my pc is running very slow lately so i'm trying to check for a possible infection.
I followed your instructions on the "Malware and Spyware Cleaning Guide". The steps and logs are listed below (and also attached).
I dont think i see any particular infection reported, but there seems to be a few items maybe to be fixed, could you please verify and tell me how to cleanup and/or speed the pc up?
Thanks a lot in advance for your support,
Luca
1) After the inital cleanup steps, i ran MBAM and the result was clean, here is the log:
Malwarebytes' Anti-Malware 1.42
Versione del database: 3289
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
08/12/2009 19.02.37
mbam-log-2009-12-08 (19-02-37).txt
Tipo di scansione: Scansione rapida
Elementi scansionati: 107575
Tempo trascorso: 19 minute(s), 35 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)
Chiavi di registro infette:
(Nessun elemento malevolo rilevato)
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
(Nessun elemento malevolo rilevato)
2) i ran my antivirus scan (AVAST) and the result was clean.
3) i ran RootRepeal and here is the log:
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/08 20:27
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAAD00000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF899A000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA9F09000 Size: 49152 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaad206b8
#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaad20574
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaad20a52
#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaad2014c
#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaad2064e
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaad2008c
#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaad200f0
#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaad2076e
#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaad2072e
#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaad208ae
==EOF==
4) i ran OTL quick scan with suggested custom options and here is the otl and extras logs:
OTL logfile created on: 08/12/2009 21.16.19 - Run 1
OTL by OldTimer - Version 3.1.11.9 Folder = C:\Documents and Settings\Luca\Documenti\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
502,42 Mb Total Physical Memory | 143,41 Mb Available Physical Memory | 28,54% Memory free
1,20 Gb Paging File | 0,86 Gb Available in Paging File | 71,73% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 26,27 Gb Total Space | 6,34 Gb Free Space | 24,13% Space Free | Partition Type: FAT32
Drive D: | 26,66 Gb Total Space | 20,93 Gb Free Space | 78,51% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NOTEBOOK-LUCA
Current User Name: Luca
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2009/12/08 20.29.04 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luca\Documenti\Downloads\OTL.exe
PRC - [2009/12/08 13.56.10 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/12/08 13.56.08 | 01,184,912 | ---- | M] (Lavasoft) -- C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/10/11 04.17.36 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Java\jre6\bin\jqs.exe
PRC - [2009/10/11 04.17.36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Java\jre6\bin\jusched.exe
PRC - [2009/08/17 18.07.24 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Programmi\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/08/17 18.07.18 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Programmi\Alwil Software\Avast4\ashServ.exe
PRC - [2009/08/17 17.58.56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/04/14 04.14.26 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/14 04.14.08 | 01,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/25 13.36.40 | 00,032,768 | ---- | M] () -- C:\Programmi\Launch Manager\LaunchAp.exe
PRC - [2005/07/25 13.34.28 | 00,081,920 | ---- | M] () -- C:\Programmi\Launch Manager\WButton.exe
PRC - [2005/07/25 10.45.00 | 00,241,664 | ---- | M] () -- C:\Programmi\Launch Manager\OSDCtrl.exe
PRC - [2005/06/29 17.26.14 | 00,352,256 | ---- | M] (acer Inc.) -- C:\Programmi\acer\eRecovery\Monitor.exe
PRC - [2005/06/06 19.08.58 | 01,273,344 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe
PRC - [2005/06/06 11.52.10 | 00,069,632 | ---- | M] (Wistron) -- C:\Programmi\Launch Manager\HotkeyApp.exe
PRC - [2005/06/01 14.17.08 | 00,192,512 | ---- | M] (Acer Inc) -- C:\Acer\ePM\epm-dm.exe
PRC - [2005/05/12 00.33.52 | 00,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/05/11 23.12.54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Programmi\HP\HP Software Update\hpwuSchd2.exe
PRC - [2005/04/15 11.01.46 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/03/09 18.59.26 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Arcade\PCMService.exe
