WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93090 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Roaming/Ctfmon.exe

Started by Burbè , Aug 26 2011 10:02 AM

This topic is locked

14 replies to this topic

#1 Burbè

New Member

Authentic Member
9 posts

Posted 26 August 2011 - 10:02 AM

Hello,
I did a complete scan with Kaspersky, which found and delete a trojan;
afterwards i deep scanned with Nod32 and Fsecure and Trendmicro Housecall,
no threaths found by any of them,
but
Malware bytes points out anotehr trojan named "ctfmon.exe", located in Appdata/Roaming folder,
with the same name of Microsoft Office process "ctfmon.exe".

I would be pleased if you might examine the logs files attached (Malwarebytes + hijackthis + Bitdefender)
and tell me how to proceed.

thank you guys
t

I went to VirusTotal, it says: http://www.virustota...6671-1314368853

Attached Files

Report_2011_08_26_17.55.10.txt 18.92KB 319 downloads
mbam_log_2011_08_26__17_08_04_.txt 1.19KB 246 downloads

Advertisements

Register to Remove

#2 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 29 August 2011 - 08:04 AM

Please just copy and paste any logs we ask for into this thread in lew of attaching them.

Open Malwarebytes, check for updates and run the Quick scan , make sure you remove what it finds, you had your scan set for TAKE NO ACTION that may not have removed the threat

Then run these programs and lets see whats going on

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Download DDS from one of the links below to your desktop

Link 1
Link 2

Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
Copy/Paste the contents of 'DDS.txt' into your post.
'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#3 Burbè

New Member

Authentic Member
9 posts

Posted 29 August 2011 - 08:15 AM

Hello, I am pleased to be assisted; afterI download dds.scr, i can't run it because Autodesk Autocad 2011 read it as a drawing script, so it doesn't work. should I run it from the command bar or how..?

#4 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 29 August 2011 - 08:40 AM

Run aswMBR and lets go from there

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#5 Burbè

New Member

Authentic Member
9 posts

Posted 29 August 2011 - 09:00 AM

here we go, (it took a while) aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software Run date: 2011-08-29 16:15:24 ----------------------------- 16:15:24.800 OS Version: Windows x64 6.1.7601 Service Pack 1 16:15:24.800 Number of processors: 8 586 0x2A07 16:15:24.801 ComputerName: QUADERNO UserName: Folio 16:15:25.360 Initialize success 16:47:03.472 AVAST engine defs: 11082900 16:48:48.517 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 16:48:48.520 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3 16:48:48.538 Disk 0 MBR read successfully 16:48:48.541 Disk 0 MBR scan 16:48:48.549 Disk 0 Windows 7 default MBR code 16:48:48.553 Service scanning 16:48:55.316 Modules scanning 16:48:55.316 Disk 0 trace - called modules: 16:48:55.332 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 16:48:55.332 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005303790] 16:48:55.332 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80050e0050] 16:48:56.128 AVAST engine scan C:\Windows 16:48:57.688 AVAST engine scan C:\Windows\system32 16:50:33.004 AVAST engine scan C:\Windows\system32\drivers 16:50:45.359 AVAST engine scan C:\Users\Folio 16:53:43.995 AVAST engine scan C:\ProgramData 16:54:55.989 Scan finished successfully 16:55:13.555 Disk 0 MBR has been saved successfully to "C:\Users\Folio\Desktop\MBR.dat" 16:55:13.555 The log file has been saved successfully to "C:\Users\Folio\Desktop\aswMBR.txt" do you need MBR.dat"? I updated mbam and it removed the threats with "no action taken", but then i forgot to ask for a log file, so i scanned again: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 7605 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 29/08/2011 16:30:20 mbam-log-2011-08-29 (16-30-20).txt Scan type: Quick scan Objects scanned: 185135 Time elapsed: 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

#6 Burbè

New Member

Authentic Member
9 posts

Posted 29 August 2011 - 09:02 AM

may I now close aswmbr?

#7 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 29 August 2011 - 09:59 AM

Yes, you can close aswMBR. No I dont need MBR .dat, you can delete it. Open Malwarebytes and go to the log tab and copy and paste the log with the removed threats so i can see what was removed.

