Pc slow and little freezes

[Mascella]

Hi all, lately my pc is really slow at startup, plus while running it's not rare that I get some freezes, in particular using web Browsers like Firefox. I'm running Windows 7 ultimate and I got Microsoft Security essentials as Antivirus.

Here's my log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10.45.39, on 27/02/2010

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

C:\Program Files (x86)\Freecorder\FLVSrvc.exe

C:\Windows\SysWOW64\jusched.exe

C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe

C:\Program Files (x86)\MagicDisc\MagicDisc.exe

C:\Program Files (x86)\League of Legends\lol.launcher.exe

C:\Users\Bill\AppData\Local\Temp\Zvd.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://italian.ircfast.com/it/index.php?rvs=hompag

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll

O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll

O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [brMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN

O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"

O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [indexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"

O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"

O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"

O4 - HKLM\..\Run: [updateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [updatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"

O4 - HKLM\..\Run: [updatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\Users\Bill\AppData\Local\Temp\Zvd.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')

O8 - Extra context menu item: &AOL Toolbar Cerca - C:\ProgramData\AOL\ieToolbar\resources\it-IT\local\search.html

O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - (no file)

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Servizio stato di ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Windows\SysWOW64\nvSCPAPISvr.exe

O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11243 bytes

[Mascella]

I forgot to mention I did Microsoft security essentials fast scan, Spybot scan, Advanced System Care Pro full scan, Mbam fast scan, and thy all found something, resolved, but pc still slow...

[kahdah]

Hello Mascella

Welcome to Malwarebytes.

=====================

• Download OTL to your desktop.
  
• Double click on OTL to run it.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Under Custom scan's and fixes section paste in the below in bold
  

  
  

  netsvcs
  
  
  %SYSTEMDRIVE%\*.*
  
  
  %systemroot%\system32\*.dll /lockedfiles
  
  
  %systemroot%\Tasks\*.job /lockedfiles
  
  
  %systemroot%\System32\config\*.sav
  
  
  %systemroot%\system32\drivers\*.sys /90
  
  
  %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

  
  

• Check the boxes beside LOP Check and Purity Check.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    

[Mascella]

OTL.txt content:

OTL logfile created on: 13/07/2010 14.51.33 - Run 1

OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Bill\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free

8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 581,78 Gb Total Space | 200,67 Gb Free Space | 34,49% Space Free | Partition Type: NTFS

Drive D: | 14,39 Gb Total Space | 1,97 Gb Free Space | 13,69% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 298,02 Gb Total Space | 38,79 Gb Free Space | 13,01% Space Free | Partition Type: FAT32

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PC-BILL

Current User Name: Bill

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Bill\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\stunnel\stunnel.exe ()

PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)

PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)

PRC - C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe (Brother Industries, Ltd.)

PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe (Brother Industries, Ltd.)

PRC - C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Users\Bill\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found

SRV:64bit: - (npggsvc) -- C:\Windows\SysNative\GameMon.des File not found

SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)

SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)

SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (Akamai) -- c:\program files (x86)\common files\akamai\rswin_3725.dll ()

SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)

SRV - (stunnel) -- C:\Program Files (x86)\stunnel\stunnel.exe ()

SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)

SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()

SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (BioWare)

SRV - (NMSAccessU) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()

SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64j.sys File not found

DRV:64bit: - (upperdev) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys File not found

DRV:64bit: - (NPPTNT2) -- C:\Windows\SysNative\npptNT2.sys File not found

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()

DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()

DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()

DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)

DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)

DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)

DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)

DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)

DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)

DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()

DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (FlashUSB) -- C:\Windows\SysNative\drivers\FlashUSB_x64.sys (Danish Wireless Design A/S)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )

DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)

DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)

DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)

DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)

DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)

DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek Corporation )

DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)

DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)

DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()

DRV - (FlashUSB) -- C:\Windows\SysWOW64\drivers\FlashUsb_x64.sys (Danish Wireless Design A/S)

DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)

DRV - (PCD5SRVC{8AAF211B-043E02A9-05040000}) -- C:\Programmi\PC-Doctor for Windows\pcd5srvc_x64.pkms (PC-Doctor, Inc.)

DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows ® Server 2003 DDK provider)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data over 100 bytes]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://italian.ircfast.com/it/index.php?rvs=hompag

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8095

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Hoepli"

FF - prefs.js..browser.startup.homepage: "www.google.it"

FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11

FF - prefs.js..extensions.enabledItems: {2832ABCD-4444-1012-2D45-132D5447C445}:1.0.0

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.22

FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732

FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.6

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/11/10 20.36.23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files (x86)\AutocompletePro\support@predictad.com [2010/03/27 17.49.52 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/06/30 18.25.26 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/06/30 18.50.14 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/28 13.43.57 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/05 16.23.07 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/06/30 18.25.27 | 000,000,000 | ---D | M]

[2009/11/10 20.45.13 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\mozilla\Extensions

[2009/06/13 12.02.55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bill\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/05/23 21.43.13 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

[2010/07/13 11.11.05 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\mozilla\Firefox\Profiles\k5oyo7oh.default\extensions

[2010/05/15 07.08.35 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Bill\AppData\Roaming\mozilla\Firefox\Profiles\k5oyo7oh.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

[2010/05/28 16.44.58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bill\AppData\Roaming\mozilla\Firefox\Profiles\k5oyo7oh.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

[2009/11/10 20.45.13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Bill\AppData\Roaming\mozilla\Firefox\Profiles\k5oyo7oh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/05/10 15.59.50 | 000,000,000 | ---D | M] (Beemp3 Search ToolBar) -- C:\Users\Bill\AppData\Roaming\mozilla\Firefox\Profiles\k5oyo7oh.default\extensions\{2832ABCD-4444-1012-2D45-132D5447C445}

[2010/05/16 21.24.40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions

[2010/06/28 13.43.57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/11/10 20.29.23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009/11/10 20.29.23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

[2009/12/03 17.14.25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

[2010/04/02 09.01.14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

[2010/05/16 21.24.40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/06/28 13.43.55 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll

[2010/06/28 13.43.55 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll

[2007/04/10 17.21.08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll

[2008/09/04 02.11.24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npbittorrent.dll

[2010/04/12 17.29.19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2009/11/14 02.47.38 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll

[2010/06/28 13.43.56 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll

[2009/09/25 08.02.40 | 000,098,304 | ---- | M] (OGPlanet Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npOGPPlugin.dll

[2010/06/19 21.34.11 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll

[2009/07/28 23.20.23 | 000,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll

[2010/01/16 12.16.28 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll

[2010/01/16 12.16.28 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll

[2010/01/16 12.16.28 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll

[2010/01/16 12.16.28 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll

[2010/01/16 12.16.28 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll

[2010/01/16 12.16.28 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll

[2010/01/16 12.16.29 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll

[2009/07/28 23.20.31 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll

[2009/07/28 23.20.17 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll

[2010/06/12 01.26.31 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml

[2010/06/12 01.26.31 | 000,000,744 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-it.xml

[2010/06/12 01.26.31 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml

[2010/06/12 01.26.31 | 000,000,825 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\hoepli.xml

[2010/06/12 01.26.31 | 000,001,182 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-it.xml

[2010/06/12 01.26.31 | 000,000,953 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2010/06/20 23.43.22 | 000,000,861 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: copyright © 1993-1999 microsoft corp.

