 5.3 Win 7\Xpadder.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: tellmemorecampus.com ([www6] http in Trusted sites)
O15 - HKU\S-1-5-21-717413042-2411848176-2783751854-1001\..Trusted Domains: tellmemorecampus.com ([www6] http in Siti attendibili)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.101.93.101 83.103.25.250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B3F7A6A-8F0F-43D2-8DA5-EF721D203781}: DhcpNameServer = 62.101.93.101 83.103.25.250
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/07/02 15:52:57 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Salvatore\Desktop\OTL.exe
[2012/07/02 14:12:12 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Salvatore\Desktop\dds.scr
[2012/07/02 11:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/07/02 11:28:25 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{69BEBF02-1A45-4334-93D1-E1EF8679F401}
[2012/07/02 11:28:21 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{6CD0E7AB-61C9-49D9-B131-D01766B9F73C}
[2012/07/01 18:01:43 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{A21FE333-160A-4FBB-A867-2199440D7529}
[2012/07/01 18:01:39 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{86901CE0-6F17-4E1A-8E87-468885A189DF}
[2012/07/01 02:29:45 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/07/01 02:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/07/01 02:28:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/07/01 02:22:27 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Roaming\Malwarebytes
[2012/07/01 02:22:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/01 02:22:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/01 02:22:08 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/01 02:22:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/30 19:29:38 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{3CE0AF16-53A6-4421-8326-24B9C38327F8}
[2012/06/30 19:29:35 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{26F9E601-22C3-43D4-BE00-1BBF344D448A}
[2012/06/30 03:04:02 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{69C61789-17F3-4A83-8D24-894894B5406E}
[2012/06/30 03:03:49 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{4FAE04F9-10DE-4FC2-A136-77EE49C367EF}
[2012/06/29 14:38:12 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{0CF4E2A3-8098-46EF-8050-A47AC09E8169}
[2012/06/29 14:37:58 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{E57F0796-2E77-4658-B576-79F4D0B1E7AC}
[2012/06/29 14:27:34 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/06/29 14:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Pro Antivirus
[2012/06/29 14:27:32 | 000,335,704 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/06/29 14:27:29 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/06/29 14:27:28 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/06/29 14:27:27 | 000,028,504 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2012/06/29 14:27:26 | 000,817,496 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/06/29 14:27:24 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/06/29 14:27:23 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/06/29 14:26:06 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/06/29 14:26:01 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/06/29 14:25:36 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/06/29 14:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/06/29 14:22:15 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\Desktop\Avast Pro Antivirus v7.0.1407+Key.ByCilindrico74
[2012/06/29 13:26:30 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/06/29 01:00:47 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{D16475D1-5BA2-4302-986C-1C956E9A9E4D}
[2012/06/28 12:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/06/28 12:51:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/06/28 08:56:49 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{25000776-C3C4-4948-B858-E116E27428CB}
[2012/06/28 08:56:34 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{7CE811E5-1988-4732-B59A-B238A10284C1}
[2012/06/27 17:47:47 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{A22D8AF0-A5E0-40EF-9DC4-426FC27EEE65}
[2012/06/27 17:47:35 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{EE36F28B-673E-4C39-9837-DE38AB84F954}
[2012/06/27 14:55:11 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\Desktop\andboot
[2012/06/27 14:50:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
[2012/06/27 14:50:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SDA
[2012/06/27 14:49:13 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\Downloaded Installations
[2012/06/27 13:45:17 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\Desktop\android
[2012/06/27 13:40:31 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\Desktop\cell
[2012/06/27 13:38:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/06/27 13:34:44 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\Desktop\DCIM
[2012/06/27 01:56:14 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{972FAB4D-0AC1-49C9-A1DE-725D16615FAC}
[2012/06/27 01:56:02 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{B1015369-E5CC-4803-BEA3-E1A8ECF3C554}