Then run this program

OTL by OldTimer

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#8 Burbè

New Member

Authentic Member
9 posts

Posted 29 August 2011 - 10:15 AM

in mbam, the option "save a log file" automatically, was unflaged, so it didn't save a log file in that folder i went in the quarantine which shows 3 items out of the 4 pointed out by mbam (screenshot attached) the first mabam log, the one i attached instead of copy pasting it, show the 3 threats found (which i deleted in the second scan); the last scan found and removed svchast.exe in total 4 issues

Attached Thumbnails

#9 Burbè

New Member

Authentic Member
9 posts

Posted 29 August 2011 - 10:34 AM

OTL.txt

OTL logfile created on: 29/08/2011 18:19:36 - Run 1
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Folio\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,86 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 63,96% Memory free
7,85 Gb Paging File | 6,43 Gb Available in Paging File | 81,88% Paging File free
Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 120,00 Gb Total Space | 64,08 Gb Free Space | 53,40% Space Free | Partition Type: NTFS

Computer Name: QUADERNO | User Name: Folio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Folio\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Programmi\Acer\Acer Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\ESET Smart Security\x86\ekrn.exe (ESET)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\33b601c8e2cf4993e68d763389246197\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\5331d3f795e5cbe9031a422fdd75e22b\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\015cf943509e633ae07b84cf40969fbc\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_it_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel® Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (B-Service) -- C:\Users\Folio\AppData\Roaming\Mikogo\B-Service.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (ePowerSvc) -- C:\Programmi\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Updater Service) -- C:\Programmi\Acer\Acer Updater\UpdaterService.exe (Acer Group)
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EhttpSrv) -- C:\Program Files (x86)\ESET Smart Security\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files (x86)\ESET Smart Security\x86\ekrn.exe (ESET)

========== Driver Services (SafeList) ==========

DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (b57xdmp) -- C:\Windows\SysNative\drivers\b57xdmp.sys (Broadcom Corporation)
DRV:64bit: - (b57xdbd) -- C:\Windows\SysNative\drivers\b57xdbd.sys (Broadcom Corporation)
DRV:64bit: - (bScsiMSa) -- C:\Windows\SysNative\drivers\bScsiMSa.sys (Broadcom Corporation)
DRV:64bit: - (k57nd60a) Broadcom NetLink ™ -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (bScsiSDa) -- C:\Windows\SysNative\drivers\bScsiSDa.sys (Broadcom Corporation)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Audio schermo Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel® Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (epfwwfp) -- C:\Windows\SysNative\drivers\epfwwfp.sys (ESET)
DRV:64bit: - (Epfwndis) -- C:\Windows\SysNative\drivers\epfwndis.sys (ESET)
DRV:64bit: - (epfw) -- C:\Windows\SysNative\drivers\epfw.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (eamon) -- C:\Windows\SysNative\drivers\eamon.sys (ESET)
DRV - (SbieDrv) -- C:\Programmi\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3716301854-3167633362-2689926212-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKU\S-1-5-21-3716301854-3167633362-2689926212-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKU\S-1-5-21-3716301854-3167633362-2689926212-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/08/26 14:14:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/13 17:08:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/08/26 14:14:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/05/13 17:08:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files (x86)\ESET Smart Security\Mozilla Thunderbird [2011/07/12 17:53:19 | 000,000,000 | ---D | M]

