Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PC is slow, possible infection?


  • Please log in to reply

#1
lisabel

lisabel

    Member

  • Member
  • PipPip
  • 24 posts
Hallo,
my pc is running very slow lately so i'm trying to check for a possible infection.

I followed your instructions on the "Malware and Spyware Cleaning Guide". The steps and logs are listed below (and also attached).
I dont think i see any particular infection reported, but there seems to be a few items maybe to be fixed, could you please verify and tell me how to cleanup and/or speed the pc up?
Thanks a lot in advance for your support,

Luca


1) After the inital cleanup steps, i ran MBAM and the result was clean, here is the log:

Malwarebytes' Anti-Malware 1.42
Versione del database: 3289
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

08/12/2009 19.02.37
mbam-log-2009-12-08 (19-02-37).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 107575
Tempo trascorso: 19 minute(s), 35 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)


2) i ran my antivirus scan (AVAST) and the result was clean.

3) i ran RootRepeal and here is the log:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/08 20:27
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAAD00000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF899A000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA9F09000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaad206b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaad20574

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaad20a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaad2014c

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaad2064e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaad2008c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaad200f0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaad2076e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaad2072e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xaad208ae

==EOF==

4) i ran OTL quick scan with suggested custom options and here is the otl and extras logs:

OTL logfile created on: 08/12/2009 21.16.19 - Run 1
OTL by OldTimer - Version 3.1.11.9 Folder = C:\Documents and Settings\Luca\Documenti\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

502,42 Mb Total Physical Memory | 143,41 Mb Available Physical Memory | 28,54% Memory free
1,20 Gb Paging File | 0,86 Gb Available in Paging File | 71,73% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 26,27 Gb Total Space | 6,34 Gb Free Space | 24,13% Space Free | Partition Type: FAT32
Drive D: | 26,66 Gb Total Space | 20,93 Gb Free Space | 78,51% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NOTEBOOK-LUCA
Current User Name: Luca
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/08 20.29.04 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luca\Documenti\Downloads\OTL.exe
PRC - [2009/12/08 13.56.10 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/12/08 13.56.08 | 01,184,912 | ---- | M] (Lavasoft) -- C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/10/11 04.17.36 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Java\jre6\bin\jqs.exe
PRC - [2009/10/11 04.17.36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Java\jre6\bin\jusched.exe
PRC - [2009/08/17 18.07.24 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Programmi\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/08/17 18.07.18 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Programmi\Alwil Software\Avast4\ashServ.exe
PRC - [2009/08/17 17.58.56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008/04/14 04.14.26 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/14 04.14.08 | 01,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/25 13.36.40 | 00,032,768 | ---- | M] () -- C:\Programmi\Launch Manager\LaunchAp.exe
PRC - [2005/07/25 13.34.28 | 00,081,920 | ---- | M] () -- C:\Programmi\Launch Manager\WButton.exe
PRC - [2005/07/25 10.45.00 | 00,241,664 | ---- | M] () -- C:\Programmi\Launch Manager\OSDCtrl.exe
PRC - [2005/06/29 17.26.14 | 00,352,256 | ---- | M] (acer Inc.) -- C:\Programmi\acer\eRecovery\Monitor.exe
PRC - [2005/06/06 19.08.58 | 01,273,344 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe
PRC - [2005/06/06 11.52.10 | 00,069,632 | ---- | M] (Wistron) -- C:\Programmi\Launch Manager\HotkeyApp.exe
PRC - [2005/06/01 14.17.08 | 00,192,512 | ---- | M] (Acer Inc) -- C:\Acer\ePM\epm-dm.exe
PRC - [2005/05/12 00.33.52 | 00,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/05/11 23.12.54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Programmi\HP\HP Software Update\hpwuSchd2.exe
PRC - [2005/04/15 11.01.46 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/03/09 18.59.26 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Arcade\PCMService.exe
PRC - [2005/02/04 11.12.58 | 00,102,490 | ---- | M] (Synaptics, Inc.) -- C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/02/04 11.11.48 | 00,708,698 | ---- | M] (Synaptics, Inc.) -- C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005/01/23 10.36.10 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe
PRC - [2005/01/23 10.31.34 | 00,126,976 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2004/08/19 20.00.00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2003/08/29 19.05.36 | 00,360,448 | ---- | M] () -- C:\Programmi\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11.14.58 | 00,233,472 | ---- | M] () -- C:\Programmi\SpywareGuard\sgbhp.exe
PRC - [2002/08/30 15.02.48 | 00,094,208 | ---- | M] () -- C:\Programmi\Launch Manager\Powerkey.exe