[2012/06/26 21:53:12 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{C10BCEAD-9990-4FBA-8453-A03620BBD1EB}
[2012/06/26 21:53:00 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{8192C617-737D-4168-A462-C1A4983D4FAB}
[2012/06/26 19:05:41 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{3DB0A89D-7FD3-43BE-8E2D-6415AFB7B446}
[2012/06/26 16:37:28 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{C46E777C-4272-477A-A34A-45EAEEB21446}
[2012/06/25 23:41:45 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{298150BF-362F-40AF-81EF-332B05EC64A8}
[2012/06/25 23:41:32 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{99F3EA0C-50FC-4B80-85A9-F6D99F2B3A4E}
[2012/06/25 22:01:27 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{19CF53B6-4366-4E89-AA9E-4599E57336EE}
[2012/06/25 22:01:13 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{5AFE4922-869B-4B7D-8C79-332999E2AD7E}
[2012/06/25 17:36:36 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/06/25 08:44:38 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{E9E8DBCD-6E2A-4EEA-A066-2624B4771D52}
[2012/06/25 08:44:19 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{C27CEB0A-C8CF-40C5-8753-6DAD9BFFB3E7}
[2012/06/24 02:59:41 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{133886F7-9497-42F9-BAC8-95773ACDA416}
[2012/06/24 02:59:27 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{4D7D31C0-DCC5-420F-9D43-8CC8E8423F45}
[2012/06/23 09:17:28 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{7A32C071-E41A-47BD-822A-DC1BC58F49BB}
[2012/06/23 09:17:13 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{44A87317-1ED7-465B-958A-E91E36212954}
[2012/06/22 22:59:21 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{E7E8EFB5-7FAF-4C27-8F9A-82AEA8F6B480}
[2012/06/22 09:02:27 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{DAE870C4-1291-4404-8583-99EE54CFBC28}
[2012/06/22 09:02:07 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{A3B529C2-7F76-4212-9507-2F10A3476ADA}
[2012/06/21 08:32:17 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{C334FFAD-4E8A-4EC6-840E-99EED6FA1851}
[2012/06/21 08:32:01 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{07B83445-402B-4A52-8543-5A2325B6CFD1}
[2012/06/21 00:53:45 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{3B8A8CC1-5808-43CC-B108-9D692BB8D10F}
[2012/06/19 22:43:53 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{397505D4-6632-42FF-8353-5EBC90765500}
[2012/06/19 22:43:40 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{A12E73A5-BA3E-43B0-8366-81A619987385}
[2012/06/19 09:19:23 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{1C7A7E89-F4A2-4D03-A13A-862E7A333EC5}
[2012/06/19 09:19:06 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{4D74BFDB-3DB6-4A69-A810-DF13EA15F0B9}
[2012/06/18 14:07:09 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{249375B4-25E5-4952-A9ED-B6C3A7DE92D3}
[2012/06/17 11:56:41 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{38E7902D-EFAF-4EF8-B748-B220F1BAAC8E}
[2012/06/16 21:02:22 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{578930D0-EC67-4676-8B00-A1C2F74690E2}
[2012/06/16 09:01:44 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{95BC4ADF-8FEE-45F9-9462-D4CA02575532}
[2012/06/15 15:59:58 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{F30082A5-B358-449F-B62B-66F37706EFBE}
[2012/06/14 21:37:49 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{24AA4A99-2EFB-49C8-9C93-3AB21C7DFB36}
[2012/06/14 21:37:37 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{F8178E2C-91BC-4AE1-9E4D-819198F3DCB7}
[2012/06/14 08:02:11 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{1325B857-CD17-40D4-9C8D-CE210039DF9A}
[2012/06/14 08:01:56 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{4DF13699-DC65-4B3B-A853-C15E62304A2C}
[2012/06/13 18:51:03 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{8691A548-717B-40A3-826C-C3BB6826D888}
[2012/06/13 18:50:50 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{E9C8F107-6D29-42A6-A8D1-391AB449F5B3}
[2012/06/13 16:26:07 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{7560487E-A7E0-4C33-8C9E-E75996BD915C}
[2012/06/12 22:26:58 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{1A53919F-BAD6-4272-BAEB-FC43CEB26F5F}
[2012/06/12 22:26:45 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{6F15A42A-9FC7-44BA-BBFC-04096E3039E8}
[2012/06/12 21:27:58 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{D442E8EA-BDB4-46D3-BEB2-721304F455EF}
[2012/06/12 21:00:51 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{FF0B9443-0B1D-4C64-B084-6F31952A0017}
[2012/06/12 08:07:44 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{E93A1667-B7A7-45AB-9165-DD4436B9257A}
[2012/06/12 08:07:30 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{0E68864A-1981-456F-AF8C-4DD98769B061}
[2012/06/11 15:40:09 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{B05BDBA8-C203-4A0F-ACF6-B5551F079070}
[2012/06/11 15:39:56 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{E99FC8F9-270B-460B-82A4-8CE16C6B9162}
[2012/06/10 21:57:43 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{E4CC35D4-4A95-4CE0-9FBA-FC429263A409}
[2012/06/10 21:57:30 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{65476EF1-E5F7-48E2-9A3A-1BACB140E1DC}