[2011/05/11 14:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Folio\AppData\Roaming\mozilla\Extensions
[2011/05/11 14:09:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Folio\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/08/23 20:03:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Folio\AppData\Roaming\mozilla\Firefox\Profiles\ef7pgx96.default\extensions
[2011/08/23 20:03:57 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Folio\AppData\Roaming\mozilla\Firefox\Profiles\ef7pgx96.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/05/11 09:39:41 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\Folio\AppData\Roaming\mozilla\Firefox\Profiles\ef7pgx96.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011/05/11 09:39:41 | 000,000,000 | ---D | M] (Diccionario de EspaÃ±ol/EspaÃ±a) -- C:\Users\Folio\AppData\Roaming\mozilla\Firefox\Profiles\ef7pgx96.default\extensions\es-es@dictionaries.addons.mozilla.org
[2011/05/11 09:39:41 | 000,000,000 | ---D | M] (Dictionnaire franÃ§ais Â«ModerneÂ») -- C:\Users\Folio\AppData\Roaming\mozilla\Firefox\Profiles\ef7pgx96.default\extensions\fr-moderne@dictionaries.addons.mozilla.org
[2011/05/11 10:39:59 | 000,000,000 | ---D | M] (Dizionario italiano) -- C:\Users\Folio\AppData\Roaming\mozilla\Firefox\Profiles\ef7pgx96.default\extensions\it-IT@dictionaries.addons.mozilla.org
[2011/07/02 09:47:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/06/03 19:48:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/06/04 11:12:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/02 09:47:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/04/14 18:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010/01/01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/26 12:49:32 | 000,004,008 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 76 more lines...
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3716301854-3167633362-2689926212-1002\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programmi\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files (x86)\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programmi\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] File not found
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] File not found
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3716301854-3167633362-2689926212-1002..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-3716301854-3167633362-2689926212-1002..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3716301854-3167633362-2689926212-1004..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-21-3716301854-3167633362-2689926212-1004..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-21-3716301854-3167633362-2689926212-1004..\RunOnce: [ScrSav] File not found
O4 - Startup: C:\Users\Folio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\adobemasterkeygen55-multi.exe (Adobe Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.103.25.250 62.101.93.101
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c1e65f63-7cb5-11e0-bc5e-1c7508ddb998}\Shell - "" = AutoRun
O33 - MountPoints2\{c1e65f63-7cb5-11e0-bc5e-1c7508ddb998}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/26 14:16:05 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2011/08/26 14:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/08/26 14:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/08/26 14:08:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5.5
[2011/08/26 14:07:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/08/26 13:59:40 | 000,851,968 | ---- | C] (Adobe Inc.) -- C:\Users\Folio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\adobemasterkeygen55-multi.exe
[2011/08/26 12:37:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/08/24 21:13:10 | 000,000,000 | R--D | C] -- C:\Sandbox
[2011/08/24 21:10:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
[2011/08/24 21:10:08 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2011/08/24 19:13:00 | 000,000,000 | ---D | C] -- C:\Users\Folio\AppData\Roaming\f-secure
[2011/08/24 19:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2011/08/23 22:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/08/23 20:04:00 | 000,000,000 | ---D | C] -- C:\Users\Folio\AppData\Roaming\QuickScan
[2011/08/23 16:24:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/08/10 11:30:18 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/08/10 11:30:18 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/08/10 11:30:18 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/08/10 11:30:18 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/08/10 11:30:18 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/08/10 11:30:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/08/10 11:30:17 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/08/10 11:30:17 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/08/10 11:30:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/08/10 11:30:17 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/08/10 11:30:17 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 11:30:17 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 11:30:17 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/08/10 11:30:17 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/08/10 11:30:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 11:30:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 11:30:17 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/08/10 11:30:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 11:30:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/08/10 11:30:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 11:30:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/08/10 11:30:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 11:30:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 11:30:17 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 11:30:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/08/10 11:30:16 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/08/10 11:30:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/08/10 11:30:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/08/10 11:30:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 11:30:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/08/10 11:30:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/08/10 11:30:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/08/10 11:30:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/08/10 11:30:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 11:30:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/08/10 11:30:16 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/08/10 11:30:15 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/08/10 11:30:14 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/08/10 11:30:14 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/08/10 11:30:14 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/08/10 11:30:13 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/08/10 11:30:13 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/08/10 11:30:13 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/08/10 11:30:13 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/08/10 11:30:13 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/08/10 11:30:13 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/08/10 11:30:13 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/08/10 11:30:13 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/08/10 11:30:13 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/08/09 11:48:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/08/08 17:07:01 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/08/08 16:25:17 | 000,000,000 | ---D | C] -- C:\Users\Folio\Documents\Compostela
[2011/05/11 21:26:51 | 000,339,560 | ---- | C] (NVIDIA Corporation) -- C:\Program Files (x86)\setup.exe