O1 - Hosts: this is a sample hosts file used by microsoft tcp/ip for windows.

O1 - Hosts: this file contains the mappings of ip addresses to host names. each

O1 - Hosts: entry should be kept on an individual line. the ip address should

O1 - Hosts: be placed in the first column followed by the corresponding host name.

O1 - Hosts: the ip address and the host name should be separated by at least one

O1 - Hosts: space.

O1 - Hosts: additionally

O1 - Hosts: comments (such as these) may be inserted on individual

O1 - Hosts: lines or following the machine name denoted by a "

O1 - Hosts: for example:

O1 - Hosts: 102.54.94.97 rhino.acme.com

O1 - Hosts: 38.25.63.10 x.acme.com

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: custom host downloaded from lineage2thegame.com

O1 - Hosts: 78.46.17.80 l2authd.lineage2.com

O1 - Hosts: 78.46.17.80 l2patcher.lineage2.com

O1 - Hosts: alternative gameguard server hosted here

O1 - Hosts: 78.46.17.80 nprotect.lineage2.com

O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)

O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [smartMenu] C:\Programmi\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [indexSearch] C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE (Microsoft)

O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PPort11reminder] C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [sSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O9 - Extra Button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Value error. File not found

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O24 - Desktop WallPaper: C:\Users\Bill\AppData\Roaming\Microsoft\Windows Photo Gallery\Sfondo della Raccolta foto Windows.jpg

O24 - Desktop BackupWallPaper: C:\Users\Bill\AppData\Roaming\Microsoft\Windows Photo Gallery\Sfondo della Raccolta foto Windows.jpg

O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{15b36c6e-fc2f-11de-92b2-00248c143306}\Shell - "" = AutoRun

O33 - MountPoints2\{15b36c6e-fc2f-11de-92b2-00248c143306}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found

O33 - MountPoints2\K\Shell - "" = AutoRun

O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/13 14.48.57 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Bill\Desktop\OTL.exe

[2010/07/13 11.35.05 | 000,000,000 | ---D | C] -- C:\Users\Bill\Documents\LDW

[2010/07/13 11.34.47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual Villagers 4 - The Tree of Life

[2010/07/09 13.00.08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FirmwareUpdate

[2010/07/08 17.07.25 | 000,020,480 | ---- | C] (Danish Wireless Design A/S) -- C:\Windows\SysWow64\drivers\FlashUsb_x64.sys

[2010/07/08 17.07.25 | 000,020,480 | ---- | C] (Danish Wireless Design A/S) -- C:\Windows\SysNative\drivers\FlashUSB_x64.sys

[2010/07/08 17.07.25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\infineon

[2010/07/08 17.06.41 | 000,000,000 | ---D | C] -- C:\KP500

[2010/07/08 16.57.55 | 000,000,000 | ---D | C] -- C:\ProgramData\LGMOBILEAX

[2010/07/08 16.55.49 | 000,000,000 | ---D | C] -- C:\Users\Bill\Documents\backup telefono antonella

[2010/07/07 10.33.26 | 000,000,000 | ---D | C] -- C:\Users\Bill\Documents\Singularity

[2010/07/07 07.42.08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution

[2010/07/06 23.41.29 | 000,000,000 | ---D | C] -- C:\Users\Bill\Documents\Ovi

[2010/07/04 13.53.06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PSX Games for Windows

[2010/07/03 16.39.32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Games

[2010/07/03 15.45.48 | 000,000,000 | ---D | C] -- C:\Users\Bill\Documents\majesty2

[2010/07/03 15.41.59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Majesty 2

[2010/07/02 16.52.18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kwyshell

[2010/06/30 19.00.52 | 000,000,000 | ---D | C] -- C:\Users\Bill\Documents\Nokia musica

[2010/06/30 18.50.14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PCSuite

[2010/06/30 18.41.29 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia

[2010/06/30 18.36.25 | 000,000,000 | ---D | C] -- C:\Users\Bill\AppData\Local\NokiaAccount

[2010/06/30 18.36.25 | 000,000,000 | ---D | C] -- C:\Users\Bill\AppData\Local\Nokia

[2010/06/30 17.54.22 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache

[2010/06/28 09.08.16 | 000,000,000 | ---D | C] -- C:\ProgramData\Ice-Pick Lodge

[2010/06/28 09.04.51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Void

[2010/06/27 14.16.11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paradox Entertainment

[2010/06/23 17.27.41 | 000,000,000 | ---D | C] -- C:\Users\Bill\Documents\TmForever

[2010/06/23 17.27.41 | 000,000,000 | ---D | C] -- C:\ProgramData\TmForever

[2010/06/23 17.16.31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TmNationsForever

[2010/06/23 15.47.59 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\Windows\SysWow64\D3DX81ab.dll

[2010/06/23 15.47.56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine

[2010/06/23 14.13.03 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll

[2010/06/23 14.13.02 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll

[2010/06/23 14.13.02 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll

[2010/06/23 14.13.02 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe

[2010/06/23 14.13.02 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe

[2010/06/23 14.13.02 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll

[2010/06/23 14.13.02 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll

[2010/06/23 14.13.02 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll

[2010/06/23 14.12.10 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll

[2010/06/23 14.12.09 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll

[2010/06/23 14.12.09 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll

[2010/06/23 14.12.08 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll

[2010/06/23 14.12.08 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax

[2010/06/23 14.12.08 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax

[2010/06/23 14.12.08 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax

[2010/06/23 14.12.08 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax

[2010/06/22 21.51.43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner

[2010/06/22 18.55.57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicTG

[2010/06/22 09.47.38 | 000,000,000 | ---D | C] -- C:\FU_Backup

[2010/06/22 09.47.38 | 000,000,000 | ---D | C] -- C:\Users\Bill\AppData\Roaming\CheeseSoft

[2010/06/22 09.47.24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FinalUninstaller

[2010/06/21 15.57.45 | 000,000,000 | ---D | C] -- C:\Users\Bill\Documents\THE SETTLERS - Rise of an Empire

[2010/06/21 15.29.05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite

[2010/06/20 14.16.51 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys

[2010/06/20 14.05.32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCsoft

[2010/06/20 12.24.23 | 000,000,000 | ---D | C] -- C:\Users\Bill\AppData\Roaming\WinMount

[2010/06/20 12.24.00 | 000,063,968 | ---- | C] (WinMount International Inc) -- C:\Windows\SysWow64\drivers\WMDrive.sys

[2010/06/20 12.24.00 | 000,000,000 | ---D | C] -- C:\Programmi\WinMount

[2010/06/19 18.17.34 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT

[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/13 14.55.04 | 009,961,472 | -HS- | M] () -- C:\Users\Bill\NTUSER.DAT