PRC - [2005/02/04 11.12.58 | 00,102,490 | ---- | M] (Synaptics, Inc.) -- C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/02/04 11.11.48 | 00,708,698 | ---- | M] (Synaptics, Inc.) -- C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/01/23 10.36.10 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2005/01/23 10.31.34 | 00,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2004/08/19 20.00.00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2003/08/29 19.05.36 | 00,360,448 | ---- | M] () -- C:\Programmi\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11.14.58 | 00,233,472 | ---- | M] () -- C:\Programmi\SpywareGuard\sgbhp.exe
PRC - [2002/08/30 15.02.48 | 00,094,208 | ---- | M] () -- C:\Programmi\Launch Manager\Powerkey.exe
========== Modules (SafeList) ==========
MOD - [2009/12/08 20.29.04 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luca\Documenti\Downloads\OTL.exe
MOD - [2008/04/14 04.13.42 | 01,028,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2008/04/14 04.13.40 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hid.dll
MOD - [2005/02/04 11.12.50 | 00,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2004/08/27 16.42.36 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Programmi\CyberLink\Shared Files\CLRCEngine.dll
MOD - [2004/08/19 20.00.00 | 00,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42loc.dll
========== Win32 Services (SafeList) ==========
SRV - [2009/12/08 13.56.08 | 01,184,912 | ---- | M] (Lavasoft) -- C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/10/11 04.17.36 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/08/17 18.07.18 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Programmi\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/08/17 18.07.02 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/08/17 18.04.22 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Programmi\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/08/17 17.58.56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2005/11/14 01.06.04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/06/06 19.08.58 | 01,273,344 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe -- (anbmService)
SRV - [2004/07/15 01.49.26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:12080
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.it/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.ftp: "localhost"
FF - prefs.js..network.proxy.ftp_port: 12080
FF - prefs.js..network.proxy.gopher: "localhost"
FF - prefs.js..network.proxy.gopher_port: 12080
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 12080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 12080
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 12080
FF - prefs.js..network.proxy.type: 1
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2009/04/14 22.06.34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2009/04/14 22.06.34 | 00,000,000 | ---D | M]
[2009/04/14 22.08.58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Luca\Dati applicazioni\Mozilla\Extensions
[2009/04/14 22.08.58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Luca\Dati applicazioni\Mozilla\Firefox\Profiles\k3mp2d8q.default\extensions
[2009/09/12 10.44.22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Luca\Dati applicazioni\Mozilla\Firefox\Profiles\k3mp2d8q.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/04/14 22.06.34 | 00,000,000 | ---D | M] -- C:\Programmi\Mozilla Firefox\extensions
[2009/05/01 23.56.26 | 00,001,412 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\demauro.xml
[2009/05/01 23.56.26 | 00,000,744 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml
[2009/05/01 23.56.26 | 00,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml
[2009/05/01 23.56.26 | 00,000,649 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xml
O1 HOSTS File: (768 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmi\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avast!] C:\Programmi\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CtrlVol] C:\Programmi\Launch Manager\CtrlVol.exe (Wistron)
O4 - HKLM..\Run: [EPM-DM] c:\Acer\ePM\epm-dm.exe (Acer Inc)
O4 - HKLM..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [eRecoveryService] C:\Programmi\acer\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [LaunchAp] C:\Programmi\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LManager] C:\Programmi\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrOSD] C:\Programmi\Launch Manager\OSDCtrl.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PowerKey] C:\Programmi\Launch Manager\PowerKey.exe ()
O4 - HKLM..\Run: [preload] C:\WINDOWS\RUNXMLPL.EXE (Wistron)
O4 - HKLM..\Run: [QuickTime Task] C:\Programmi\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Programmi\Launch Manager\Wbutton.exe ()