========== Files - Modified Within 30 Days ==========

[2011/08/29 18:09:23 | 000,081,743 | ---- | M] () -- C:\Users\Folio\Desktop\mbam.jpg
[2011/08/29 17:46:00 | 000,001,148 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/29 16:55:13 | 000,000,512 | ---- | M] () -- C:\Users\Folio\Desktop\MBR.dat
[2011/08/29 16:16:56 | 000,017,658 | ---- | M] () -- C:\Users\Folio\AppData\Roaming\Aug
[2011/08/29 15:46:00 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/29 14:54:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/29 12:55:46 | 001,654,598 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/29 12:55:46 | 000,739,466 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2011/08/29 12:55:46 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/29 12:55:46 | 000,146,506 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2011/08/29 12:55:46 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/29 10:15:25 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/29 10:15:25 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/29 10:08:35 | 000,079,360 | ---- | M] () -- C:\Users\Folio\AppData\Roaming\adobemasterkeygen55-multi.exe
[2011/08/29 10:07:48 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/27 10:00:43 | 001,618,700 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/26 22:28:44 | 004,946,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/08/25 23:50:32 | 000,851,968 | ---- | M] (Adobe Inc.) -- C:\Users\Folio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\adobemasterkeygen55-multi.exe
[2011/08/25 10:01:38 | 000,001,978 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2011/08/24 23:08:39 | 000,105,980 | ---- | M] () -- C:\Users\Folio\Desktop\REGOLAMENTO_EcoLuogo_2011_g.pdf
[2011/08/23 19:44:04 | 005,572,662 | ---- | M] () -- C:\Users\Folio\AppData\Local\census.cache
[2011/08/23 19:41:45 | 000,000,000 | ---- | M] () -- C:\Users\Folio\AppData\Local\ars.cache
[2011/08/10 12:27:46 | 001,077,616 | ---- | M] () -- C:\Users\Folio\Desktop\_wanted_aumele_2010JUNE.pdf
[2011/08/09 23:04:55 | 000,050,099 | ---- | M] () -- C:\Users\Folio\Desktop\1.pdf
[2011/08/08 17:07:01 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2011/08/29 18:09:23 | 000,081,743 | ---- | C] () -- C:\Users\Folio\Desktop\mbam.jpg
[2011/08/29 16:55:13 | 000,000,512 | ---- | C] () -- C:\Users\Folio\Desktop\MBR.dat
[2011/08/26 22:28:36 | 000,079,360 | ---- | C] () -- C:\Users\Folio\AppData\Roaming\adobemasterkeygen55-multi.exe
[2011/08/26 14:14:44 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2011/08/26 14:14:44 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2011/08/26 14:00:10 | 000,017,658 | ---- | C] () -- C:\Users\Folio\AppData\Roaming\Aug
[2011/08/26 12:43:02 | 001,618,700 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/24 23:08:38 | 000,105,980 | ---- | C] () -- C:\Users\Folio\Desktop\REGOLAMENTO_EcoLuogo_2011_g.pdf
[2011/08/24 21:10:48 | 000,001,978 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/08/10 12:27:46 | 001,077,616 | ---- | C] () -- C:\Users\Folio\Desktop\_wanted_aumele_2010JUNE.pdf
[2011/08/09 23:04:55 | 000,050,099 | ---- | C] () -- C:\Users\Folio\Desktop\1.pdf
[2011/07/15 22:13:13 | 005,572,662 | ---- | C] () -- C:\Users\Folio\AppData\Local\census.cache
[2011/07/15 22:13:13 | 000,000,000 | ---- | C] () -- C:\Users\Folio\AppData\Local\ars.cache
[2011/07/15 21:56:59 | 000,000,036 | ---- | C] () -- C:\Users\Folio\AppData\Local\housecall.guid.cache
[2011/05/12 18:30:46 | 000,000,000 | ---- | C] () -- C:\Users\Folio\AppData\Local\{B9C33626-8887-4D6E-AC08-A65E10485588}
[2011/05/11 21:26:36 | 000,002,656 | ---- | C] () -- C:\Program Files (x86)\Setup.cfg
[2011/05/11 12:40:23 | 000,007,599 | ---- | C] () -- C:\Users\Folio\AppData\Local\resmon.resmoncfg
[2011/05/09 17:38:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/03/03 13:52:21 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/03/03 13:52:20 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/03/03 13:52:18 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/02/22 15:19:46 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/05/13 15:09:45 | 000,000,000 | ---D | M] -- C:\Users\Folio\AppData\Roaming\Abvent
[2011/06/30 00:58:22 | 000,000,000 | ---D | M] -- C:\Users\Folio\AppData\Roaming\Abvent_Artlantis3
[2011/05/13 11:10:14 | 000,000,000 | ---D | M] -- C:\Users\Folio\AppData\Roaming\Autodesk
[2011/05/12 21:40:58 | 000,000,000 | ---D | M] -- C:\Users\Folio\AppData\Roaming\com.adobe.dmp.contentviewer
[2011/07/01 11:22:07 | 000,000,000 | ---D | M] -- C:\Users\Folio\AppData\Roaming\Dropbox
[2011/07/12 17:53:49 | 000,000,000 | ---D | M] -- C:\Users\Folio\AppData\Roaming\ESET
[2011/08/24 19:13:00 | 000,000,000 | ---D | M] -- C:\Users\Folio\AppData\Roaming\f-secure
[2011/06/11 15:43:25 | 000,000,000 | ---D | M] -- C:\Users\Folio\AppData\Roaming\Mikogo
[2011/06/03 19:50:02 | 000,000,000 | ---D | M] -- C:\Users\Folio\AppData\Roaming\OpenOffice.org
[2011/05/11 16:14:49 | 000,000,000 | ---D | M] -- C:\Users\Folio\AppData\Roaming\qBittorrent
[2011/08/26 17:55:10 | 000,000,000 | ---D | M] -- C:\Users\Folio\AppData\Roaming\QuickScan
[2011/05/11 14:09:57 | 000,000,000 | ---D | M] -- C:\Users\Folio\AppData\Roaming\Thunderbird
[2011/06/14 09:24:43 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

#10 Burbè

New Member

Authentic Member
9 posts

Posted 29 August 2011 - 10:37 AM

EXTRA.TXT

OTL Extras logfile created on: 29/08/2011 18:19:36 - Run 1
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\Folio\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,86 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 63,96% Memory free
7,85 Gb Paging File | 6,43 Gb Available in Paging File | 81,88% Paging File free
Paging file location(s): c:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 120,00 Gb Total Space | 64,08 Gb Free Space | 53,40% Space Free | Partition Type: NTFS