[2010/07/13 14.49.05 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Bill\Desktop\OTL.exe

[2010/07/13 11.34.56 | 000,002,343 | ---- | M] () -- C:\Users\Bill\Desktop\Virtual Villagers 4 - The Tree of Life.lnk

[2010/07/13 09.21.18 | 000,013,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/07/13 09.21.18 | 000,013,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/07/13 09.13.23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/07/13 09.13.16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/07/13 09.13.07 | 3220,615,168 | -HS- | M] () -- C:\hiberfil.sys

[2010/07/12 23.38.13 | 009,962,537 | -H-- | M] () -- C:\Users\Bill\AppData\Local\IconCache.db

[2010/07/11 14.59.32 | 000,291,299 | ---- | M] () -- C:\Users\Bill\Desktop\lmc.zip

[2010/07/10 15.04.45 | 000,214,720 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2010/07/10 15.04.45 | 000,214,720 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2010/07/09 16.56.20 | 001,638,102 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/07/09 16.56.20 | 000,732,986 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat

[2010/07/09 16.56.20 | 000,645,396 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/07/09 16.56.20 | 000,144,864 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat

[2010/07/09 16.56.20 | 000,119,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/07/08 17.13.44 | 000,002,413 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini

[2010/07/08 17.13.25 | 000,000,821 | ---- | M] () -- C:\Users\Bill\Desktop\LGMobile update.lnk

[2010/07/07 10.28.05 | 000,002,273 | ---- | M] () -- C:\Users\Public\Desktop\Singularity.lnk

[2010/07/07 07.43.04 | 000,002,065 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk

[2010/07/05 16.23.08 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/07/03 16.40.34 | 000,000,564 | ---- | M] () -- C:\Windows\WORDPAD.INI

[2010/07/03 15.41.59 | 000,000,800 | ---- | M] () -- C:\Users\Bill\Desktop\Majesty 2.lnk

[2010/06/30 18.56.04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf

[2010/06/30 18.50.15 | 000,002,040 | ---- | M] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk

[2010/06/30 18.25.58 | 000,002,132 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk

[2010/06/30 11.04.38 | 000,001,013 | ---- | M] () -- C:\Users\Bill\Desktop\SpeedFan.lnk

[2010/06/30 11.04.37 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo

[2010/06/29 09.42.25 | 000,007,609 | ---- | M] () -- C:\Users\Bill\AppData\Local\Resmon.ResmonCfg

[2010/06/29 01.42.48 | 000,001,041 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk

[2010/06/28 10.07.56 | 000,000,110 | ---- | M] () -- C:\Windows\SysWow64\~.inf

[2010/06/28 09.08.22 | 000,001,185 | ---- | M] () -- C:\Users\Bill\Desktop\The Void.lnk

[2010/06/23 17.17.55 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\TmNationsForever.lnk

[2010/06/23 15.48.04 | 000,000,989 | ---- | M] () -- C:\Users\Bill\Desktop\Cheat Engine.lnk

[2010/06/23 10.17.09 | 000,467,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/06/22 21.51.47 | 000,001,891 | ---- | M] () -- C:\Users\Bill\Desktop\CCleaner.lnk

[2010/06/22 18.57.11 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\Magic TG Launcher.lnk

[2010/06/22 18.55.18 | 000,127,936 | ---- | M] () -- C:\Users\Bill\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/06/21 15.57.30 | 000,000,802 | ---- | M] () -- C:\Users\Bill\Desktop\THE SETTLERS - Rise of an Empire - collegamento.lnk

[2010/06/21 15.40.10 | 000,828,912 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys

[2010/06/20 23.43.22 | 000,000,861 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2010/06/20 23.37.15 | 000,001,256 | ---- | M] () -- C:\Users\Bill\Desktop\Lineage II TheGame.lnk

[2010/06/20 12.24.00 | 000,063,968 | ---- | M] (WinMount International Inc) -- C:\Windows\SysWow64\drivers\WMDrive.sys

[2010/06/19 18.18.07 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml

[2010/06/19 18.18.07 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml

[2010/06/15 15.36.25 | 000,001,312 | ---- | M] () -- C:\Users\Public\Desktop\Serious Sam HD The First Encounter.lnk

[2010/06/15 13.20.44 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job

[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/13 11.34.55 | 000,002,343 | ---- | C] () -- C:\Users\Bill\Desktop\Virtual Villagers 4 - The Tree of Life.lnk

[2010/07/11 14.37.25 | 000,291,299 | ---- | C] () -- C:\Users\Bill\Desktop\lmc.zip

[2010/07/08 16.58.14 | 000,000,821 | ---- | C] () -- C:\Users\Bill\Desktop\LGMobile update.lnk

[2010/07/08 16.58.10 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll

[2010/07/08 16.58.10 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini

[2010/07/07 10.28.05 | 000,002,273 | ---- | C] () -- C:\Users\Public\Desktop\Singularity.lnk

[2010/07/07 07.43.04 | 000,002,065 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk

[2010/07/03 15.41.59 | 000,000,800 | ---- | C] () -- C:\Users\Bill\Desktop\Majesty 2.lnk

[2010/06/30 18.56.04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf

[2010/06/30 18.50.15 | 000,002,040 | ---- | C] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk

[2010/06/30 18.25.58 | 000,002,132 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk

[2010/06/30 11.04.38 | 000,001,013 | ---- | C] () -- C:\Users\Bill\Desktop\SpeedFan.lnk

[2010/06/28 09.08.22 | 000,001,185 | ---- | C] () -- C:\Users\Bill\Desktop\The Void.lnk

[2010/06/23 17.17.55 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\TmNationsForever.lnk

[2010/06/23 15.48.04 | 000,000,989 | ---- | C] () -- C:\Users\Bill\Desktop\Cheat Engine.lnk

[2010/06/23 15.47.59 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll

[2010/06/22 21.51.47 | 000,001,891 | ---- | C] () -- C:\Users\Bill\Desktop\CCleaner.lnk

[2010/06/22 18.57.11 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\Magic TG Launcher.lnk

[2010/06/21 15.57.30 | 000,000,802 | ---- | C] () -- C:\Users\Bill\Desktop\THE SETTLERS - Rise of an Empire - collegamento.lnk

[2010/06/20 23.37.15 | 000,001,256 | ---- | C] () -- C:\Users\Bill\Desktop\Lineage II TheGame.lnk

[2010/06/20 14.16.51 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd

[2010/06/15 15.36.25 | 000,001,312 | ---- | C] () -- C:\Users\Public\Desktop\Serious Sam HD The First Encounter.lnk

[2010/05/17 11.27.35 | 000,237,568 | R--- | C] () -- C:\Windows\SysWow64\qtmlClient.dll

[2010/05/17 11.27.35 | 000,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini

[2010/02/21 18.50.40 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys

[2009/11/10 20.17.34 | 001,577,134 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2009/11/10 20.16.11 | 000,000,413 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2009/11/10 20.16.11 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI

