[code] OTScanIt logfile created on: 2008-05-30 21:36:59 OTScanIt by OldTimer - Version 1.0.15.6 Folder = C:\Documents and Settings\Steve\Desktop\OTScanIt Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000410 | Country: Italia | Language: ITA | Date Format: yyyy-MM-dd 511.49 Mb Total Physical Memory | 214.26 Mb Available Physical Memory | 41.89% Memory free 1.22 Gb Paging File | 0.89 Gb Available in Paging File | 72.74% Paging File free Paging file location(s): C:\pagefile.sys 768 1536; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi Drive C: | 33.20 Gb Total Space | 13.56 Gb Free Space | 40.83% Space Free | Partition Type: NTFS Drive D: | 30.26 Gb Total Space | 23.28 Gb Free Space | 76.94% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 12.85 Gb Total Space | 3.37 Gb Free Space | 26.22% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LUCA Current User Name: Steve Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users [Processes - Non-Microsoft Only] acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\acrotray.exe -> Adobe Systems Inc. [Ver = 7.0.7.2006011200 | Size = 483328 bytes | Modified Date = 2006-01-12 21:52:32 | Attr = ] cthelper.exe -> %SystemRoot%\system32\CTHELPER.EXE -> Creative Technology Ltd [Ver = 1, 0, 0, 2 | Size = 24576 bytes | Modified Date = 2002-07-02 18:56:00 | Attr = ] avgtray.exe -> %ProgramFiles%\AVG\AVG8\avgtray.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.94 | Size = 1177368 bytes | Modified Date = 2008-05-18 14:26:06 | Attr = ] jusched.exe -> %ProgramFiles%\Java\jre1.6.0_06\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 144784 bytes | Modified Date = 2008-03-25 04:28:02 | Attr = ] superantispyware.exe -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe -> SUPERAntiSpyware.com [Ver = 4, 1, 0, 1046 | Size = 1510640 bytes | Modified Date = 2008-05-13 12:43:56 | Attr = ] bttray.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> WIDCOMM, Inc. [Ver = 1.4.2 Build 10 | Size = 499773 bytes | Modified Date = 2003-10-21 22:51:52 | Attr = ] btstac~1.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTStackServer.exe -> WIDCOMM, Inc. [Ver = 1.4.2 Build 10 | Size = 1126484 bytes | Modified Date = 2003-10-21 22:50:58 | Attr = ] avgwdsvc.exe -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.100 | Size = 282904 bytes | Modified Date = 2008-05-18 14:26:05 | Attr = ] btwdins.exe -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> WIDCOMM, Inc. [Ver = 1.4.2 Build 10 | Size = 135168 bytes | Modified Date = 2003-07-29 17:05:38 | Attr = ] slserv.exe -> %SystemRoot%\system32\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Modified Date = 2004-08-20 00:39:44 | Attr = ] avgrsx.exe -> %ProgramFiles%\AVG\AVG8\avgrsx.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.84 | Size = 311576 bytes | Modified Date = 2008-05-18 14:26:06 | Attr = ] otscanit.exe -> %UserProfile%\Desktop\OTScanIt\OTScanIt.exe -> OldTimer Tools [Ver = 1.0.15.6 | Size = 374272 bytes | Modified Date = 2008-05-30 14:15:30 | Attr = ] [Win32 Services - Non-Microsoft Only] (Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> Adobe Systems [Ver = 2.65.010 | Size = 69632 bytes | Modified Date = 2006-01-14 21:35:57 | Attr = ] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> Apple, Inc. [Ver = 1, 14, 0, 0 | Size = 110592 bytes | Modified Date = 2007-09-06 13:28:18 | Attr = ] (Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 405504 bytes | Modified Date = 2006-01-25 05:45:24 | Attr = ] (ATI Smart) ATI Smart [Win32_Own | Disabled | Stopped] -> %SystemRoot%\system32\ati2sgag.exe -> [Ver = 5.13.0025 | Size = 520192 bytes | Modified Date = 2006-01-26 09:57:00 | Attr = ] (avg8wd) AVG8 WatchDog [Win32_Own | Auto | Running] -> %ProgramFiles%\AVG\AVG8\avgwdsvc.exe -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.100 | Size = 282904 bytes | Modified Date = 2008-05-18 14:26:05 | Attr = ] (btwdins) Bluetooth Service [Win32_Own | Auto | Running] -> %ProgramFiles%\WIDCOMM\Bluetooth Software\bin\btwdins.exe -> WIDCOMM, Inc. [Ver = 1.4.2 Build 10 | Size = 135168 bytes | Modified Date = 2003-07-29 17:05:38 | Attr = ] (dmadmin) Servizio amministrativo di Gestione disco logico [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 225280 bytes | Modified Date = 2004-08-20 00:39:35 | Attr = ] (gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.711.37800.beta | Size = 136120 bytes | Modified Date = 2007-01-04 03:40:21 | Attr = ] (IDriverT) InstallDriver Table Manager [Win32_Own | Disabled | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 2005-04-04 01:41:10 | Attr = ] (iPod Service) Servizio iPod [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 503608 bytes | Modified Date = 2007-09-26 14:41:56 | Attr = ] (ScsiAccess) ScsiAccess [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\ProShowGold\scsiaccess.exe -> [Ver = | Size = 181312 bytes | Modified Date = 2005-11-01 19:39:28 | Attr = ] (SLService) SmartLinkService [Win32_Own | Auto | Running] -> %SystemRoot%\system32\slserv.exe -> Smart Link [Ver = 3.80.01MC15 | Size = 73796 bytes | Modified Date = 2004-08-20 00:39:44 | Attr = ] [Registry - Non-Microsoft Only] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Acrobat Assistant 7.0 -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\acrotray.exe ["C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"] -> Adobe Systems Inc. [Ver = 7.0.7.2006011200 | Size = 483328 bytes | Modified Date = 2006-01-12 21:52:32 | Attr = ] AVG8_TRAY -> %ProgramFiles%\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.94 | Size = 1177368 bytes | Modified Date = 2008-05-18 14:26:06 | Attr = ] Jet Detection -> %ProgramFiles%\Creative\SBLive\Program\ADGJDet.exe [C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe] -> [Ver = 1, 0, 2, 0 | Size = 28672 bytes | Modified Date = 2001-11-29 02:00:00 | Attr = ] SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_06\bin\jusched.exe ["C:\Programmi\Java\jre1.6.0_06\bin\jusched.exe"] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 144784 bytes | Modified Date = 2008-03-25 04:28:02 | Attr = ] UpdReg -> %SystemRoot%\Updreg.EXE [C:\WINDOWS\UpdReg.EXE] -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 2000-05-11 02:00:00 | Attr = ] WINDVDPatch -> %SystemRoot%\system32\CTHELPER.EXE [CTHELPER.EXE] -> Creative Technology Ltd [Ver = 1, 0, 0, 2 | Size = 24576 bytes | Modified Date = 2002-07-02 18:56:00 | Attr = ] < OptionalComponents [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ -> IMAIL-> Installed = 1 -> MAPI-> Installed = 1 -> MSFS-> Installed = 1 -> < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe [C:\Programmi\Picasa2\PicasaMediaDetector.exe] -> Google Inc. [Ver = 2.7.37.49 | Size = 443968 bytes | Modified Date = 2008-02-26 03:23:34 | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 4, 1, 0, 1046 | Size = 1510640 bytes | Modified Date = 2008-05-13 12:43:56 | Attr = ] updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe ["C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1] -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 2006-03-30 16:45:08 | Attr = ] < Run [HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\] > -> HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> Picasa Media Detector -> %ProgramFiles%\Picasa2\PicasaMediaDetector.exe [C:\Programmi\Picasa2\PicasaMediaDetector.exe] -> Google Inc. [Ver = 2.7.37.49 | Size = 443968 bytes | Modified Date = 2008-02-26 03:23:34 | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware\SUPERAntiSpyware.exe [C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe] -> SUPERAntiSpyware.com [Ver = 4, 1, 0, 1046 | Size = 1510640 bytes | Modified Date = 2008-05-13 12:43:56 | Attr = ] updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe ["C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1] -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 2006-03-30 16:45:08 | Attr = ] < All Users Startup Folder > -> C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica -> %AllUsersProfile%\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Acrobat.lnk -> %SystemRoot%\Installer\{AC76BA86-1034-4700-7760-000000000002}\SC_Acrobat.exe -> [Ver = | Size = 25214 bytes | Modified Date = 2007-02-09 22:02:35 | Attr = R ] %AllUsersProfile%\Menu Avvio\Programmi\Esecuzione automatica\BTTray.lnk -> %ProgramFiles%\WIDCOMM\Bluetooth Software\BTTray.exe -> WIDCOMM, Inc. [Ver = 1.4.2 Build 10 | Size = 499773 bytes | Modified Date = 2003-10-21 22:51:52 | Attr = ] < Default User Startup Folder > -> C:\Documents and Settings\Default User\Menu Avvio\Programmi\Esecuzione automatica -> < Luk Startup Folder > -> C:\Documents and Settings\Luk\Menu Avvio\Programmi\Esecuzione automatica -> %SystemDrive%\Documents and Settings\Luk\Menu Avvio\Programmi\Esecuzione automatica\Collegamento a daemon.lnk -> %ProgramFiles%\D-Tools\daemon.exe -> DAEMON'S HOME [Ver = 3.47.0.0 | Size = 81920 bytes | Modified Date = 2004-08-22 17:05:02 | Attr = ] < Steve Startup Folder > -> C:\Documents and Settings\Steve\Menu Avvio\Programmi\Esecuzione automatica -> < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\SUPERAntiSpyware\SASSEH.DLL [] -> SuperAdBlocker.com [Ver = 1, 0, 0, 1012 | Size = 77824 bytes | Modified Date = 2008-05-13 10:13:36 | Attr = ] < SecurityProviders [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> *SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders -> zwebauth.dll -> %SystemRoot%\system32\ZWebAuth.dll -> [Ver = | Size = 16973 bytes | Modified Date = 2001-09-18 18:37:34 | Attr = ] *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon settings [HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004] > -> HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> !SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 2007-04-19 13:41:36 | Attr = ] AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4129 | Size = 61440 bytes | Modified Date = 2006-01-25 05:46:38 | Attr = ] WRNotifier -> . -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> . [67108863] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> . [255] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> . [1] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> . [1073741857] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> . [32] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> . [0] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> . [1] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> . [1] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLegacyLogonScripts -> . [0] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideLogoffScripts -> . [0] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunLogonScriptSync -> . [1] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\RunStartupScriptSync -> . [0] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\HideStartupScripts -> . [0] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> . [145] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> . [0] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> . [0] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> . [1] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> . [0] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> . [0] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> . [145] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> . [145] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> . [145] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> . [145] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004] > -> HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> -> HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> -> HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> -> HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> -> HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> . [145] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> -> HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLegacyLogonScripts -> . [0] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideLogoffScripts -> . [0] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunLogonScriptSync -> . [1] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\RunStartupScriptSync -> . [0] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideStartupScripts -> . [0] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WindowsUpdate\ -> -> < CDROM Autorun Settings > [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\ -> -> *DependOnGroup* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DependOnGroup -> SCSI miniport -> . -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ErrorControl -> . [1] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Group -> . [SCSI CDROM Class] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Start -> . [1] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Tag -> . [2] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\Type -> . [1] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\DisplayName -> Driver del CD-ROM -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\ImagePath -> C:\WINDOWS\system32\drivers\cdrom.sys [System32\DRIVERS\cdrom.sys] -> Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 49536 bytes | Modified Date = 2004-08-04 07:59:52 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun -> . [1] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] *AutoRunAlwaysDisable* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRunAlwaysDisable -> NEC MBR-7 -> . -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] NEC MBR-7.4 -> . -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] PIONEER CHANGR DRM-1804X -> . -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] PIONEER CD-ROM DRM-6324X -> . -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] PIONEER CD-ROM DRM-624X -> . -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] TORiSAN CD-ROM CDR_C36 -> . -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] *MultiFile Done* -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\ -> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\0 -> . [IDE\CdRomHL-DT-ST_CD-RW_GCE-8524B________________1.00____\5&14576fb3&0&0.0.0] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\Count -> . [3] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\NextInstance -> . [3] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\1 -> . [IDE\CdRomHL-DT-ST_DVD-ROM_GDR8163B_______________0L23____\5&14576fb3&0&0.1.0] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum\\2 -> . [SCSI\CdRom&Ven_Generic&Prod_DVD-ROM&Rev_1.0\2&12b1de20&0&000] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] < Drives - Autoruns > -> -> AUTOEXEC.BAT [SET PATH=C:\PROGRA~1\ERL2000\BIN | ] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [Ver = | Size = 34 bytes | Modified Date = 2005-01-04 12:24:41 | Attr = ] < HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts -> < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://www.google.it -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Default_Search_URL -> http://www.google.com/ie -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.google.it/ -> HKEY_CURRENT_USER\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_CURRENT_USER\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_CURRENT_USER\: SearchURL\\ -> http://www.google.com/search?q=%s[gogl] -> HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\.DEFAULT\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\.DEFAULT\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-18\: Main\\Start Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> HKEY_USERS\S-1-5-18\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> HKEY_USERS\S-1-5-19\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> HKEY_USERS\S-1-5-20\: ProxyEnable -> 0 -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\] > -> -> HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\: Main\\Default_Search_URL -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\: Main\\Start Page -> http://www.google.it/ -> HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\: Search\\Default_Search_URL -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\: Search\\SearchAssistant -> http://www.google.com/ie -> HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\: SearchURL\\ -> http://www.google.com/search?q=%s[gogl] -> HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\: ProxyEnable -> 0 -> < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 58 domain(s) found. -> .[msn] -> Risorse del computer -> picasaweb_google.it [http] -> Siti attendibili -> 9 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1217 domain(s) found. -> 72 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 33 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1217 domain(s) found. -> 72 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 33 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1217 domain(s) found. -> 72 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 33 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1217 domain(s) found. -> 72 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 33 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\] > -> HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 58 domain(s) found. -> .[msn] -> Risorse del computer -> picasaweb_google.it [http] -> Siti attendibili -> 9 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\] > -> HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 2006-12-18 05:16:41 | Attr = ] {31FF080D-12A3-439A-A2EF-4BA95A3148E8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\GetRight\xx2gr.dll [bho2gr Class] -> Headlight Software, Inc. [Ver = 5.2b | Size = 233472 bytes | Modified Date = 2004-12-06 14:48:02 | Attr = ] {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgssie.dll [AVG Safe Search] -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.90 | Size = 419096 bytes | Modified Date = 2008-05-18 14:26:07 | Attr = ] {53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 2008-01-28 11:43:28 | Attr = ] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 2008-03-25 04:28:01 | Attr = ] {AE7CD045-E861-484f-8273-0445EE161910} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 05:18:14 | Attr = ] < Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {182EC0BE-5110-49C8-A062-BEB1D02A220B} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 05:18:14 | Attr = ] < Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer Bars [HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\] > -> HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> {47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 05:18:14 | Attr = ] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 05:18:14 | Attr = ] < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\] > -> HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 05:18:14 | Attr = ] < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 132496 bytes | Modified Date = 2008-03-25 04:28:01 | Attr = ] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} [HKEY_CURRENT_USER] -> %ProgramFiles%\Java\jre1.6.0_06\bin\ssv.