Computer Name: QUADERNO | User Name: Folio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3716301854-3167633362-2689926212-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Folio\AppData\Roaming\ctfmon.exe" = C:\Users\Folio\AppData\Roaming\ctfmon.exe:*:Enabled:Windows Messanger
"C:\Users\Folio\AppData\Roaming\svchast.exe" = C:\Users\Folio\AppData\Roaming\svchast.exe:*:Enabled:Windows Messanger
"C:\Users\Folio\AppData\Roaming\ctfmon.exe" = C:\Users\Folio\AppData\Roaming\ctfmon.exe:*:Enabled:Windows Messanger
"C:\Users\Folio\AppData\Roaming\svchast.exe" = C:\Users\Folio\AppData\Roaming\svchast.exe:*:Enabled:Windows Messanger

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{25B473DB-CC8D-384A-ACE7-7CFB119B7E03}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5783F2D7-9001-0000-0102-0060B0CE6BBA}" = AutoCAD 2011 - English
"{5783F2D7-9001-0409-0102-0060B0CE6BBA}" = AutoCAD 2011 - English
"{5783F2D7-9001-0409-1102-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - English
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EF3602-4C70-408A-8A78-B409716374A0}" = ESET Smart Security
"{9B57A772-BC72-3430-A198-46D48D4F1CCA}" = Microsoft .NET Framework 4 Extended ITA Language Pack
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Pannello di controllo NVIDIA 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver grafico 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.1.34
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aggiornamenti NVIDIA 1.1.34
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Monitoraggio della tecnologia Intel® Turbo Boost 2.0
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom Gigabit NetLink Controller
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AutoCAD 2011 - English" = AutoCAD 2011 - English
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 8.0.6.0_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended ITA Language Pack" = Microsoft .NET Framework 4 Extended - Language Pack (ITA)
"Sandboxie" = Sandboxie 3.56 (64-bit)
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{067B277E-F94B-4F04-B380-BA967C00377C}_is1" = MiniTool Partition Wizard Home Edition 6.0
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3AB65E95-37D6-4DD7-8862-29AED3AFD54B}" = Google SketchUp Pro 8
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73262004-8473-4672-8558-0AA4277E0287}_is1" = qBittorrent 2.7.3
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.5 MUI
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2131BFA-A0D6-4FDE-8614-75B07A9B15EE}" = Windows Live UX Platform Language Pack
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"Acer Registration" = Acer Registration
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Artlantis Studio 3" = Artlantis Studio 3.0.5
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"eMule AdunanzA" = AdunanzA
"ESET Online Scanner" = ESET Online Scanner v3
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware versione 1.51.0.1200
"Mikogo" = Mikogo
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"pepakura_designer3en" = Pepakura Designer 3
"SSC Service Utility_is1" = SSC Service Utility v4.30
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.9
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3716301854-3167633362-2689926212-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe ConnectNow Add-in" = Adobe ConnectNow Add-in
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/07/2011 11:53:18 | Computer Name = Quaderno | Source = System Restore | ID = 8193
Description =

Error - 12/07/2011 11:53:19 | Computer Name = Quaderno | Source = System Restore | ID = 8193
Description =

Error - 12/07/2011 11:53:39 | Computer Name = Quaderno | Source = System Restore | ID = 8193
Description =

Error - 12/07/2011 16:50:07 | Computer Name = Quaderno | Source = System Restore | ID = 8193
Description =

Error - 12/07/2011 16:50:17 | Computer Name = Quaderno | Source = System Restore | ID = 8193
Description =

Error - 13/07/2011 10:53:03 | Computer Name = Quaderno | Source = System Restore | ID = 8193
Description =

Error - 13/07/2011 10:53:03 | Computer Name = Quaderno | Source = System Restore | ID = 8193
Description =

Error - 14/07/2011 11:46:26 | Computer Name = Quaderno | Source = Application Hang | ID = 1002
Description = Il programma firefox.exe versione 2.0.1.4120 non interagisce più con
Windows ed è stato chiuso. Per vedere se sono disponibili ulteriori informazioni
sul problema, verificare la cronologia del problema in Centro operativo nel Pannello
di controllo. ID processo: 10e8 Ora di avvio: 01cc423a1239fb74 Ora di chiusura: 16

Percorso
applicazione: C:\Program Files (x86)\Mozilla Firefox\firefox.exe ID segnalazione:
42ac28cf-ae30-11e0-9339-1c7508ddb998