[2012/06/10 08:35:51 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{B858074B-F9C2-436A-97A1-7731260C446D}
[2012/06/10 08:35:38 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{53D425DA-D66C-48A2-8AF3-DDF4CEC89AAE}
[2012/06/09 18:39:49 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{1B43B4E4-63CD-4A2F-82D7-5939608E4214}
[2012/06/09 18:39:36 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{5DA1E1AE-93E3-410F-9D88-F32E06BFB9DA}
[2012/06/08 22:42:23 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{477584EB-AF39-4A49-8E3C-44E6A66EDFF1}
[2012/06/08 22:42:11 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{F66AD741-E3C5-4131-9407-AB6ECDA7CB5D}
[2012/06/07 21:09:55 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{27587DDC-92EB-43BB-BF45-4D2A50A83BE4}
[2012/06/07 21:09:16 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{12AD59D2-ABB1-4D18-99BA-39641751F6DD}
[2012/06/07 08:30:43 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{2997D1D1-B48F-493C-8ECE-59487252258A}
[2012/06/07 08:30:28 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{317E9133-DBC4-4457-8576-3B59CF42138F}
[2012/06/06 18:59:35 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{5742D09B-8DF4-46B4-AE80-3EBF72FA1D96}
[2012/06/06 18:59:21 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{1C5BFAD4-39EA-4FF3-8851-EDD342F21BBF}
[2012/06/06 07:44:34 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{96BDB843-1543-44C1-A009-436FA9EF1074}
[2012/06/06 07:44:21 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{C073EF1C-7F63-42CB-8308-00F7ED3FFB78}
[2012/06/05 20:55:13 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{937E6399-C815-4923-ADE2-B6D145525F16}
[2012/06/05 20:55:00 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{6D51A156-E846-499A-820E-60365B436BD6}
[2012/06/05 08:13:39 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{E79B9B71-82D0-4930-ABBF-C19915435DF9}
[2012/06/05 08:13:23 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{67EC8E1B-5489-4422-BCF1-0A5466D92CAA}
[2012/06/04 08:16:37 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{B4F01D7C-0A69-4225-8671-7199650BA706}
[2012/06/04 08:16:19 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{29AEDE66-2081-4D9C-A4D3-F2D8C1F4C708}
[2012/06/03 22:39:48 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{B55EEA4F-8073-4CA1-AD4D-3C7A5BEB3346}
[2012/06/03 09:42:21 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{E1B4CE9C-D255-40B0-97E7-1B63A75FCB18}
[2012/06/03 09:42:06 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{26D451CC-74E9-46DA-9BFF-D8DB5E438D46}
[2012/06/02 21:41:33 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{4163136D-E781-4442-8659-9A55178196FF}
[2012/06/02 21:41:21 | 000,000,000 | ---D | C] -- C:\Users\Salvatore\AppData\Local\{234D0B5D-D951-4E3B-BFFA-E0B9913F74A0}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Salvatore\Desktop\*.tmp files -> C:\Users\Salvatore\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/07/02 16:06:02 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/02 15:52:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Salvatore\Desktop\OTL.exe
[2012/07/02 15:50:52 | 000,001,176 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-717413042-2411848176-2783751854-1001UA.job
[2012/07/02 15:49:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/02 15:06:01 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/02 14:12:10 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Salvatore\Desktop\dds.scr
[2012/07/02 13:39:04 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-717413042-2411848176-2783751854-1001UA.job
[2012/07/02 12:48:12 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/02 12:48:12 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/02 11:50:41 | 3217,211,392 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/02 01:05:48 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-717413042-2411848176-2783751854-1001Core.job
[2012/07/02 01:05:19 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-717413042-2411848176-2783751854-1001Core.job
[2012/07/01 02:22:16 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/01 01:57:11 | 000,000,142 | ---- | M] () -- C:\Windows\wininit.ini
[2012/07/01 00:27:30 | 000,002,425 | ---- | M] () -- C:\Users\Salvatore\Desktop\Google Chrome.lnk
[2012/06/29 14:27:34 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2012/06/29 14:27:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/06/27 15:56:58 | 001,541,618 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/27 15:56:58 | 000,698,804 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2012/06/27 15:56:58 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/27 15:56:58 | 000,127,998 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2012/06/27 15:56:58 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/27 14:50:47 | 000,002,090 | ---- | M] () -- C:\Users\Public\Desktop\SDFormatter.lnk
[2012/06/26 11:15:34 | 000,822,022 | ---- | M] () -- C:\Users\Salvatore\Desktop\img005.jpg
[2012/06/21 09:22:16 | 000,057,687 | ---- | M] () -- C:\Users\Salvatore\Desktop\maturita_scientifico_2.jpg
[2012/06/21 04:21:52 | 000,787,618 | ---- | M] () -- C:\Users\Salvatore\Desktop\Quesito 4 parte 2.JPG