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 509328 bytes | Modified Date = 2008-03-25 04:28:01 | Attr = ] {CCA281CA-C863-46ef-9331-5C8D4460577F}: [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [@btrez.dll,-4015] -> File not found {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 2008-01-28 11:43:28 | Attr = ] < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 132496 bytes | Modified Date = 2008-03-25 04:28:01 | Attr = ] CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKEY_LOCAL_MACHINE] -> [@btrez.dll,-4015] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 2008-01-28 11:43:28 | Attr = ] < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> Converti destinazione link in Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 05:18:14 | Attr = ] Converti destinazione link in file PDF esistente -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 05:18:14 | Attr = ] Converti i link selezionati in Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 05:18:14 | Attr = ] Converti i link selezionati in file PDF esistente -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 05:18:14 | Attr = ] Converti in Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 05:18:14 | Attr = ] Converti nel file PDF esistente -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 05:18:14 | Attr = ] Converti selezione in Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 05:18:14 | Attr = ] Converti selezione in file PDF esistente -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 05:18:14 | Attr = ] < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 132496 bytes | Modified Date = 2008-03-25 04:28:01 | Attr = ] CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKEY_LOCAL_MACHINE] -> [@btrez.dll,-4015] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 132496 bytes | Modified Date = 2008-03-25 04:28:01 | Attr = ] CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKEY_LOCAL_MACHINE] -> [@btrez.dll,-4015] -> File not found < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\] > -> HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Java\jre1.6.0_06\bin\npjpi160_06.dll [Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 132496 bytes | Modified Date = 2008-03-25 04:28:01 | Attr = ] CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKEY_LOCAL_MACHINE] -> [@btrez.dll,-4015] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search && Destroy Configuration] -> Safer Networking Limited [Ver = 1, 5, 0, 11 | Size = 1554256 bytes | Modified Date = 2008-01-28 11:43:28 | Attr = ] < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\] > -> HKEY_USERS\S-1-5-21-854245398-1580436667-1801674531-1004\Software\Microsoft\Internet Explorer\MenuExt\ -> Converti destinazione link in Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 05:18:14 | Attr = ] Converti destinazione link in file PDF esistente -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 05:18:14 | Attr = ] Converti i link selezionati in Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 05:18:14 | Attr = ] Converti i link selezionati in file PDF esistente -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 05:18:14 | Attr = ] Converti in Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 05:18:14 | Attr = ] Converti nel file PDF esistente -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 05:18:14 | Attr = ] Converti selezione in Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 05:18:14 | Attr = ] Converti selezione in file PDF esistente -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 231160 bytes | Modified Date = 2006-12-18 05:18:14 | Attr = ] < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Galleria ActiveX Microsoft -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {E0ACADAD-59D8-4139-A2D8-C117330B3710} -> 193.70.192.25,193.70.152.25 (NVIDIA nForce MCP Networking Controller) -> {E65CF3BD-CBCB-4BDC-BD73-AFA566485E7A} -> () -> {FF634565-EBB0-41A5-A616-2E95F257DEFF} -> (D-Link AirPlus G DWL-G122 Wireless USB Adapter(rev.B)) -> < Default Protocols [HKEY_USERS\.DEFAULT\] - Select to Repair > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-18\] - Select to Repair > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-19\] - Select to Repair > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Default Protocols [HKEY_USERS\S-1-5-20\] - Select to Repair > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults -> shell -> shell protocol not assigned -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> ipp: [HKEY_LOCAL_MACHINE] -> No CLSID value linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\AVG\AVG8\avgpp.dll[XPLPPFilter Class] -> AVG Technologies CZ, s.r.o. [Ver = | Size = 79128 bytes | Modified Date = 2008-05-18 14:26:14 | Attr = ] msdaipp: [HKEY_LOCAL_MACHINE] -> No CLSID value skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKEY_LOCAL_MACHINE] -> %CommonProgramFiles%\Skype\Skype4COM.dll[IEProtocolHandler Class] -> Skype Technologies [Ver = 1, 0, 28, 2 | Size = 1934672 bytes | Modified Date = 2007-12-07 16:08:02 | Attr = R ] < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}[HKEY_LOCAL_MACHINE] -> http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab[CKAVWebScan Object] -> {166B1BCA-3F9C-11CF-8075-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab[Shockwave ActiveX Control] -> {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}[HKEY_LOCAL_MACHINE] -> http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab[ActiveScan 2.0 Installer Class] -> {8AD9C840-044E-11D1-B3E9-00805F499D93}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}[HKEY_LOCAL_MACHINE] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab[Java Plug-in 1.6.0_06] -> {D27CDB6E-AE6D-11CF-96B8-444553540000}[HKEY_LOCAL_MACHINE] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> < Module Usage Keys [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\.Owner -> . [{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/as2stubie.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/hrtbeat.ocx\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/hrtbeat.ocx\\.Owner -> . [{E5D419D6-A846-4514-9FAD-97E826C84822}] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/hrtbeat.ocx\\{E5D419D6-A846-4514-9FAD-97E826C84822} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\.Owner -> . [{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/libcomm.dll\\{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RdxIE.