O4 - HKCU..\Run: [Rainlendar2] C:\Programmi\Rainlendar2\Rainlendar2.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Luca\Menu Avvio\Programmi\Esecuzione automatica\SpywareGuard.lnk = C:\Programmi\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Documents and Settings\Luca\Menu Avvio\Programmi\Esecuzione automatica\Rainlendar.lnk = C:\Programmi\Rainlendar\Rainlendar.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00 [binary data]
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 331 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.0)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Programmi\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{83bfabd2-aab9-11dd-bdc2-000ae4ebbaff}\Shell - "" = AutoRun
O33 - MountPoints2\{83bfabd2-aab9-11dd-bdc2-000ae4ebbaff}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{83bfabd4-aab9-11dd-bdc2-000ae4ebbaff}\Shell - "" = AutoRun
O33 - MountPoints2\{83bfabd4-aab9-11dd-bdc2-000ae4ebbaff}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/09/14 11.47.34 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
========== Files/Folders - Created Within 14 Days ==========
[2009/12/08 18.37.28 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/08 18.36.55 | 00,000,000 | ---D | C] -- C:\Programmi\ERUNT
[2009/12/08 14.29.11 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Luca\Recent
[2009/12/07 14.30.22 | 00,000,000 | ---D | C] -- C:\Programmi\uTorrent
[2009/12/07 14.29.29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Luca\Dati applicazioni\uTorrent
[2005/05/11 23.36.48 | 00,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 14 Days ==========
[2009/12/08 21.09.50 | 00,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/12/08 21.07.08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2009/12/08 21.06.32 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/08 21.06.06 | 00,000,098 | ---- | M] () -- C:\WINDOWS\ComponentList.xml
[2009/12/08 21.05.36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/08 21.05.28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/08 21.05.26 | 52,689,7152 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/08 21.04.46 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\Luca\NTUSER.DAT
[2009/12/08 21.04.46 | 00,000,194 | -HS- | M] () -- C:\Documents and Settings\Luca\ntuser.ini
[2009/12/08 20.12.50 | 00,008,704 | ---- | M] () -- C:\Documents and Settings\Luca\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/08 18.42.52 | 00,062,720 | ---- | M] () -- C:\Documents and Settings\Luca\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
[2009/12/08 18.40.54 | 00,251,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/08 18.37.00 | 00,000,499 | ---- | M] () -- C:\Documents and Settings\Luca\Desktop\NTREGOPT.lnk
[2009/12/08 18.37.00 | 00,000,480 | ---- | M] () -- C:\Documents and Settings\Luca\Desktop\ERUNT.lnk
[2009/12/07 14.30.24 | 00,000,518 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2009/12/07 14.20.48 | 02,642,688 | -H-- | M] () -- C:\Documents and Settings\Luca\Impostazioni locali\Dati applicazioni\IconCache.db
[2009/12/03 16.14.06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16.13.56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2009/12/08 21.05.24 | 52,689,7152 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/08 18.36.58 | 00,000,499 | ---- | C] () -- C:\Documents and Settings\Luca\Desktop\NTREGOPT.lnk
[2009/12/08 18.36.58 | 00,000,480 | ---- | C] () -- C:\Documents and Settings\Luca\Desktop\ERUNT.lnk
[2009/12/07 14.30.22 | 00,000,518 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2008/08/31 19.54.03 | 00,000,133 | ---- | C] () -- C:\Documents and Settings\Luca\Impostazioni locali\Dati applicazioni\fusioncache.dat
[2008/08/31 19.41.03 | 00,000,378 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\hpzinstall.log
[2008/01/03 14.59.04 | 00,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\.zreglib
[2007/04/30 20.01.49 | 00,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2006/04/06 20.11.20 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/04/03 11.25.52 | 00,008,704 | ---- | C] () -- C:\Documents and Settings\Luca\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/21 21.13.33 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/03/05 14.34.39 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/02/10 13.38.50 | 00,000,424 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/10 03.27.24 | 00,078,031 | ---- | C] () -- C:\WINDOWS\System32\Autorun.ini
[2006/02/10 03.20.38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2005/06/30 17.38.27 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/30 17.23.12 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/06/30 17.22.22 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/06/30 17.22.22 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/06/30 17.22.22 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/06/30 17.22.22 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/06/30 17.21.05 | 00,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys
[2005/06/30 17.14.54 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/06/30 17.07.43 | 00,001,150 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/06/30 17.07.42 | 00,872,448 | ---- | C] () -- C:\WINDOWS\iconv.dll
[2005/06/30 17.07.42 | 00,743,424 | ---- | C] () -- C:\WINDOWS\libxml2.dll
[2005/06/30 17.07.42 | 00,225,280 | ---- | C] () -- C:\WINDOWS\Capsule.dll
[2004/09/14 11.57.05 | 00,003,476 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/12/26 16.12.30 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23.46.38 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16.33.56 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22.04.36 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1999/01/22 16.46.58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
========== LOP Check ==========
[2006/12/14 22.49.16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Avg7
[2008/01/03 14.59.12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\SlySoft
[2008/06/10 20.00.30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\phenomedia
[2009/11/14 13.53.06 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2006/09/28 15.12.10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Luca\Dati applicazioni\Cartella di caricamento Share-to-Web
[2007/06/02 19.14.42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Luca\Dati applicazioni\Rainlendar
[2008/01/03 15.27.28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Luca\Dati applicazioni\RipIt4Me
[2008/11/17 16.50.40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Luca\Dati applicazioni\OpenOffice.org
[2009/12/07 14.29.30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Luca\Dati applicazioni\uTorrent
[2009/12/08 21.09.50 | 00,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008/04/13 20.36.38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20.36.38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23.07.42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
< MD5 for: ATAPI.SYS >
[2008/04/13 20.40.30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20.40.30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22.59.44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22.59.44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/14 04.13.40 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=BD5FEE908FDD9CB09AA3E78111AB1119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04.13.40 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=BD5FEE908FDD9CB09AA3E78111AB1119 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/19 20.00.00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=D1CAA255F33C06C8302769A86FFB905E -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2004/08/19 20.00.00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=926BB51BB6DE79DEDB93E9C2B0811CCF -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/14 04.13.46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=E1DACEE13CAF8E118416399ABD2A08D9 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04.13.46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=E1DACEE13CAF8E118416399ABD2A08D9 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008/04/14 04.13.50 | 00,187,904 | ---- | M] (Microsoft Corporation) MD5=034B4B1E882563562B35E1FAB279DEDF -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04.13.50 | 00,187,904 | ---- | M] (Microsoft Corporation) MD5=034B4B1E882563562B35E1FAB279DEDF -- C:\WINDOWS\system32\scecli.dll
[2004/08/19 20.00.00 | 00,186,880 | ---- | M] (Microsoft Corporation) MD5=1446EB71ADF0F54980CDD7E5A812E102 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
< %systemroot%\*. /mp /s >
< End of report >
OTL Extras logfile created on: 08/12/2009 21.16.19 - Run 1
OTL by OldTimer - Version 3.1.11.9 Folder = C:\Documents and Settings\Luca\Documenti\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
502,42 Mb Total Physical Memory | 143,41 Mb Available Physical Memory | 28,54% Memory free
1,20 Gb Paging File | 0,86 Gb Available in Paging File | 71,73% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 26,27 Gb Total Space | 6,34 Gb Free Space | 24,13% Space Free | Partition Type: FAT32
Drive D: | 26,66 Gb Total Space | 20,93 Gb Free Space | 78,51% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NOTEBOOK-LUCA
Current User Name: Luca
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Programmi\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- C:\PROGRA~1\MICROS~3\Office\FRONTPG.EXE File not found