[2012/06/21 04:21:44 | 000,789,645 | ---- | M] () -- C:\Users\Salvatore\Desktop\Quesito 4 parte 1.JPG
[2012/06/21 04:05:56 | 000,579,853 | ---- | M] () -- C:\Users\Salvatore\Desktop\Quesito 2.JPG
[2012/06/21 03:55:34 | 000,817,119 | ---- | M] () -- C:\Users\Salvatore\Desktop\Quesito 3.JPG
[2012/06/21 03:50:30 | 000,624,463 | ---- | M] () -- C:\Users\Salvatore\Desktop\Quesito 7.JPG
[2012/06/21 03:35:56 | 000,849,441 | ---- | M] () -- C:\Users\Salvatore\Desktop\Quesito 1.JPG
[2012/06/21 03:35:18 | 000,850,971 | ---- | M] () -- C:\Users\Salvatore\Desktop\Quesito 6.JPG
[2012/06/21 03:35:08 | 000,781,810 | ---- | M] () -- C:\Users\Salvatore\Desktop\Quesito 8.JPG
[2012/06/14 17:14:40 | 004,973,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/11 02:42:20 | 000,887,053 | ---- | M] () -- C:\Users\Salvatore\Desktop\IMG_2463.JPG
[2012/06/11 02:42:06 | 000,993,701 | ---- | M] () -- C:\Users\Salvatore\Desktop\IMG_2462.JPG
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Salvatore\Desktop\*.tmp files -> C:\Users\Salvatore\Desktop\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/07/02 12:44:03 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{0167acfe-cd1f-1ccf-b785-cfeffef0c232}\U\00000008.@
[2012/07/01 10:50:39 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{0167acfe-cd1f-1ccf-b785-cfeffef0c232}\U\80000064.@
[2012/07/01 02:22:16 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/29 14:27:34 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2012/06/29 14:27:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/06/28 13:29:19 | 000,000,142 | ---- | C] () -- C:\Windows\wininit.ini
[2012/06/27 14:50:47 | 000,002,090 | ---- | C] () -- C:\Users\Public\Desktop\SDFormatter.lnk
[2012/06/27 12:15:11 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{0167acfe-cd1f-1ccf-b785-cfeffef0c232}\U\80000000.@
[2012/06/27 12:15:10 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{0167acfe-cd1f-1ccf-b785-cfeffef0c232}\L\00000004.@
[2012/06/27 12:15:07 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{0167acfe-cd1f-1ccf-b785-cfeffef0c232}\U\00000004.@
[2012/06/27 12:15:07 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{0167acfe-cd1f-1ccf-b785-cfeffef0c232}\U\000000cb.@
[2012/06/27 11:47:15 | 000,822,022 | ---- | C] () -- C:\Users\Salvatore\Desktop\img005.jpg
[2012/06/21 11:19:46 | 000,789,645 | ---- | C] () -- C:\Users\Salvatore\Desktop\Quesito 4 parte 1.JPG
[2012/06/21 11:19:46 | 000,787,618 | ---- | C] () -- C:\Users\Salvatore\Desktop\Quesito 4 parte 2.JPG
[2012/06/21 11:04:06 | 000,579,853 | ---- | C] () -- C:\Users\Salvatore\Desktop\Quesito 2.JPG
[2012/06/21 10:53:25 | 000,817,119 | ---- | C] () -- C:\Users\Salvatore\Desktop\Quesito 3.JPG
[2012/06/21 10:48:49 | 000,624,463 | ---- | C] () -- C:\Users\Salvatore\Desktop\Quesito 7.JPG
[2012/06/21 10:35:00 | 000,850,971 | ---- | C] () -- C:\Users\Salvatore\Desktop\Quesito 6.JPG
[2012/06/21 10:35:00 | 000,849,441 | ---- | C] () -- C:\Users\Salvatore\Desktop\Quesito 1.JPG
[2012/06/21 10:35:00 | 000,781,810 | ---- | C] () -- C:\Users\Salvatore\Desktop\Quesito 8.JPG
[2012/06/21 09:22:35 | 000,057,687 | ---- | C] () -- C:\Users\Salvatore\Desktop\maturita_scientifico_2.jpg
[2012/06/11 09:40:38 | 000,993,701 | ---- | C] () -- C:\Users\Salvatore\Desktop\IMG_2462.JPG
[2012/06/11 09:40:38 | 000,887,053 | ---- | C] () -- C:\Users\Salvatore\Desktop\IMG_2463.JPG
[2012/05/24 20:29:07 | 000,001,098 | ---- | C] () -- C:\Users\Salvatore\Download - collegamento.lnk
[2012/05/14 17:41:06 | 007,277,568 | ---- | C] () -- C:\Windows\SysWow64\iPodmedia.dll
[2012/01/10 20:54:20 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{0167acfe-cd1f-1ccf-b785-cfeffef0c232}\@
[2012/01/10 20:54:20 | 000,002,048 | -HS- | C] () -- C:\Users\Salvatore\AppData\Local\{0167acfe-cd1f-1ccf-b785-cfeffef0c232}\@
[2011/10/08 11:09:58 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/05/10 14:50:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/07/14 12:20:19 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
========== LOP Check ==========
[2011/10/23 00:17:52 | 000,000,000 | ---D | M] -- C:\Users\Salvatore\AppData\Roaming\2K Sports
[2012/02/13 20:42:39 | 000,000,000 | ---D | M] -- C:\Users\Salvatore\AppData\Roaming\Audacity
[2011/05/19 10:38:07 | 000,000,000 | ---D | M] -- C:\Users\Salvatore\AppData\Roaming\eMule AdunanzA
[2011/05/20 14:53:04 | 000,000,000 | ---D | M] -- C:\Users\Salvatore\AppData\Roaming\GHISLER
[2011/11/06 20:33:40 | 000,000,000 | ---D | M] -- C:\Users\Salvatore\AppData\Roaming\Sports Interactive
[2012/01/16 23:35:02 | 000,000,000 | ---D | M] -- C:\Users\Salvatore\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/01/03 23:27:54 | 000,000,000 | ---D | M] -- C:\Users\Salvatore\AppData\Roaming\TuneUp Software
[2012/06/19 10:20:50 | 000,000,000 | ---D | M] -- C:\Users\Salvatore\AppData\Roaming\uTorrent
[2011/06/22 09:59:00 | 000,000,000 | ---D | M] -- C:\Users\Salvatore\AppData\Roaming\Windows Live Writer
[2012/07/02 01:05:19 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-717413042-2411848176-2783751854-1001Core.job
[2012/07/02 13:39:04 | 000,000,944 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-717413042-2411848176-2783751854-1001UA.job
[2012/06/22 08:58:18 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >

July 2, 2012

Hello to all the community, this is my first post as I saw the experts over here are really concerned and prepared about helping people solve their virus problems.

I've been experiencing infections for a couple days now. It all started one day when I tried to go on google or gmail as usual and a weird message saying "SSL Certificate has been signed using weak hashing algorithm", which sounded weird because those sites are really protected and up to date with their certificates everytime. I thought it was a rootkit problem in the first place, or some sort of malware trying to modify and access my registry. In the following days this problem apparently went away, coming and going every once in a while. All my antivirus programs would not show any results but after a while I had a message with Avast saying I had a "Trojan Atraps-PF". Those messages kept popping up every 10 minutes and Avast told me it had removed it, but it kept coming back until I turned my pc off. The following day everything had disappeared, but with a Malwarebytes scan I found the presence of this virus called "Trojan Dropper BC-Miner". As usual (I've read other topics) the problem is that it keeps removing it but it will eventually show up at the next start, slowing down the computer. I have not experienced what I read about ads playing in the background nor my pc seems to be slowed down. I just feel like my confidential informations are violated so I need to remove this.

I read the section rules and completed a scan with the DOS program, from which I attach the reports (both DDS.txt and Attach.txt).

I would appreciate if someone can help me as it is driving me crazy just to identificate which specifical problem/virus is my computer experiencing/facing.

Thanks in advice!

Attach.txt

DDS.txt

Sign In

Stratusphere

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Posts posted by Stratusphere

[Win7] Trojan Dropper BC-Miner and various problems

[Win7] Trojan Dropper BC-Miner and various problems

[Win7] Trojan Dropper BC-Miner and various problems

[Win7] Trojan Dropper BC-Miner and various problems

[Win7] Trojan Dropper BC-Miner and various problems

[Win7] Trojan Dropper BC-Miner and various problems

[Win7] Trojan Dropper BC-Miner and various problems

[Win7] Trojan Dropper BC-Miner and various problems

[Win7] Trojan Dropper BC-Miner and various problems

[Win7] Trojan Dropper BC-Miner and various problems

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information