[2009/11/06 11.58.04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2009/09/03 11.09.18 | 000,000,125 | ---- | C] () -- C:\Windows\topocr.INI

[2009/08/27 10.19.38 | 000,000,564 | ---- | C] () -- C:\Windows\WORDPAD.INI

[2009/07/21 23.12.34 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll

[2009/07/21 09.59.40 | 000,031,652 | ---- | C] () -- C:\Windows\maxlink.ini

[2009/07/14 01.42.10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 23.03.59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/12 00.28.32 | 000,041,808 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll

[2009/05/12 19.36.08 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini

[2009/05/09 18.16.35 | 000,000,012 | ---- | C] () -- C:\Windows\dirsaver.ini

[2009/01/26 11.45.59 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll

[2009/01/26 11.45.59 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll

[2008/10/07 09.13.22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2008/10/07 09.13.20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2008/10/07 09.13.20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2008/10/07 09.13.20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2008/10/07 09.13.20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2008/10/07 09.13.20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2008/10/07 09.13.20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2008/10/07 09.13.20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2008/10/07 09.13.20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2008/04/15 04.20.46 | 000,237,568 | ---- | C] () -- C:\Windows\glut32.dll

[2005/09/01 16.20.46 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\vspxcore.dll

[1997/11/10 15.18.48 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll

========== LOP Check ==========

[2009/06/28 11.38.30 | 000,000,000 | -HSD | M] -- C:\Users\Bill\AppData\Roaming\.#

[2010/01/21 15.40.11 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\AnvSoft

[2010/02/17 22.48.26 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Atari

[2009/11/10 20.44.58 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Azureus

[2009/11/10 20.44.58 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Bioshock

[2010/03/05 18.54.13 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Bioshock2

[2010/07/13 14.48.34 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\BitTorrent

[2009/11/10 20.44.59 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Braid

[2010/03/22 22.19.05 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\BSplayer

[2010/03/22 22.09.43 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\BSplayer Pro

[2010/04/26 06.19.55 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Camfrog

[2010/02/21 18.50.51 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Canneverbe Limited

[2009/11/10 20.44.59 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Canneverbe_Limited

[2010/06/22 09.47.38 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\CheeseSoft

[2009/11/10 20.44.59 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\DAEMON Tools Lite

[2009/12/07 07.42.48 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\DNA

[2010/03/13 18.15.03 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\DreamDale

[2010/03/27 17.50.02 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Free Mp3 Wma Ogg Converter

[2009/12/13 12.08.20 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\GameRanger

[2010/05/07 09.58.02 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\GamesCafe

[2010/05/28 16.50.40 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\GARMIN

[2009/11/10 20.44.59 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\GetRightToGo

[2010/02/01 12.31.22 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\gnupg

[2009/12/07 07.40.42 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\IObit

[2009/11/10 20.45.00 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\LG Electronics

[2010/07/09 12.41.43 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\LimeWire

[2010/02/10 22.26.28 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Live-Prod

[2010/05/17 11.39.36 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\LockHunter

[2010/05/12 19.12.59 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\LolClient

[2009/11/23 20.19.45 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1

[2009/11/10 20.45.03 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\M05

[2010/03/13 18.10.02 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\MagicBall4

[2010/02/02 13.22.33 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Mount&Blade

[2010/04/25 14.07.15 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Mount&Blade Warband

[2010/06/30 18.36.30 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Nokia

[2009/11/10 20.45.13 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\OpenOffice.org

[2010/06/30 17.41.11 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\PC Suite

[2010/04/24 08.46.18 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\PopCapv1002

[2010/04/23 13.09.36 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\PopCapv1005eni

[2010/05/17 11.35.37 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\proDAD

[2009/11/10 20.45.14 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Red Alert 3

[2009/12/13 12.01.51 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\runic games

[2009/11/10 20.45.14 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Screaming Bee

[2009/11/10 20.45.14 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Sierra

[2010/02/11 14.32.10 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\TeamViewer

[2009/05/20 16.39.44 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Template

[2009/11/10 20.45.15 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\The Creative Assembly

[2009/12/18 11.57.00 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Tropico 3

[2010/02/26 15.19.01 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\TS3Client

[2010/03/14 10.55.18 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Ubisoft

[2009/12/28 12.35.29 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\uTorrent

[2009/11/10 20.45.16 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\WinBatch

[2010/06/20 12.25.23 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\WinMount

[2009/11/10 20.45.16 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\Wippien

[2009/11/10 20.45.16 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\XRay Engine

[2010/06/15 13.20.44 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\PCDRScheduledMaintenance.job

[2010/06/02 22.18.40 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2010/05/17 11.22.44 | 000,899,696 | ---- | M] () -- C:\adorage-protocol.txt

[2009/06/11 18.57.14 | 000,065,536 | ---- | M] () -- C:\Bmix.dat

[2009/07/14 03.38.58 | 000,383,562 | RHS- | M] () -- C:\bootmgr

[2009/11/10 20.11.07 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2009/06/11 18.57.14 | 000,065,536 | ---- | M] () -- C:\Breflect.dat

[2007/11/07 08.00.40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt

[2007/11/07 08.00.40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt

[2007/11/07 08.00.40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt

[2007/11/07 08.00.40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt

[2007/11/07 08.00.40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt

[2007/11/07 08.00.40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt

[2007/11/07 08.00.40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt

[2007/11/07 08.00.40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt

[2007/11/07 08.00.40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt

[2009/08/20 22.30.57 | 000,000,000 | ---- | M] () -- C:\fftoutput.txt

[2010/04/03 18.28.13 | 000,000,375 | ---- | M] () -- C:\FINIS_IT.TXT

[2007/11/07 08.00.40 | 000,001,110 | ---- | M] () -- C:\globdata.ini

[2009/11/10 22.10.28 | 000,203,316 | RHS- | M] () -- C:\grldr

[2010/07/13 09.13.07 | 3220,615,168 | -HS- | M] () -- C:\hiberfil.sys

[2010/03/08 21.24.03 | 000,001,164 | ---- | M] () -- C:\ijjiFFPlugin.log

[2007/11/07 08.03.18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

[2007/11/07 08.00.40 | 000,000,843 | ---- | M] () -- C:\install.ini

[2007/11/07 08.03.18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll

[2007/11/07 08.03.18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll

[2007/11/07 08.03.18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll

[2007/11/07 08.03.18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll

[2007/11/07 08.03.18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll

[2007/11/07 08.03.18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll

[2007/11/07 08.03.18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll

[2007/11/07 08.03.18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll

[2007/11/07 08.03.18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll

[2006/12/01 23.37.14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll

[2010/07/13 09.13.13 | 4294,156,288 | -HS- | M] () -- C:\pagefile.sys

[2007/11/07 08.00.40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp

[2007/11/07 08.09.22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab

[2007/11/07 08.12.28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

[2009/11/10 22.10.42 | 000,000,003 | RHS- | M] () -- C:\win7ldr

< %systemroot%\system32\*.dll /lockedfiles >

[2009/07/14 03.16.13 | 000,163,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\scrrun.dll