htmlfile [open] -- "C:\Programmi\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programmi\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Programmi\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Programmi\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programmi\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programmi\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programmi\uTorrent\uTorrent.exe" = C:\Programmi\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{110E8E90-1F9A-4804-9221-1DA0D0379C90}" = SA30xx Media Converter
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Arcade 3.0
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java 6 Update 17
"{2766C573-EFD3-4f15-83A5-2788B48994F0}" = HP Scanjet 4370
"{289CDCBA-1E82-460A-9DCA-E9FB6BAC1A42}" = SA30xx Device Manager
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{33471FA2-1DE4-47e9-9FDB-828B341BA4FA}" = hpg4370QFolder
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3C6D1F24-C121-407D-A49D-46C0971C9751}" = Moorhuhn Soccer
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePowerManagement
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5DC09527-BE89-4FD0-AF67-73FBA5EEB8BC}" = SA30xx Media Converter
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"{85F0337D-33AC-43B4-A003-DF35061F1D8D}" = OpenOffice.org 3.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A4CBCF09-0C7E-40AA-0080-34B8A5CFE7FA}" = Harry Potter e il prigioniero di Azkaban
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1040-7B44-000000000001}" = Adobe Reader 6.0 - Italiano
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CFBA694F-E1A3-4ED4-8364-1A94F4ADE456}" = hpg4370
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.0.8.8
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F2D2B58B-B2FD-46D1-8319-DCE564079934}" = Microsoft .NET Framework 1.1 Italian Language Pack
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"AceMoney_is1" = AceMoney
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AnyDVD" = AnyDVD
"avast!" = avast! Antivirus
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_006A1025" = SoftV90 Data Fax Modem with SmartCP
"CoCSoft Stream Down 3.3" = CoCSoft Stream Down 3.3
"Desperados 1.0" = Desperados 1.0
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ERUNT_is1" = ERUNT 1.1j
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 1.99.1
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"RipIt4Me" = RipIt4Me
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SpywareGuard_is1" = SpywareGuard v2.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TotoSapore" = Totò Sapore
"Tutore Dattilo" = Tutore Dattilo 4.0
"uTorrent" = µTorrent
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 10/06/2008 15.39.34 | Computer Name = NOTEBOOK-LUCA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://au.download.w...07bfb863a2b.cab
failed, 00000026.
Error - 14/07/2008 14.55.36 | Computer Name = NOTEBOOK-LUCA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://au.download.w...a969aed8758.cab
failed, 00000026.
Error - 17/11/2008 12.30.35 | Computer Name = NOTEBOOK-LUCA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\Desktop-isa\shareddocs\Cucina\Limoncello.doc failed, 00000005.
Error - 17/11/2008 12.30.35 | Computer Name = NOTEBOOK-LUCA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\Desktop-isa\shareddocs\Cucina\Spesa Esselunga.doc failed, 00000005.
Error - 17/11/2008 12.30.35 | Computer Name = NOTEBOOK-LUCA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\Desktop-isa\shareddocs\Cucina\Pizza.doc failed, 00000005.
Error - 17/11/2008 12.30.37 | Computer Name = NOTEBOOK-LUCA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\Desktop-isa\shareddocs\Cucina\Ricettario.xls failed, 00000005.
Error - 17/11/2008 12.30.37 | Computer Name = NOTEBOOK-LUCA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\Desktop-isa\shareddocs\Cucina\Inviti.xls failed, 00000005.
Error - 03/02/2009 14.08.22 | Computer Name = NOTEBOOK-LUCA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.centometr...260437741900463
failed, 0000A413.
Error - 09/11/2009 16.29.08 | Computer Name = NOTEBOOK-LUCA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://clients1.goog...?...ethim&cp=13 failed,
0000A413.
Error - 13/11/2009 7.20.29 | Computer Name = NOTEBOOK-LUCA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://maps.gstatic....21a/geocoder.js failed, 0000A413.
[ Application Events ]
Error - 06/06/2009 7.59.29 | Computer Name = NOTEBOOK-LUCA | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
servizio Server non verranno restituiti. Il codice di errore restituito si trova
nella DWORD 0 dei dati.
Error - 20/06/2009 5.41.36 | Computer Name = NOTEBOOK-LUCA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore ashdisp.exe, versione 4.8.1335.0,
modulo che ha provocato l'errore unknown, versione 0.0.0.0, indirizzo errore 0x7dd180b6.
Error - 19/07/2009 4.30.52 | Computer Name = NOTEBOOK-LUCA | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
servizio Server non verranno restituiti. Il codice di errore restituito si trova
nella DWORD 0 dei dati.