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RdxIE.dll\\.Owner -> . [{56336BCB-3D8A-11D6-A00B-0050DA18DE71}] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/RdxIE.dll\\{56336BCB-3D8A-11D6-A00B-0050DA18DE71} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zsetup.exe\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zsetup.exe\\.Owner -> . [{E5D419D6-A846-4514-9FAD-97E826C84822}] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/zsetup.exe\\{E5D419D6-A846-4514-9FAD-97E826C84822} -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\PowerDVD -> . [PowerDVD] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/danim.dll\\.Owner -> . [PowerDVD] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\PowerDVD -> . [PowerDVD] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/ddrawex.dll\\.Owner -> . [PowerDVD] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/msvcp60.dll\\.Owner -> . [Unknown Owner] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\ -> -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\PowerDVD -> . [PowerDVD] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/system32/quartz.dll\\.Owner -> . [PowerDVD] -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] [Registry - Additional Scans - Non-Microsoft Only] < Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services -> Adobe LM Service -> -> Apple Mobile Device -> -> Ati HotKey Poller -> -> ATI Smart -> -> C-DillaCdaC11BA -> -> IDriverT -> -> iPod Service -> -> ose -> -> ScsiAccess -> -> UMWdf -> -> < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> FinePrint Dispatcher v5 hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\system32\spool\drivers\w32x86\3\fpdisp5a.exe -> FinePrint Software, LLC [Ver = 5.43 | Size = 483328 bytes | Modified Date = 2005-07-18 22:06:54 | Attr = ] iTunesHelper hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Inc. [Ver = 7.4.3.1 | Size = 267064 bytes | Modified Date = 2007-09-26 14:42:04 | Attr = ] NeroFilterCheck hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\system32\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 2001-07-09 11:50:42 | Attr = ] PDC_smon hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\PDC_smon.exe -> Eutron [Ver = 1.1.0005 | Size = 20480 bytes | Modified Date = 2001-08-04 15:48:24 | Attr = ] QuickTime Task hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.2 | Size = 286720 bytes | Modified Date = 2007-06-29 06:24:52 | Attr = ] SMSERIAL hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\sm56hlpr.exe -> Motorola Inc. [Ver = 6.02.13 | Size = 548864 bytes | Modified Date = 2003-04-23 15:48:20 | Attr = ] SNPSTD2 hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %SystemRoot%\vsnpstd2.exe -> [Ver = 1, 0, 1, 2 | Size = 286720 bytes | Modified Date = 2004-08-30 16:37:08 | Attr = ] TkBellExe hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> RealNetworks, Inc. [Ver = 0.1.0.3292 | Size = 180269 bytes | Modified Date = 2005-09-05 12:35:50 | Attr = ] [Files/Folders - Created Within 90 days] $AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [Folder | Created Date = 2008-05-18 15:08:34 | Attr = H ] Deckard -> %SystemDrive%\Deckard -> [Folder | Created Date = 2008-05-30 20:39:40 | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536403968 bytes | Created Date = 2008-05-26 14:25:20 | Attr = HS] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Created Date = 2008-05-30 20:22:02 | Attr = ] Avg -> %SystemRoot%\System32\drivers\Avg -> [Folder | Created Date = 2008-05-18 14:26:14 | Attr = ] avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [Ver = | Size = 5618689 bytes | Created Date = 2008-05-18 14:26:14 | Attr = ] incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [Ver = | Size = 24157875 bytes | Created Date = 2008-05-18 14:26:14 | Attr = ] microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [Ver = | Size = 66038 bytes | Created Date = 2008-05-18 14:26:14 | Attr = ] miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [Ver = | Size = 838585 bytes | Created Date = 2008-05-18 14:26:14 | Attr = ] avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.58 | Size = 96520 bytes | Created Date = 2008-05-18 14:26:21 | Attr = ] cdr4_xp.sys -> %SystemRoot%\System32\drivers\cdr4_xp.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2432 bytes | Created Date = 2008-04-02 16:05:52 | Attr = ] cdralw2k.sys -> %SystemRoot%\System32\drivers\cdralw2k.sys -> Sonic Solutions [Ver = 8.0.0.212 | Size = 2560 bytes | Created Date = 2008-04-02 16:05:52 | Attr = ] avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 10520 bytes | Created Date = 2008-05-18 14:26:22 | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Created Date = 2008-05-25 18:20:12 | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 69632 bytes | Created Date = 2008-05-25 18:20:12 | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Created Date = 2008-05-25 18:20:12 | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 139264 bytes | Created Date = 2008-05-25 18:20:12 | Attr = ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Created Date = 2008-05-23 12:17:43 | Attr = ] 5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> mlfcache.dat -> %SystemRoot%\System32\mlfcache.dat -> [Ver = | Size = 68764 bytes | Created Date = 2008-04-05 18:22:30 | Attr = H ] ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 2008-05-26 14:04:46 | Attr = ] 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Created Date = 2008-05-25 20:16:30 | Attr = ] TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 2008-05-25 20:14:15 | Attr = ] bcwzfq.job -> %SystemRoot%\tasks\bcwzfq.job -> [Ver = | Size = 220 bytes | Created Date = 2008-03-15 19:31:48 | Attr = RH ] [Files Created - Additional Folder Scans - Non-Microsoft Only] avg8 -> %AllUsersProfile%\Dati applicazioni\avg8 -> [Folder | Created Date = 2008-05-18 14:26:04 | Attr = ] Kaspersky Lab -> %AllUsersProfile%\Dati applicazioni\Kaspersky Lab -> [Folder | Created Date = 2008-05-23 12:17:46 | Attr = ] Malwarebytes -> %AllUsersProfile%\Dati applicazioni\Malwarebytes -> [Folder | Created Date = 2008-05-26 17:04:12 | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Dati applicazioni\SUPERAntiSpyware.com -> [Folder | Created Date = 2008-05-28 17:46:52 | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Created Date = 2008-05-26 17:04:21 | Attr = ] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Created Date = 2008-05-28 17:46:39 | Attr = ] Google -> %UserProfile%\Impostazioni locali\Dati applicazioni\Google -> [Folder | Created Date = 2008-04-02 16:05:54 | Attr = ] 730_2008 zia Elide.doc -> %UserProfile%\Documenti\730_2008 zia Elide.doc -> [Ver = | Size = 41984 bytes | Created Date = 2008-04-04 18:07:03 | Attr = ] Bonifico_Renzo_Lumini_2008.pdf -> %UserProfile%\Documenti\Bonifico_Renzo_Lumini_2008.pdf -> [Ver = | Size = 26560 bytes | Created Date = 2008-04-10 16:52:08 | Attr = ] CV_a_Venerdì14.pdf -> %UserProfile%\Documenti\CV_a_Venerdì14.pdf -> [Ver = | Size = 62601 bytes | Created Date = 2008-03-14 19:09:41 | Attr = ] essexboy.doc -> %UserProfile%\Documenti\essexboy.doc -> [Ver = | Size = 31232 bytes | Created Date = 2008-05-30 21:25:40 | Attr = ] Kasp_Report.html -> %UserProfile%\Documenti\Kasp_Report.html -> [Ver = | Size = 83456 bytes | Created Date = 2008-05-30 17:09:43 | Attr = ] MalWare -> %UserProfile%\Documenti\MalWare -> [Folder | Created Date = 2008-05-23 21:23:11 | Attr = ] Orario_Luca_3°P.pdf -> %UserProfile%\Documenti\Orario_Luca_3°P.pdf -> [Ver = | Size = 56206 bytes | Created Date = 2008-04-21 09:50:33 | Attr = ] TARSU_2008.pdf -> %UserProfile%\Documenti\TARSU_2008.pdf -> [Ver = | Size = 27355 bytes | Created Date = 2008-05-29 12:29:28 | Attr = ] AVG Free 8.0.lnk -> %AllUsersProfile%\Desktop\AVG Free 8.0.lnk -> [Ver = | Size = 1479 bytes | Created Date = 2008-05-18 14:26:23 | Attr = ] Picasa2.lnk -> %AllUsersProfile%\Desktop\Picasa2.lnk -> [Ver = | Size = 638 bytes | Created Date = 2008-04-02 16:05:50 | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 752 bytes | Created Date = 2008-05-28 17:46:42 | Attr = ] Thumbs.db -> %AllUsersProfile%\Desktop\Thumbs.db -> [Ver = | Size = 6144 bytes | Created Date = 2008-03-31 15:32:19 | Attr = HS] @Alternate Data Stream - 0 bytes -> %AllUsersProfile%\Desktop\Thumbs.db:encryptable dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Created Date = 2008-05-30 20:38:48 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier LSPFix.exe -> %UserProfile%\Desktop\LSPFix.exe -> CEXX.ORG [Ver = 1.1.0.0 | Size = 186880 bytes | Created Date = 2008-05-30 17:51:30 | Attr = ] OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.2 | Size = 291328 bytes | Created Date = 2008-05-30 20:13:05 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Created Date = 2008-05-30 21:30:35 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 544711 bytes | Created Date = 2008-05-30 21:29:33 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 905 bytes | Created Date = 2008-05-22 15:47:49 | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Created Date = 2008-05-25 18:19:23 | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Created Date = 2008-05-28 17:45:47 | Attr = ] AVG -> %ProgramFiles%\AVG -> [Folder | Created Date = 2008-05-18 14:26:04 | Attr = ] Google -> %ProgramFiles%\Google -> [Folder | Created Date = 2008-04-02 16:05:43 | Attr = ] HijackThis -> %ProgramFiles%\HijackThis -> [Folder | Created Date = 2008-05-19 15:07:07 | Attr = ] Panda Security -> %ProgramFiles%\Panda Security -> [Folder | Created Date = 2008-05-21 21:34:03 | Attr = ] Picasa2 -> %ProgramFiles%\Picasa2 -> [Folder | Created Date = 2008-04-02 16:05:33 | Attr = ] Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy -> [Folder | Created Date = 2008-05-22 15:47:45 | Attr = ] SUPERAntiSpyware -> %ProgramFiles%\SUPERAntiSpyware -> [Folder | Created Date = 2008-05-28 17:46:39 | Attr = ] [Files/Folders - Modified Within 90 days] $AVG8.VAULT$ -> %SystemDrive%\$AVG8.VAULT$ -> [Folder | Modified Date = 2008-05-30 14:14:58 | Attr = H ] boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 2008-03-06 16:21:04 | Attr = HS] Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 2008-05-28 17:46:43 | Attr = HS] Deckard -> %SystemDrive%\Deckard -> [Folder | Modified Date = 2008-05-30 20:39:40 | Attr = ] Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 2008-05-19 16:44:31 | Attr = ] hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 536403968 bytes | Modified Date = 2008-05-30 14:11:36 | Attr = HS] Programmi -> %ProgramFiles% -> [Folder | Modified Date = 2008-05-28 17:46:39 | Attr = R ] System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 2008-05-23 20:21:13 | Attr = HS] WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 2008-05-30 15:08:01 | Attr = ] _OTMoveIt -> %SystemDrive%\_OTMoveIt -> [Folder | Modified Date = 2008-05-30 20:22:02 | Attr = ] msjetol1.dll -> %SystemRoot%\System32\dllcache\msjetol1.dll -> [Ver = | Size = 355112 bytes | Modified Date = 2008-03-25 06:50:40 | Attr = ] Avg -> %SystemRoot%\System32\drivers\Avg -> [Folder | Modified Date = 2008-05-30 14:14:45 | Attr = ] avi7.avg -> %SystemRoot%\System32\drivers\Avg\avi7.avg -> [Ver = | Size = 5618689 bytes | Modified Date = 2008-05-18 14:26:14 | Attr = ] incavi.avm -> %SystemRoot%\System32\drivers\Avg\incavi.avm -> [Ver = | Size = 24157875 bytes | Modified Date = 2008-05-30 14:14:42 | Attr = ] microavi.avg -> %SystemRoot%\System32\drivers\Avg\microavi.avg -> [Ver = | Size = 66038 bytes | Modified Date = 2008-05-30 14:14:42 | Attr = ] miniavi.avg -> %SystemRoot%\System32\drivers\Avg\miniavi.avg -> [Ver = | Size = 838585 bytes | Modified Date = 2008-05-22 10:14:59 | Attr = ] avgldx86.sys -> %SystemRoot%\System32\drivers\avgldx86.sys -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.58 | Size = 96520 bytes | Modified Date = 2008-05-18 14:26:21 | Attr = ] avgmfx86.sys -> %SystemRoot%\System32\drivers\avgmfx86.sys -> GRISOFT, s.r.o. [Ver = 8.0.0.46 | Size = 26184 bytes | Modified Date = 2008-05-18 14:26:19 | Attr = ] etc -> %SystemRoot%\System32\drivers\etc -> [Folder | Modified Date = 2008-05-26 14:10:13 | Attr = ] HOSTS -> %SystemRoot%\System32\drivers\etc\HOSTS -> [Ver = | Size = 686 bytes | Modified Date = 2008-05-26 14:10:13 | Attr = ] avgrsstx.dll -> %SystemRoot%\System32\avgrsstx.dll -> AVG Technologies CZ, s.r.o. [Ver = 8.0.0.80 | Size = 10520 bytes | Modified Date = 2008-05-18 14:26:22 | Attr = ] BMXBkpCtrlState-{00000001-00000000-0000000A-00001102-00000002-00201102}.rfx -> %SystemRoot%\System32\BMXBkpCtrlState-{00000001-00000000-0000000A-00001102-00000002-00201102}.rfx -> [Ver = | Size = 24672 bytes | Modified Date = 2008-05-29 22:56:53 | Attr = ] BMXCtrlState-{00000001-00000000-0000000A-00001102-00000002-00201102}.rfx -> %SystemRoot%\System32\BMXCtrlState-{00000001-00000000-0000000A-00001102-00000002-00201102}.rfx -> [Ver = | Size = 24672 bytes | Modified Date = 2008-05-29 22:56:53 | Attr = ] BMXState-{00000001-00000000-0000000A-00001102-00000002-00201102}.rfx -> %SystemRoot%\System32\BMXState-{00000001-00000000-0000000A-00001102-00000002-00201102}.rfx -> [Ver = | Size = 16420 bytes | Modified Date = 2008-05-29 22:56:53 | Attr = ] BMXStateBkp-{00000001-00000000-0000000A-00001102-00000002-00201102}.rfx -> %SystemRoot%\System32\BMXStateBkp-{00000001-00000000-0000000A-00001102-00000002-00201102}.rfx -> [Ver = | Size = 16420 bytes | Modified Date = 2008-05-29 22:56:53 | Attr = ] CatRoot2 -> %SystemRoot%\System32\CatRoot2 -> [Folder | Modified Date = 2008-05-30 20:40:00 | Attr = ] 5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> dllcache -> %SystemRoot%\System32\dllcache -> [Folder | Modified Date = 2008-05-14 23:25:58 | Attr = RHS] drivers -> %SystemRoot%\System32\drivers -> [Folder | Modified Date = 2008-05-26 20:00:31 | Attr = ] DVCState-{00000001-00000000-0000000A-00001102-00000002-00201102}.dat -> %SystemRoot%\System32\DVCState-{00000001-00000000-0000000A-00001102-00000002-00201102}.dat -> [Ver = | Size = 24 bytes | Modified Date = 2008-05-29 22:56:53 | Attr = ] DVCStateBkp-{00000001-00000000-0000000A-00001102-00000002-00201102}.dat -> %SystemRoot%\System32\DVCStateBkp-{00000001-00000000-0000000A-00001102-00000002-00201102}.dat -> [Ver = | Size = 24 bytes | Modified Date = 2008-05-29 22:56:53 | Attr = ] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [Ver = | Size = 368896 bytes | Modified Date = 2008-04-10 11:43:44 | Attr = ] java.exe -> %SystemRoot%\System32\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Modified Date = 2008-03-25 01:28:39 | Attr = ] javacpl.cpl -> %SystemRoot%\System32\javacpl.cpl -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 69632 bytes | Modified Date = 2008-03-25 02:37:01 | Attr = ] javaw.exe -> %SystemRoot%\System32\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 135168 bytes | Modified Date = 2008-03-25 01:28:43 | Attr = ] javaws.exe -> %SystemRoot%\System32\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.60.2 | Size = 139264 bytes | Modified Date = 2008-03-25 02:37:01 | Attr = ] Kaspersky Lab -> %SystemRoot%\System32\Kaspersky Lab -> [Folder | Modified Date = 2008-05-23 12:17:43 | Attr = ] mlfcache.dat -> %SystemRoot%\System32\mlfcache.dat -> [Ver = | Size = 68764 bytes | Modified Date = 2008-04-05 18:22:30 | Attr = H ] msjetoledb40.dll -> %SystemRoot%\System32\msjetoledb40.dll -> [Ver = | Size = 355112 bytes | Modified Date = 2008-03-25 06:50:40 | Attr = ] perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [Ver = | Size = 61636 bytes | Modified Date = 2008-03-30 11:34:39 | Attr = ] perfc010.dat -> %SystemRoot%\System32\perfc010.dat -> [Ver = | Size = 74304 bytes | Modified Date = 2008-03-30 11:34:39 | Attr = ] perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [Ver = | Size = 401212 bytes | Modified Date = 2008-03-30 11:34:39 | Attr = ] perfh010.dat -> %SystemRoot%\System32\perfh010.dat -> [Ver = | Size = 449046 bytes | Modified Date = 2008-03-30 11:34:39 | Attr = ] PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [Ver = | Size = 998174 bytes | Modified Date = 2008-03-30 11:34:39 | Attr = ] Restore -> %SystemRoot%\System32\Restore -> [Folder | Modified Date = 2008-05-23 20:21:13 | Attr = ] settings.sfm -> %SystemRoot%\System32\settings.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 2008-05-29 22:56:53 | Attr = ] settingsbkup.sfm -> %SystemRoot%\System32\settingsbkup.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 2008-05-29 22:56:53 | Attr = ] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [Ver = | Size = 2206 bytes | Modified Date = 2008-05-30 14:11:46 | Attr = ] $hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 2008-05-14 15:49:15 | Attr = H ] 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 2008-05-30 14:11:41 | Attr = S] Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 2008-05-23 20:23:29 | Attr = S] ERUNT -> %SystemRoot%\ERUNT -> [Folder | Modified Date = 2008-05-26 14:05:00 | Attr = ] Fonts -> %SystemRoot%\Fonts -> [Folder | Modified Date = 2008-05-19 14:29:02 | Attr = R S] imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 1374 bytes | Modified Date = 2008-05-14 23:26:05 | Attr = ] inf -> %SystemRoot%\inf -> [Folder | Modified Date = 2008-05-23 12:17:43 | Attr = H ] Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 2008-05-28 17:46:43 | Attr = HS] Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 2008-05-18 14:31:32 | Attr = ] PSEXESVC.EXE -> %SystemRoot%\PSEXESVC.EXE -> Sysinternals [Ver = 1.70 | Size = 53248 bytes | Modified Date = 2008-05-25 20:16:30 | Attr = ] system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 2008-05-25 20:16:34 | Attr = ] system32 -> %SystemRoot%\system32 -> [Folder | Modified Date = 2008-05-29 15:45:50 | Attr = ] Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 2008-03-15 19:31:48 | Attr = S] TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 2008-05-30 21:37:10 | Attr = ] win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1259 bytes | Modified Date = 2008-03-06 16:21:04 | Attr = ] winamp.ini -> %SystemRoot%\winamp.ini -> [Ver = | Size = 1125 bytes | Modified Date = 2008-05-09 16:03:49 | Attr = ] WININIT.INI -> %SystemRoot%\WININIT.INI -> [Ver = | Size = 8232 bytes | Modified Date = 2008-05-22 16:25:42 | Attr = ] WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 2008-05-18 14:25:52 | Attr = ] {00000001-00000000-0000000A-00001102-00000002-00201102}.BAK -> %SystemRoot%\{00000001-00000000-0000000A-00001102-00000002-00201102}.BAK -> [Ver = | Size = 3373917 bytes | Modified Date = 2008-05-30 14:12:07 | Attr = ] {00000001-00000000-0000000A-00001102-00000002-00201102}.CDF -> %SystemRoot%\{00000001-00000000-0000000A-00001102-00000002-00201102}.CDF -> [Ver = | Size = 3373917 bytes | Modified Date = 2008-05-30 14:12:07 | Attr = ] bcwzfq.job -> %SystemRoot%\tasks\bcwzfq.job -> [Ver = | Size = 220 bytes | Modified Date = 2008-03-15 19:31:48 | Attr = RH ] SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 2008-05-30 14:11:51 | Attr = H ] C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader -> [Folder | Modified Date = 2004-03-06 00:53:13 | Attr = ] qmgr0.dat -> C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat -> [Ver = | Size = 6626 bytes | Modified Date = 2008-05-30 14:13:54 | Attr = ] qmgr1.dat -> C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat -> [Ver = | Size = 6626 bytes | Modified Date = 2008-05-30 14:13:54 | Attr = ] C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\OFFICE\DATA -> [Folder | Modified Date = 2004-03-04 20:45:12 | Attr = ] opa11.dat -> C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\OFFICE\DATA\opa11.dat -> [Ver = | Size = 8206 bytes | Modified Date = 2004-03-04 20:45:12 | Attr = ] C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Windows Genuine Advantage\data\ -> C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Windows Genuine Advantage\data -> [Folder | Modified Date = 2005-01-14 12:10:08 | Attr = ] data.dat -> C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Windows