[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

[2010/04/29 15.39.38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys

[2010/06/20 12.24.00 | 000,063,968 | ---- | M] (WinMount International Inc) -- C:\Windows\SysWOW64\drivers\WMDrive.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

========== Alternate Data Streams ==========

@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:364682BC

< End of report >

[Mascella]

Extras.txt content:

OTL Extras logfile created on: 13/07/2010 14.51.33 - Run 1

OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Bill\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free

8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 581,78 Gb Total Space | 200,67 Gb Free Space | 34,49% Space Free | Partition Type: NTFS

Drive D: | 14,39 Gb Total Space | 1,97 Gb Free Space | 13,69% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 298,02 Gb Total Space | 38,79 Gb Free Space | 13,01% Space Free | Partition Type: FAT32

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PC-BILL

Current User Name: Bill

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)

"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- (Nexon)

"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)

"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- (Nexon)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\BitTorrent\bittorrent.exe" = C:\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)

"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- (Nexon)

"C:\BitTorrent\bittorrent.exe" = C:\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)

"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- (Nexon)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)

"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer

[kahdah]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  [2009/06/28 11.38.30 | 000,000,000 | -HSD | M] -- C:\Users\Bill\AppData\Roaming\.#
  
  
  :Commands
  [emptytemp]
  [resethosts]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot when it is done
  
• It will produce a log for you on reboot, please post that log in your next reply.
  

================================Malwarebytes' Anti-Malware=================================

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

• Click on the update tab then click on Check for updates.
  
• If an update is found, it will download and install the latest version.
  
• Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

================================Online scan=================================

* Go here to run an online scannner from ESET.

• Note: You will need to use Internet explorer for this scan
  
• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start
  
• When asked, allow the activex control to install
  
• Click Start
  
• Check next options: Remove found threats and Scan unwanted applications.
  
• Click Scan
  
• Wait for the scan to finish
  
• Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

[Mascella]

OST procedure:

All processes killed

========== OTL ==========

C:\Users\Bill\AppData\Roaming\.# folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Bill

->Temp folder emptied: 106936217 bytes

->Temporary Internet Files folder emptied: 52350574 bytes

->Java cache emptied: 79197726 bytes

->FireFox cache emptied: 36198916 bytes

->Flash cache emptied: 2784 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41620 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 978944 bytes

%systemroot%\System32 .tmp files removed: 848291 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1212599 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50455 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 265,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.9.0 log created on 07132010_184253

Files\Folders moved on Reboot...

C:\Users\Bill\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File\Folder C:\Users\Bill\AppData\Local\Temp\~DF0850FC6EF3C0224C.TMP not found!

File\Folder C:\Users\Bill\AppData\Local\Temp\~DF0F6C5186DF910936.TMP not found!

File\Folder C:\Users\Bill\AppData\Local\Temp\~DF102D1DA97041D7DE.TMP not found!

File\Folder C:\Users\Bill\AppData\Local\Temp\~DF2EB8D6BD80829885.TMP not found!

File\Folder C:\Users\Bill\AppData\Local\Temp\~DF8BF68A5BB0F952C5.TMP not found!

File\Folder C:\Users\Bill\AppData\Local\Temp\~DFBE98FB67D069F7FF.TMP not found!

File\Folder C:\Users\Bill\AppData\Local\Mozilla\Firefox\Profiles\k5oyo7oh.default\Cache\_CACHE_001_ not found!

File\Folder C:\Users\Bill\AppData\Local\Mozilla\Firefox\Profiles\k5oyo7oh.default\Cache\_CACHE_002_ not found!

Registry entries deleted on Reboot...

[kahdah]

Great please post the other logs when those are complete.

Thank you.

[Mascella]

I closed internet explorer by mistake when scan was at 99%....

This night I will keep running again ESET and full Mbam scan and tomorrow morning I'll post results...

[kahdah]

Oh ok no problem post when you can.

[Mascella]

Mbam log (It's not in english, but it didn't find anything):

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Versione database: 4298

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

14/07/2010 0.51.10

mbam-log-2010-07-14 (00-51-10).txt

Tipo di scansione: Scansione completa (C:\|D:\|F:\|)

Elementi esaminati: 476491

Tempo trascorso: 1 ore, 56 minuti, 40 secondi

Processi infetti in memoria: 0

Moduli di memoria infetti: 0

Chiavi di registro infette: 0

Valori di registro infetti: 0

Voci infette nei dati di registro: 0

Cartelle infette: 0

File infetti: 0

Processi infetti in memoria:

(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:

(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:

(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:

(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:

(Non sono stati rilevati elementi nocivi)

Cartelle infette:

(Non sono stati rilevati elementi nocivi)

File infetti:

(Non sono stati rilevati elementi nocivi)

Eset scan did found 5 threats the first time I ran it and closed by mistake at 99%, and 1 the second time, but it didn't save any LOG file (now I uninstalled it).

[kahdah]

Ok how are things running?

• Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.
    

[Mascella]

Things are still running kinda slow (but faster than before)... At this point I'm starting to think about overheating or too many GB of things around my Hard Disk... The strange is that things changed suddenly...

OTL Log:

OTL logfile created on: 15/07/2010 10.06.53 - Run 2

OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Bill\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free

8,00 Gb Paging File | 6,00 Gb Available in Paging File | 78,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 581,78 Gb Total Space | 197,25 Gb Free Space | 33,90% Space Free | Partition Type: NTFS

Drive D: | 14,39 Gb Total Space | 1,97 Gb Free Space | 13,69% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 298,02 Gb Total Space | 39,16 Gb Free Space | 13,14% Space Free | Partition Type: FAT32

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: PC-BILL

Current User Name: Bill

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Bill\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\stunnel\stunnel.exe ()

PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()

PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)

PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)

PRC - C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe (Brother Industries, Ltd.)

PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe (Brother Industries, Ltd.)

PRC - C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Users\Bill\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found

SRV:64bit: - (npggsvc) -- C:\Windows\SysNative\GameMon.des File not found

SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)

SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)

SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (Akamai) -- c:\program files (x86)\common files\akamai\rswin_3725.dll ()

SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)

SRV - (stunnel) -- C:\Program Files (x86)\stunnel\stunnel.exe ()

SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)

SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)

SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()

SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (BioWare)

SRV - (NMSAccessU) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()

SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64j.sys File not found

DRV:64bit: - (upperdev) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys File not found

DRV:64bit: - (NPPTNT2) -- C:\Windows\SysNative\npptNT2.sys File not found

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()

DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()

DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()

DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)

DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)

DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)

DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)

DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)

DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)

DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()

DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (FlashUSB) -- C:\Windows\SysNative\drivers\FlashUSB_x64.sys (Danish Wireless Design A/S)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )

DRV:64bit: - (mcdbus) -- C:\Windows\SysNative\drivers\mcdbus.sys (MagicISO, Inc.)

DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)

DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)

DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)

DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)

DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\drivers\Rtlh64.sys (Realtek Corporation )

DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)

DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)

DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()

DRV - (FlashUSB) -- C:\Windows\SysWOW64\drivers\FlashUsb_x64.sys (Danish Wireless Design A/S)

DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)

DRV - (PCD5SRVC{8AAF211B-043E02A9-05040000}) -- C:\Programmi\PC-Doctor for Windows\pcd5srvc_x64.pkms (PC-Doctor, Inc.)

DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows ® Server 2003 DDK provider)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data over 100 bytes]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://italian.ircfast.com/it/index.php?rvs=hompag

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:8095

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Hoepli"

FF - prefs.js..browser.startup.homepage: "www.google.it"

FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11

FF - prefs.js..extensions.enabledItems: {2832ABCD-4444-1012-2D45-132D5447C445}:1.0.0

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.22

FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732

FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.6

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/11/10 20.36.23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\support@predictad.com: C:\Program Files (x86)\AutocompletePro\support@predictad.com [2010/03/27 17.49.52 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/06/30 18.25.26 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/06/30 18.50.14 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/28 13.43.57 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/07/05 16.23.07 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/06/30 18.25.27 | 000,000,000 | ---D | M]

[2009/11/10 20.45.13 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\mozilla\Extensions

[2009/06/13 12.02.55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bill\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2009/05/23 21.43.13 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org

[2010/07/14 14.12.09 | 000,000,000 | ---D | M] -- C:\Users\Bill\AppData\Roaming\mozilla\Firefox\Profiles\k5oyo7oh.default\extensions

[2010/05/15 07.08.35 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Bill\AppData\Roaming\mozilla\Firefox\Profiles\k5oyo7oh.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

[2010/05/28 16.44.58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bill\AppData\Roaming\mozilla\Firefox\Profiles\k5oyo7oh.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}

[2009/11/10 20.45.13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Bill\AppData\Roaming\mozilla\Firefox\Profiles\k5oyo7oh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/05/10 15.59.50 | 000,000,000 | ---D | M] (Beemp3 Search ToolBar) -- C:\Users\Bill\AppData\Roaming\mozilla\Firefox\Profiles\k5oyo7oh.default\extensions\{2832ABCD-4444-1012-2D45-132D5447C445}

[2010/05/16 21.24.40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions

[2010/06/28 13.43.57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2009/11/10 20.29.23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

[2009/11/10 20.29.23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

[2009/12/03 17.14.25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

[2010/04/02 09.01.14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

[2010/05/16 21.24.40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/06/28 13.43.55 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll

[2010/06/28 13.43.55 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll

[2007/04/10 17.21.08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll

[2008/09/04 02.11.24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npbittorrent.dll

[2010/04/12 17.29.19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2009/11/14 02.47.38 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npDivxPlayerPlugin.dll

[2010/06/28 13.43.56 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll

[2009/09/25 08.02.40 | 000,098,304 | ---- | M] (OGPlanet Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npOGPPlugin.dll

[2010/06/19 21.34.11 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll

[2009/07/28 23.20.23 | 000,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll

[2010/01/16 12.16.28 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll

[2010/01/16 12.16.28 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll

[2010/01/16 12.16.28 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll

[2010/01/16 12.16.28 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll

[2010/01/16 12.16.28 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll

[2010/01/16 12.16.28 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll

[2010/01/16 12.16.29 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll

[2009/07/28 23.20.31 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nprjplug.dll

[2009/07/28 23.20.17 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpjplug.dll

[2010/06/12 01.26.31 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml

[2010/06/12 01.26.31 | 000,000,744 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-it.xml

[2010/06/12 01.26.31 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml

[2010/06/12 01.26.31 | 000,000,825 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\hoepli.xml

[2010/06/12 01.26.31 | 000,001,182 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-it.xml

[2010/06/12 01.26.31 | 000,000,953 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2010/07/13 18.43.48 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (SimplyGen)

O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\tbFree.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [smartMenu] C:\Programmi\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [indexSearch] C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE (Microsoft)

O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PPort11reminder] C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [sSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O9 - Extra Button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - Reg Error: Value error. File not found

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O24 - Desktop WallPaper: C:\Users\Bill\AppData\Roaming\Microsoft\Windows Photo Gallery\Sfondo della Raccolta foto Windows.jpg

O24 - Desktop BackupWallPaper: C:\Users\Bill\AppData\Roaming\Microsoft\Windows Photo Gallery\Sfondo della Raccolta foto Windows.jpg

O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)

O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)

O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{15b36c6e-fc2f-11de-92b2-00248c143306}\Shell - "" = AutoRun

O33 - MountPoints2\{15b36c6e-fc2f-11de-92b2-00248c143306}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found

O33 - MountPoints2\K\Shell - "" = AutoRun

O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/15 10.06.21 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Bill\Desktop\OTL.exe

[2010/07/14 10.21.45 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll

[2010/07/13 18.42.53 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/07/13 11.35.05 | 000,000,000 | ---D | C] -- C:\Users\Bill\Documents\LDW

[2010/07/13 11.34.47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Virtual Villagers 4 - The Tree of Life

[2010/07/09 13.00.08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FirmwareUpdate

[2010/07/08 17.07.25 | 000,020,480 | ---- | C] (Danish Wireless Design A/S) -- C:\Windows\SysWow64\drivers\FlashUsb_x64.sys

[2010/07/08 17.07.25 | 000,020,480 | ---- | C] (Danish Wireless Design A/S) -- C:\Windows\SysNative\drivers\FlashUSB_x64.sys

[2010/07/08 17.07.25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\infineon

[2010/07/08 17.06.41 | 000,000,000 | ---D | C] -- C:\KP500

[2010/07/08 16.57.55 | 000,000,000 | ---D | C] -- C:\ProgramData\LGMOBILEAX

[2010/07/08 16.55.49 | 000,000,000 | ---D | C] -- C:\Users\Bill\Documents\backup telefono antonella

[2010/07/07 10.33.26 | 000,000,000 | ---D | C] -- C:\Users\Bill\Documents\Singularity

[2010/07/07 07.42.08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution

[2010/07/06 23.41.29 | 000,000,000 | ---D | C] -- C:\Users\Bill\Documents\Ovi

[2010/07/04 13.53.06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PSX Games for Windows

[2010/07/03 16.39.32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Games

[2010/07/03 15.45.48 | 000,000,000 | ---D | C] -- C:\Users\Bill\Documents\majesty2

[2010/07/03 15.41.59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Majesty 2

[2010/07/02 16.52.18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kwyshell

[2010/06/30 19.00.52 | 000,000,000 | ---D | C] -- C:\Users\Bill\Documents\Nokia musica

[2010/06/30 18.50.14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PCSuite

[2010/06/30 18.41.29 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia

[2010/06/30 18.36.25 | 000,000,000 | ---D | C] -- C:\Users\Bill\AppData\Local\NokiaAccount

[2010/06/30 18.36.25 | 000,000,000 | ---D | C] -- C:\Users\Bill\AppData\Local\Nokia