Error - 03/10/2009 10.40.36 | Computer Name = NOTEBOOK-LUCA | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
servizio Server non verranno restituiti. Il codice di errore restituito si trova
nella DWORD 0 dei dati.
Error - 23/10/2009 17.21.18 | Computer Name = NOTEBOOK-LUCA | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
servizio Server non verranno restituiti. Il codice di errore restituito si trova
nella DWORD 0 dei dati.
Error - 14/11/2009 5.02.18 | Computer Name = NOTEBOOK-LUCA | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
servizio Server non verranno restituiti. Il codice di errore restituito si trova
nella DWORD 0 dei dati.
Error - 14/11/2009 8.53.44 | Computer Name = NOTEBOOK-LUCA | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 14/11/2009 8.57.03 | Computer Name = NOTEBOOK-LUCA | Source = crypt32 | ID = 131083
Description = Impossibile estrarre l'elenco principale di altri produttori dal file
.cab di aggiornamento automatico in: <http://www.download....uthrootstl.cab>
a causa del seguente errore: Un certificato richiesto non rientra nel suo periodo
di validità se verificato rispetto all'ora corrente del sistema o al timestamp
sul file firmato.
Error - 14/11/2009 8.57.03 | Computer Name = NOTEBOOK-LUCA | Source = crypt32 | ID = 131083
Description = Impossibile estrarre l'elenco principale di altri produttori dal file
.cab di aggiornamento automatico in: <http://www.download....uthrootstl.cab>
a causa del seguente errore: Un certificato richiesto non rientra nel suo periodo
di validità se verificato rispetto all'ora corrente del sistema o al timestamp
sul file firmato.
Error - 08/12/2009 13.42.15 | Computer Name = NOTEBOOK-LUCA | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
servizio Server non verranno restituiti. Il codice di errore restituito si trova
nella DWORD 0 dei dati.
[ System Events ]
Error - 08/12/2009 15.59.13 | Computer Name = NOTEBOOK-LUCA | Source = Service Control Manager | ID = 7001
Description = Il servizio Client DNS dipende dal servizio Driver protocollo TCP/IP
che non è stato avviato per il seguente errore: %%31
Error - 08/12/2009 15.59.13 | Computer Name = NOTEBOOK-LUCA | Source = Service Control Manager | ID = 7001
Description = Il servizio Helper NetBIOS di TCP/IP dipende dal servizio AFD che
non è stato avviato per il seguente errore: %%31
Error - 08/12/2009 15.59.13 | Computer Name = NOTEBOOK-LUCA | Source = Service Control Manager | ID = 7001
Description = Il servizio Servizi IPSEC dipende dal servizio Driver IPSEC che non
è stato avviato per il seguente errore: %%31
Error - 08/12/2009 15.59.13 | Computer Name = NOTEBOOK-LUCA | Source = Service Control Manager | ID = 7026
Description = All'avvio non è stato possibile caricare i seguenti driver: Aavmker4
AFD
aswSP
aswTdi
ElbyCDIO
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
Error - 08/12/2009 15.59.23 | Computer Name = NOTEBOOK-LUCA | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio EventSystem con gli argomenti "" per eseguire il server {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 08/12/2009 15.59.49 | Computer Name = NOTEBOOK-LUCA | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio netman con gli argomenti "" per eseguire il server {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 08/12/2009 16.00.28 | Computer Name = NOTEBOOK-LUCA | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio StiSvc con gli argomenti "" per eseguire il server {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 08/12/2009 16.04.38 | Computer Name = NOTEBOOK-LUCA | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio netman con gli argomenti "" per eseguire il server {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 08/12/2009 16.04.42 | Computer Name = NOTEBOOK-LUCA | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio EventSystem con gli argomenti "" per eseguire il server {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 08/12/2009 16.05.52 | Computer Name = NOTEBOOK-LUCA | Source = NetBT | ID = 4307
Description = Inizializzazione non riuscita perché il trasporto non ha aperto gli
indirizzi iniziali.
< End of report >