Error - 15/07/2011 11:54:36 | Computer Name = Quaderno | Source = System Restore | ID = 8193
Description =

Error - 08/08/2011 10:23:00 | Computer Name = Quaderno | Source = System Restore | ID = 8193
Description =

[ System Events ]
Error - 08/08/2011 10:48:20 | Computer Name = Quaderno | Source = Service Control Manager | ID = 7001
Description = Il servizio Browser di computer dipende dal servizio Server che non
è stato avviato per il seguente errore: %%1068

Error - 08/08/2011 10:48:20 | Computer Name = Quaderno | Source = Service Control Manager | ID = 7001
Description = Il servizio Browser di computer dipende dal servizio Server che non
è stato avviato per il seguente errore: %%1068

Error - 08/08/2011 10:48:20 | Computer Name = Quaderno | Source = Service Control Manager | ID = 7001
Description = Il servizio Browser di computer dipende dal servizio Server che non
è stato avviato per il seguente errore: %%1068

Error - 08/08/2011 10:48:20 | Computer Name = Quaderno | Source = Service Control Manager | ID = 7001
Description = Il servizio Browser di computer dipende dal servizio Server che non
è stato avviato per il seguente errore: %%1068

Error - 08/08/2011 10:48:20 | Computer Name = Quaderno | Source = Service Control Manager | ID = 7001
Description = Il servizio Browser di computer dipende dal servizio Server che non
è stato avviato per il seguente errore: %%1068

Error - 08/08/2011 10:48:22 | Computer Name = Quaderno | Source = Service Control Manager | ID = 7001
Description = Il servizio Browser di computer dipende dal servizio Server che non
è stato avviato per il seguente errore: %%1068

Error - 08/08/2011 10:48:22 | Computer Name = Quaderno | Source = Service Control Manager | ID = 7001
Description = Il servizio Browser di computer dipende dal servizio Server che non
è stato avviato per il seguente errore: %%1068

Error - 08/08/2011 10:48:22 | Computer Name = Quaderno | Source = Service Control Manager | ID = 7001
Description = Il servizio Browser di computer dipende dal servizio Server che non
è stato avviato per il seguente errore: %%1068

Error - 08/08/2011 10:48:26 | Computer Name = Quaderno | Source = Service Control Manager | ID = 7001
Description = Il servizio Provider Gruppo Home dipende dal servizio Host provider
di individuazione funzioni che non è stato avviato per il seguente errore: %%1068

Error - 10/08/2011 09:41:11 | Computer Name = Quaderno | Source = Disk | ID = 262159
Description = Il dispositivo \Device\Harddisk1\DR2 non è ancora pronto per l'accesso.

< End of report >

#11 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 29 August 2011 - 10:58 AM

Hi,

Download CKScanner by askey127 from Here & save it to your Desktop.

Doubleclick CKScanner.exe then click Search For Files
When the cursor hourglass disappears, click Save List To File
A message box will verify the file saved
Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#12 Burbè