[2010/06/30 17.54.22 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache

[2010/06/28 09.08.16 | 000,000,000 | ---D | C] -- C:\ProgramData\Ice-Pick Lodge

[2010/06/28 09.04.51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Void

[2010/06/27 14.16.11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Paradox Entertainment

[2010/06/23 17.27.41 | 000,000,000 | ---D | C] -- C:\Users\Bill\Documents\TmForever

[2010/06/23 17.27.41 | 000,000,000 | ---D | C] -- C:\ProgramData\TmForever

[2010/06/23 17.16.31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TmNationsForever

[2010/06/23 15.47.59 | 000,679,936 | ---- | C] (Generated by JEDI) -- C:\Windows\SysWow64\D3DX81ab.dll

[2010/06/23 15.47.56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cheat Engine

[2010/06/23 14.13.03 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll

[2010/06/23 14.13.02 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll

[2010/06/23 14.13.02 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll

[2010/06/23 14.13.02 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe

[2010/06/23 14.13.02 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe

[2010/06/23 14.13.02 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll

[2010/06/23 14.13.02 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll

[2010/06/23 14.13.02 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll

[2010/06/23 14.12.10 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll

[2010/06/23 14.12.09 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll

[2010/06/23 14.12.09 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll

[2010/06/23 14.12.08 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll

[2010/06/23 14.12.08 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax

[2010/06/23 14.12.08 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax

[2010/06/23 14.12.08 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax

[2010/06/23 14.12.08 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax

[2010/06/22 21.51.43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner

[2010/06/22 18.55.57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicTG

[2010/06/22 09.47.38 | 000,000,000 | ---D | C] -- C:\FU_Backup

[2010/06/22 09.47.38 | 000,000,000 | ---D | C] -- C:\Users\Bill\AppData\Roaming\CheeseSoft

[2010/06/22 09.47.24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FinalUninstaller

[2010/06/21 15.57.45 | 000,000,000 | ---D | C] -- C:\Users\Bill\Documents\THE SETTLERS - Rise of an Empire

[2010/06/21 15.29.05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite

[2010/06/20 14.16.51 | 000,004,682 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\npptNT2.sys

[2010/06/20 14.05.32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCsoft

[2010/06/20 12.24.23 | 000,000,000 | ---D | C] -- C:\Users\Bill\AppData\Roaming\WinMount

[2010/06/20 12.24.00 | 000,063,968 | ---- | C] (WinMount International Inc) -- C:\Windows\SysWow64\drivers\WMDrive.sys

[2010/06/20 12.24.00 | 000,000,000 | ---D | C] -- C:\Programmi\WinMount

[2010/06/19 18.17.34 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~BT

========== Files - Modified Within 30 Days ==========

[2010/07/15 10.10.26 | 009,961,472 | -HS- | M] () -- C:\Users\Bill\NTUSER.DAT

[2010/07/15 10.06.28 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Bill\Desktop\OTL.exe

[2010/07/14 10.56.04 | 000,013,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/07/14 10.56.04 | 000,013,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/07/14 10.45.30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/07/14 10.45.19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/07/14 10.45.04 | 3220,615,168 | -HS- | M] () -- C:\hiberfil.sys

[2010/07/14 10.43.41 | 009,963,395 | -H-- | M] () -- C:\Users\Bill\AppData\Local\IconCache.db

[2010/07/13 22.07.47 | 000,002,003 | ---- | M] () -- C:\Users\Bill\Desktop\useragentswitcher.xml

[2010/07/13 20.43.29 | 000,511,459 | ---- | M] () -- C:\Users\Bill\Desktop\ovistore.jpg

[2010/07/13 18.43.48 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts

[2010/07/13 11.34.56 | 000,002,343 | ---- | M] () -- C:\Users\Bill\Desktop\Virtual Villagers 4 - The Tree of Life.lnk

[2010/07/11 14.59.32 | 000,291,299 | ---- | M] () -- C:\Users\Bill\Desktop\lmc.zip

[2010/07/10 15.04.45 | 000,214,720 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2010/07/10 15.04.45 | 000,214,720 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2010/07/09 16.56.20 | 001,638,102 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/07/09 16.56.20 | 000,732,986 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat

[2010/07/09 16.56.20 | 000,645,396 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/07/09 16.56.20 | 000,144,864 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat

[2010/07/09 16.56.20 | 000,119,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/07/08 17.13.44 | 000,002,413 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini

[2010/07/08 17.13.25 | 000,000,821 | ---- | M] () -- C:\Users\Bill\Desktop\LGMobile update.lnk

[2010/07/07 10.28.05 | 000,002,273 | ---- | M] () -- C:\Users\Public\Desktop\Singularity.lnk

[2010/07/07 07.43.04 | 000,002,065 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk

[2010/07/05 16.23.08 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/07/03 16.40.34 | 000,000,564 | ---- | M] () -- C:\Windows\WORDPAD.INI

[2010/07/03 15.41.59 | 000,000,800 | ---- | M] () -- C:\Users\Bill\Desktop\Majesty 2.lnk

[2010/06/30 18.56.04 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf

[2010/06/30 18.50.15 | 000,002,040 | ---- | M] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk

[2010/06/30 18.25.58 | 000,002,132 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk

[2010/06/30 11.04.38 | 000,001,013 | ---- | M] () -- C:\Users\Bill\Desktop\SpeedFan.lnk

[2010/06/30 11.04.37 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo

[2010/06/29 09.42.25 | 000,007,609 | ---- | M] () -- C:\Users\Bill\AppData\Local\Resmon.ResmonCfg

[2010/06/29 01.42.48 | 000,001,041 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk

[2010/06/28 10.07.56 | 000,000,110 | ---- | M] () -- C:\Windows\SysWow64\~.inf

[2010/06/28 09.08.22 | 000,001,185 | ---- | M] () -- C:\Users\Bill\Desktop\The Void.lnk

[2010/06/23 17.17.55 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\TmNationsForever.lnk

[2010/06/23 15.48.04 | 000,000,989 | ---- | M] () -- C:\Users\Bill\Desktop\Cheat Engine.lnk

[2010/06/23 10.17.09 | 000,467,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/06/22 21.51.47 | 000,001,891 | ---- | M] () -- C:\Users\Bill\Desktop\CCleaner.lnk

[2010/06/22 18.57.11 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\Magic TG Launcher.lnk

[2010/06/22 18.55.18 | 000,127,936 | ---- | M] () -- C:\Users\Bill\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/06/21 15.57.30 | 000,000,802 | ---- | M] () -- C:\Users\Bill\Desktop\THE SETTLERS - Rise of an Empire - collegamento.lnk

[2010/06/21 15.40.10 | 000,828,912 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys

[2010/06/20 23.37.15 | 000,001,256 | ---- | M] () -- C:\Users\Bill\Desktop\Lineage II TheGame.lnk

[2010/06/20 12.24.00 | 000,063,968 | ---- | M] (WinMount International Inc) -- C:\Windows\SysWow64\drivers\WMDrive.sys