Genuine Advantage\data\data.dat -> [Ver = | Size = 2756 bytes | Modified Date = 2005-01-14 12:10:12 | Attr = ] C:\Documents and Settings\Steve\Impostazioni locali\temp\ -> C:\Documents and Settings\Steve\Impostazioni locali\temp -> [Folder | Modified Date = 2008-05-30 21:36:37 | Attr = ] Install_WLMessenger.exe -> C:\Documents and Settings\Steve\Impostazioni locali\temp\Install_WLMessenger.exe -> Microsoft Corporation [Ver = 12.0.2000.1009 | Size = 20334608 bytes | Modified Date = 2007-10-28 06:47:28 | Attr = ] SSUPDATE.EXE -> C:\Documents and Settings\Steve\Impostazioni locali\temp\SSUPDATE.EXE -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1034 | Size = 158960 bytes | Modified Date = 2008-05-13 12:43:54 | Attr = ] 1 C:\Documents and Settings\Steve\Impostazioni locali\temp\*.tmp files -> C:\Documents and Settings\Steve\Impostazioni locali\temp\*.tmp -> [Files Modified - Additional Folder Scans - Non-Microsoft Only] avg8 -> %AllUsersProfile%\Dati applicazioni\avg8 -> [Folder | Modified Date = 2008-05-18 14:26:04 | Attr = ] Kaspersky Lab -> %AllUsersProfile%\Dati applicazioni\Kaspersky Lab -> [Folder | Modified Date = 2008-05-23 12:17:46 | Attr = ] Malwarebytes -> %AllUsersProfile%\Dati applicazioni\Malwarebytes -> [Folder | Modified Date = 2008-05-26 17:04:12 | Attr = ] Spybot - Search & Destroy -> %AllUsersProfile%\Dati applicazioni\Spybot - Search & Destroy -> [Folder | Modified Date = 2008-05-22 15:48:01 | Attr = ] SUPERAntiSpyware.com -> %AllUsersProfile%\Dati applicazioni\SUPERAntiSpyware.com -> [Folder | Modified Date = 2008-05-28 17:46:52 | Attr = ] Malwarebytes -> %AppData%\Malwarebytes -> [Folder | Modified Date = 2008-05-26 17:04:21 | Attr = ] Microsoft -> %AppData%\Microsoft -> [Folder | Modified Date = 2008-05-10 09:32:10 | Attr = S] SUPERAntiSpyware.com -> %AppData%\SUPERAntiSpyware.com -> [Folder | Modified Date = 2008-05-28 17:46:39 | Attr = ] DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [Ver = | Size = 208896 bytes | Modified Date = 2008-05-29 22:16:19 | Attr = ] Google -> %UserProfile%\Impostazioni locali\Dati applicazioni\Google -> [Folder | Modified Date = 2008-04-02 16:06:15 | Attr = ] 730_2008 zia Elide.doc -> %UserProfile%\Documenti\730_2008 zia Elide.doc -> [Ver = | Size = 41984 bytes | Modified Date = 2008-04-04 18:07:04 | Attr = ] Albenga -> %UserProfile%\Documenti\Albenga -> [Folder | Modified Date = 2008-04-02 19:02:32 | Attr = ] Bonifico_Renzo_Lumini_2008.pdf -> %UserProfile%\Documenti\Bonifico_Renzo_Lumini_2008.pdf -> [Ver = | Size = 26560 bytes | Modified Date = 2008-04-10 16:52:08 | Attr = ] CADGI -> %UserProfile%\Documenti\CADGI -> [Folder | Modified Date = 2008-04-28 16:10:38 | Attr = ] Cartelle condivise.lnk -> %UserProfile%\Documenti\Cartelle condivise.lnk -> [Ver = | Size = 607 bytes | Modified Date = 2008-05-29 19:47:43 | Attr = ] CV_a_Venerdì14.pdf -> %UserProfile%\Documenti\CV_a_Venerdì14.pdf -> [Ver = | Size = 62601 bytes | Modified Date = 2008-03-14 19:09:41 | Attr = ] Documenti -> %UserProfile%\Documenti\Documenti -> [Folder | Modified Date = 2008-04-21 09:49:57 | Attr = ] essexboy.doc -> %UserProfile%\Documenti\essexboy.doc -> [Ver = | Size = 31232 bytes | Modified Date = 2008-05-30 21:25:41 | Attr = ] File ricevuti -> %UserProfile%\Documenti\File ricevuti -> [Folder | Modified Date = 2008-05-18 14:16:37 | Attr = ] Immagini -> %UserProfile%\Documenti\Immagini -> [Folder | Modified Date = 2008-04-28 21:15:58 | Attr = R ] Kasp_Report.html -> %UserProfile%\Documenti\Kasp_Report.html -> [Ver = | Size = 83456 bytes | Modified Date = 2008-05-30 17:09:43 | Attr = ] MalWare -> %UserProfile%\Documenti\MalWare -> [Folder | Modified Date = 2008-05-26 17:05:56 | Attr = ] Musica -> %UserProfile%\Documenti\Musica -> [Folder | Modified Date = 2008-03-30 11:39:44 | Attr = R ] My Received Files -> %UserProfile%\Documenti\My Received Files -> [Folder | Modified Date = 2008-05-22 15:45:22 | Attr = ] Orario_Luca_3°P.pdf -> %UserProfile%\Documenti\Orario_Luca_3°P.pdf -> [Ver = | Size = 56206 bytes | Modified Date = 2008-04-21 09:50:33 | Attr = ] TARSU_2008.pdf -> %UserProfile%\Documenti\TARSU_2008.pdf -> [Ver = | Size = 27355 bytes | Modified Date = 2008-05-29 12:29:28 | Attr = ] Video -> %UserProfile%\Documenti\Video -> [Folder | Modified Date = 2008-05-09 16:04:49 | Attr = R ] AVG Free 8.0.lnk -> %AllUsersProfile%\Desktop\AVG Free 8.0.lnk -> [Ver = | Size = 1479 bytes | Modified Date = 2008-05-18 14:26:23 | Attr = ] Picasa2.lnk -> %AllUsersProfile%\Desktop\Picasa2.lnk -> [Ver = | Size = 638 bytes | Modified Date = 2008-04-02 16:05:50 | Attr = ] SUPERAntiSpyware Free Edition.lnk -> %AllUsersProfile%\Desktop\SUPERAntiSpyware Free Edition.lnk -> [Ver = | Size = 752 bytes | Modified Date = 2008-05-28 17:46:42 | Attr = ] Thumbs.db -> %AllUsersProfile%\Desktop\Thumbs.db -> [Ver = | Size = 6144 bytes | Modified Date = 2008-03-31 15:32:19 | Attr = HS] @Alternate Data Stream - 0 bytes -> %AllUsersProfile%\Desktop\Thumbs.db:encryptable dss.exe -> %UserProfile%\Desktop\dss.exe -> [Ver = 3, 2, 8, 1 | Size = 686630 bytes | Modified Date = 2008-05-30 20:38:58 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\dss.exe:Zone.Identifier OTMoveIt2.exe -> %UserProfile%\Desktop\OTMoveIt2.exe -> OldTimer Tools [Ver = 1.0.4.2 | Size = 291328 bytes | Modified Date = 2008-05-30 20:13:07 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTMoveIt2.exe:Zone.Identifier OTScanIt -> %UserProfile%\Desktop\OTScanIt -> [Folder | Modified Date = 2008-05-30 21:30:35 | Attr = ] OTScanIt.exe -> %UserProfile%\Desktop\OTScanIt.exe -> [Ver = | Size = 544711 bytes | Modified Date = 2008-05-30 21:29:37 | Attr = ] @Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTScanIt.exe:Zone.Identifier Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [Ver = | Size = 905 bytes | Modified Date = 2008-05-22 15:47:49 | Attr = ] Tracce_di_temi.doc -> %UserProfile%\Desktop\Tracce_di_temi.doc -> [Ver = | Size = 40448 bytes | Modified Date = 2008-04-27 16:43:55 | Attr = ] Avvio veloce di Adobe Acrobat.lnk -> %AllUsersProfile%\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Acrobat.lnk -> [Ver = | Size = 2319 bytes | Modified Date = 2008-05-30 14:12:20 | Attr = ] Java -> %CommonProgramFiles%\Java -> [Folder | Modified Date = 2008-05-25 18:19:23 | Attr = ] Wise Installation Wizard -> %CommonProgramFiles%\Wise Installation Wizard -> [Folder | Modified Date = 2008-05-28 17:45:47 | Attr = ] [File - Purity Scan: Additional Folder Scans - Non-Microsoft Only] < End of report > [/code]