New Member

Authentic Member
9 posts

Posted 29 August 2011 - 11:30 AM

CKScanner CKScanner - Additional Security Risks - These are not necessarily bad c:\sandbox\folio\defaultbox\user\current\desktop\adobemasterkeygen55-multi.exe c:\users\folio\documents\downloads\eset nod32 antivirus 4.0.437 x32 x64 + crack.rar c:\users\folio\documents\downloads\adobe.creative.suite.5.5.master.collection.english.win.esd.keygen-xforce-wzt\cs55_mastercollection_whatsnew.pdf c:\users\folio\documents\downloads\adobe.creative.suite.5.5.master.collection.english.win.esd.keygen-xforce-wzt\cs55_pr_en.pdf c:\users\folio\documents\downloads\adobe.creative.suite.5.5.master.collection.english.win.esd.keygen-xforce-wzt\cs55_pr_ru.pdf c:\users\folio\documents\downloads\adobe.creative.suite.5.5.master.collection.english.win.esd.keygen-xforce-wzt\mastercollection_cs5_5_ls1.7z c:\users\folio\documents\downloads\adobe.creative.suite.5.5.master.collection.english.win.esd.keygen-xforce-wzt\mastercollection_cs5_5_ls1.exe c:\users\folio\documents\downloads\adobe.creative.suite.5.5.master.collection.english.win.esd.keygen-xforce-wzt\adobe.cs5.5.mc_keygen_win_osx-xforce\adobemasterkeygen55.exe c:\users\folio\documents\downloads\adobe.creative.suite.5.5.master.collection.english.win.esd.keygen-xforce-wzt\adobe.cs5.5.mc_keygen_win_osx-xforce\file_id.diz c:\users\folio\documents\downloads\adobe.creative.suite.5.5.master.collection.english.win.esd.keygen-xforce-wzt\adobe.cs5.5.mc_keygen_win_osx-xforce\install.txt c:\users\folio\documents\downloads\adobe.creative.suite.5.5.master.collection.english.win.esd.keygen-xforce-wzt\adobe.cs5.5.mc_keygen_win_osx-xforce\x-force.nfo c:\users\folio\documents\downloads\adobe.creative.suite.5.5.master.collection.english.win.esd.keygen-xforce-wzt\adobe.cs5.5.mc_keygen_win_osx-xforce\osx\disable_activation_osx c:\users\folio\documents\downloads\adobe.creative.suite.5.5.master.collection.english.win.esd.keygen-xforce-wzt\adobe.cs5.5.mc_keygen_win_osx-xforce\osx\install_color_finesse_3_osx.txt c:\users\folio\documents\downloads\adobe.creative.suite.5.5.master.collection.english.win.esd.keygen-xforce-wzt\adobe.cs5.5.mc_keygen_win_osx-xforce\win\disable_activation.cmd c:\users\folio\documents\downloads\adobe.creative.suite.5.5.master.collection.english.win.esd.keygen-xforce-wzt\adobe.cs5.5.mc_keygen_win_osx-xforce\win\install_color_finesse_3_win.txt c:\users\folio\documents\downloads\adobe_cs5.5_master_collection_keygen_update_win_osx-xforce\torrent downloaded from demonoid.me.txt c:\users\folio\documents\downloads\adobe_cs5.5_master_collection_keygen_update_win_osx-xforce\x-force.nfo c:\users\folio\documents\downloads\adobe_cs5.5_master_collection_keygen_update_win_osx-xforce\crack\adobemasterkeygen55-multi.zip c:\users\folio\documents\downloads\adobe_cs5.5_master_collection_keygen_update_win_osx-xforce\crack\install.txt c:\users\folio\documents\downloads\adobe_cs5.5_master_collection_keygen_update_win_osx-xforce\crack\adobemasterkeygen55-multi\adobemasterkeygen55-multi.exe c:\users\folio\documents\downloads\adobe_cs5.5_master_collection_keygen_update_win_osx-xforce\crack\osx\disable_activation_osx c:\users\folio\documents\downloads\adobe_cs5.5_master_collection_keygen_update_win_osx-xforce\crack\osx\install_color_finesse_3_osx.txt c:\users\folio\documents\downloads\adobe_cs5.5_master_collection_keygen_update_win_osx-xforce\crack\win\disable_activation.cmd c:\users\folio\documents\downloads\adobe_cs5.5_master_collection_keygen_update_win_osx-xforce\crack\win\install_color_finesse_3_win.txt c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\file_id.diz c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8001.zip c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8002.zip c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8003.zip c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8004.zip c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8005.zip c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8006.zip c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8007.zip c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8008.zip c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8009.zip c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8010.zip c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8011.zip c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8012.zip c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8013.zip c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8014.zip c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\mesmerize.nfo c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8009\file_id.diz c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8009\googlesketchupprowen.exe c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8009\keygen.exe c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8009\mesmerize.nfo c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8009\mesmerize.r00 c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8009\mesmerize.r01 c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8009\mesmerize.r02 c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8009\mesmerize.r03 c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8009\mesmerize.r04 c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8009\mesmerize.r05 c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8009\mesmerize.r06 