[2010/06/19 18.18.07 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml

[2010/06/19 18.18.07 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml

[2010/06/15 15.36.25 | 000,001,312 | ---- | M] () -- C:\Users\Public\Desktop\Serious Sam HD The First Encounter.lnk

[2010/06/15 13.20.44 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job

========== Files Created - No Company Name ==========

[2010/07/13 22.07.46 | 000,002,003 | ---- | C] () -- C:\Users\Bill\Desktop\useragentswitcher.xml

[2010/07/13 20.43.28 | 000,511,459 | ---- | C] () -- C:\Users\Bill\Desktop\ovistore.jpg

[2010/07/13 11.34.55 | 000,002,343 | ---- | C] () -- C:\Users\Bill\Desktop\Virtual Villagers 4 - The Tree of Life.lnk

[2010/07/11 14.37.25 | 000,291,299 | ---- | C] () -- C:\Users\Bill\Desktop\lmc.zip

[2010/07/08 16.58.14 | 000,000,821 | ---- | C] () -- C:\Users\Bill\Desktop\LGMobile update.lnk

[2010/07/08 16.58.10 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll

[2010/07/08 16.58.10 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini

[2010/07/07 10.28.05 | 000,002,273 | ---- | C] () -- C:\Users\Public\Desktop\Singularity.lnk

[2010/07/07 07.43.04 | 000,002,065 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk

[2010/07/03 15.41.59 | 000,000,800 | ---- | C] () -- C:\Users\Bill\Desktop\Majesty 2.lnk

[2010/06/30 18.56.04 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf

[2010/06/30 18.50.15 | 000,002,040 | ---- | C] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk

[2010/06/30 18.25.58 | 000,002,132 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk

[2010/06/30 11.04.38 | 000,001,013 | ---- | C] () -- C:\Users\Bill\Desktop\SpeedFan.lnk

[2010/06/28 09.08.22 | 000,001,185 | ---- | C] () -- C:\Users\Bill\Desktop\The Void.lnk

[2010/06/23 17.17.55 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\TmNationsForever.lnk

[2010/06/23 15.48.04 | 000,000,989 | ---- | C] () -- C:\Users\Bill\Desktop\Cheat Engine.lnk

[2010/06/23 15.47.59 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll

[2010/06/22 21.51.47 | 000,001,891 | ---- | C] () -- C:\Users\Bill\Desktop\CCleaner.lnk

[2010/06/22 18.57.11 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\Magic TG Launcher.lnk

[2010/06/21 15.57.30 | 000,000,802 | ---- | C] () -- C:\Users\Bill\Desktop\THE SETTLERS - Rise of an Empire - collegamento.lnk

[2010/06/20 23.37.15 | 000,001,256 | ---- | C] () -- C:\Users\Bill\Desktop\Lineage II TheGame.lnk

[2010/06/20 14.16.51 | 000,005,174 | ---- | C] () -- C:\Windows\SysWow64\nppt9x.vxd

[2010/06/15 15.36.25 | 000,001,312 | ---- | C] () -- C:\Users\Public\Desktop\Serious Sam HD The First Encounter.lnk

[2010/05/17 11.27.35 | 000,237,568 | R--- | C] () -- C:\Windows\SysWow64\qtmlClient.dll

[2010/05/17 11.27.35 | 000,000,000 | ---- | C] () -- C:\Windows\Graffiti5.2Pin.ini

[2010/02/21 18.50.40 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys

[2009/11/10 20.17.34 | 001,577,134 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2009/11/10 20.16.11 | 000,000,413 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2009/11/10 20.16.11 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI

[2009/11/06 11.58.04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2009/09/03 11.09.18 | 000,000,125 | ---- | C] () -- C:\Windows\topocr.INI

[2009/08/27 10.19.38 | 000,000,564 | ---- | C] () -- C:\Windows\WORDPAD.INI

[2009/07/21 23.12.34 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\BrMuSNMP.dll

[2009/07/21 09.59.40 | 000,031,652 | ---- | C] () -- C:\Windows\maxlink.ini

[2009/07/14 01.42.10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 23.03.59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/06/12 00.28.32 | 000,041,808 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll

[2009/05/12 19.36.08 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini

[2009/05/09 18.16.35 | 000,000,012 | ---- | C] () -- C:\Windows\dirsaver.ini

[2009/01/26 11.45.59 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\pythoncom25.dll

[2009/01/26 11.45.59 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\pywintypes25.dll

[2008/10/07 09.13.22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2008/10/07 09.13.20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2008/10/07 09.13.20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2008/10/07 09.13.20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2008/10/07 09.13.20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2008/10/07 09.13.20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2008/10/07 09.13.20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2008/10/07 09.13.20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2008/10/07 09.13.20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2008/04/15 04.20.46 | 000,237,568 | ---- | C] () -- C:\Windows\glut32.dll

[2005/09/01 16.20.46 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\vspxcore.dll

[1997/11/10 15.18.48 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:364682BC

< End of report >

[Mascella]

I forgot to mention that using Windows 7 I got a gadget showing CPU and RAM usage, and sometimes, without any reason they start working a lot making programs slow... Maybe some conflicts?

[kahdah]

without any reason they start working a lot making programs slow... Maybe some conflicts?

True can you tell maybe what programs cause it to spike?

[Mascella]

True can you tell maybe what programs cause it to spike?

Last time it happened I was playing an online game (League of legends)

[kahdah]

Ok that makes sense.

Games do require a lot of cpu.

Does it happen any other times other than that?

[Mascella]

Ok that makes sense.

Games do require a lot of cpu.

Does it happen any other times other than that?

Not really normal seeing my pc potential and game requirements (it just work like a charm and sometimes start to slow down and pc working a lot (seeing the light on the power on button), but it happens also on Firefox, above all (this is just a guess) when Adobe flash Player is working (Firefox just blocks for some seconds)

[kahdah]

Well it is fairly normal to get some lag when you play a game.

Either way it is not malware related.

If it is a continual problem and you wish to try to deal with it further you can start a thread in this forum:

http://forums.malwarebytes.org/index.php?showforum=6

They will help you further.

======Cleanup======

• Double click on OTL to run it.
  
• Click on the Cleanup button at the top.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  
• This will remove itself and other tools we may have used.
  

===============Update Java

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop. Make sure it is the X64 version or it will not work correctly.
  
• Scroll down to where it says "(JRE) then click on it
  
• Click the "Download" button to the right.
  
• Select your Platform: "Windows".
  
• Select your Language: "Multi-language".
  
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
• Click Continue and the page will refresh.
  
• Click on the link to download Windows Offline Installation and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.
  
• Go to Start > Control Panel, double-click on Uninstall a Program and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  

======================Clear out infected System Restore points======================

Then we need to reset your System Restore points.

The link below shows how to do this.

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/kb/310405/en-us

If you are using Vista or Windows 7 then see this link: http://www.bleepingcomputer.com/tutorials/...143.html#manual

Delete\uninstall anything else that we have used that is leftover.

=====================================

After that your all set.

The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent,Limewire etc...

[screen317]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!