c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8009\mesmerize.r07 c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8009\mesmerize.r08 c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8009\mesmerize.r09 c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8009\mesmerize.r10 c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8009\mesmerize.r11 c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8009\mesmerize.r12 c:\users\folio\documents\downloads\google.sketchup.pro.v8.0.3117.incl.keygen-mesmerize\m-sp8009\mesmerize.rar c:\users\folio\documents\europan\dropbox\dropbox\europan_tdm\90.bin\vray+sketchup 8\vray 1.48 per sketchup 7-8\crack\licensing\vrflserver2.xml c:\users\folio\documents\europan\dropbox\dropbox\europan_tdm\90.bin\vray+sketchup 8\vray 1.48 per sketchup 7-8\crack\python26\lib\site-packages\cgauth.dll c:\users\folio\documents\riferimenti architettura\tools\vray 1.48 per sketchup 7-8\crack\licensing\vrflserver2.xml c:\users\folio\documents\riferimenti architettura\tools\vray 1.48 per sketchup 7-8\crack\python26\lib\site-packages\cgauth.dll hosts 127.0.0.1 activate.adobe.com hosts 127.0.0.1 practivate.adobe.com hosts 127.0.0.1 ereg.adobe.com hosts 127.0.0.1 activate.wip3.adobe.com hosts 127.0.0.1 wip3.adobe.com hosts 127.0.0.1 3dns-3.adobe.com hosts 127.0.0.1 3dns-2.adobe.com hosts 127.0.0.1 adobe-dns.adobe.com hosts 127.0.0.1 adobe-dns-2.adobe.com hosts 127.0.0.1 adobe-dns-3.adobe.com hosts 127.0.0.1 ereg.wip3.adobe.com hosts 127.0.0.1 activate-sea.adobe.com hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com hosts 127.0.0.1 activate-sjc0.adobe.com hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com hosts 127.0.0.1 activate.adobe.com hosts 127.0.0.1 practivate.adobe.com hosts 127.0.0.1 ereg.adobe.com hosts 127.0.0.1 activate.wip3.adobe.com hosts 127.0.0.1 wip3.adobe.com hosts 127.0.0.1 3dns-3.adobe.com hosts 127.0.0.1 3dns-2.adobe.com hosts 127.0.0.1 adobe-dns.adobe.com hosts 127.0.0.1 adobe-dns-2.adobe.com hosts 127.0.0.1 adobe-dns-3.adobe.com hosts 127.0.0.1 ereg.wip3.adobe.com hosts 127.0.0.1 activate-sea.adobe.com hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com hosts 127.0.0.1 activate-sjc0.adobe.com hosts 127.0.0.1 adobe.activate.com hosts 127.0.0.1 activate.adobe.com hosts 127.0.0.1 practivate.adobe.com hosts 127.0.0.1 ereg.adobe.com hosts 127.0.0.1 activate.wip3.adobe.com hosts 127.0.0.1 wip3.adobe.com hosts 127.0.0.1 3dns-3.adobe.com hosts 127.0.0.1 3dns-2.adobe.com hosts 127.0.0.1 adobe-dns.adobe.com hosts 127.0.0.1 adobe-dns-2.adobe.com hosts 127.0.0.1 adobe-dns-3.adobe.com hosts 127.0.0.1 ereg.wip3.adobe.com hosts 127.0.0.1 activate-sea.adobe.com hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com hosts 127.0.0.1 activate-sjc0.adobe.com hosts 127.0.0.1 activate.adobe.com hosts 127.0.0.1 activate-sea.adobe.com hosts 127.0.0.1 activate-sjc0.adobe.com hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com hosts 127.0.0.1 activate.adobe.com hosts 127.0.0.1 activate-sea.adobe.com hosts 127.0.0.1 activate-sjc0.adobe.com hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com hosts 127.0.0.1 activate.adobe.com hosts 127.0.0.1 activate-sea.adobe.com hosts 127.0.0.1 activate-sjc0.adobe.com hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com hosts 127.0.0.1 activate.adobe.com hosts 127.0.0.1 practivate.adobe.com hosts 127.0.0.1 ereg.adobe.com hosts 127.0.0.1 activate.wip3.adobe.com hosts 127.0.0.1 wip3.adobe.com hosts 127.0.0.1 3dns-3.adobe.com hosts 127.0.0.1 3dns-2.adobe.com hosts 127.0.0.1 adobe-dns.adobe.com hosts 127.0.0.1 adobe-dns-2.adobe.com hosts 127.0.0.1 adobe-dns-3.adobe.com hosts 127.0.0.1 ereg.wip3.adobe.com hosts 127.0.0.1 activate-sea.adobe.com hosts 127.0.0.1 wwis-dubc1-vip60.adobe.com hosts 127.0.0.1 activate-sjc0.adobe.com hosts 127.0.0.1 adobe.activate.com scanner sequence 3.ZZ.11.CPAPGV ----- EOF -----

#13 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 29 August 2011 - 12:05 PM

Hi,

You have a pretty nice collection of illegal software on your system, this is how you infected your computer, besides it being illegal, cracked/keygens are one of the fastest way of infecting your system, almost 100% of illegal software contains some form of malicious code. This forum as well as all the other malware removal forums do not support the use of illegal software, if I was to continue helping you it could be construed in the eyes of the law as aiding and abetting a crime. If you you want to continue, what I need you to do is to look through the CKScanner log and uninstall all the illegal software that you have downloaded and installed , even your Anti Virus software is illegal, thats a shame because there are many free antivirus programs that you could have installed . After you uninstall them all, run CKScanner again and post a new log. If I dont hear back from you in 24 hours this thread will be closed and no more help will be offered.

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#14 Burbè

New Member

Authentic Member
9 posts

Posted 30 August 2011 - 08:01 AM

this is not my pc.. thank you anyway bye g.

#15 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 30 August 2011 - 10:10 AM

Irregardless of who's computer it is, if you dont want to remove the stolen software from this system then no help will be provided This topic is now closed

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

Body Background

skin color theme