========== Modules (SafeList) ==========

MOD - [2009/12/08 20.29.04 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luca\Documenti\Downloads\OTL.exe
MOD - [2008/04/14 04.13.42 | 01,028,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2008/04/14 04.13.40 | 00,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hid.dll
MOD - [2005/02/04 11.12.50 | 00,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2004/08/27 16.42.36 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Programmi\CyberLink\Shared Files\CLRCEngine.dll
MOD - [2004/08/19 20.00.00 | 00,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42loc.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/08 13.56.08 | 01,184,912 | ---- | M] (Lavasoft) -- C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/10/11 04.17.36 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/08/17 18.07.18 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Programmi\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/08/17 18.07.02 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/08/17 18.04.22 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Programmi\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/08/17 17.58.56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2005/11/14 01.06.04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/06/06 19.08.58 | 01,273,344 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe -- (anbmService)
SRV - [2004/07/15 01.49.26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:12080

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.it/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.ftp: "localhost"
FF - prefs.js..network.proxy.ftp_port: 12080
FF - prefs.js..network.proxy.gopher: "localhost"
FF - prefs.js..network.proxy.gopher_port: 12080
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 12080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 12080
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 12080
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2009/04/14 22.06.34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2009/04/14 22.06.34 | 00,000,000 | ---D | M]

[2009/04/14 22.08.58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Luca\Dati applicazioni\Mozilla\Extensions
[2009/04/14 22.08.58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Luca\Dati applicazioni\Mozilla\Firefox\Profiles\k3mp2d8q.default\extensions
[2009/09/12 10.44.22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Luca\Dati applicazioni\Mozilla\Firefox\Profiles\k3mp2d8q.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/04/14 22.06.34 | 00,000,000 | ---D | M] -- C:\Programmi\Mozilla Firefox\extensions
[2009/05/01 23.56.26 | 00,001,412 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\demauro.xml
[2009/05/01 23.56.26 | 00,000,744 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml
[2009/05/01 23.56.26 | 00,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml
[2009/05/01 23.56.26 | 00,000,649 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: (768 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmi\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avast!] C:\Programmi\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CtrlVol] C:\Programmi\Launch Manager\CtrlVol.exe (Wistron)
O4 - HKLM..\Run: [EPM-DM] c:\Acer\ePM\epm-dm.exe (Acer Inc)
O4 - HKLM..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [eRecoveryService] C:\Programmi\acer\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [LaunchAp] C:\Programmi\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LManager] C:\Programmi\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrOSD] C:\Programmi\Launch Manager\OSDCtrl.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PowerKey] C:\Programmi\Launch Manager\PowerKey.exe ()
O4 - HKLM..\Run: [preload] C:\WINDOWS\RUNXMLPL.EXE (Wistron)
O4 - HKLM..\Run: [QuickTime Task] C:\Programmi\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Wbutton] C:\Programmi\Launch Manager\Wbutton.exe ()
O4 - HKCU..\Run: [Rainlendar2] C:\Programmi\Rainlendar2\Rainlendar2.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Luca\Menu Avvio\Programmi\Esecuzione automatica\SpywareGuard.lnk = C:\Programmi\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Documents and Settings\Luca\Menu Avvio\Programmi\Esecuzione automatica\Rainlendar.lnk = C:\Programmi\Rainlendar\Rainlendar.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00 [binary data]
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 331 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.0)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Programmi\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{83bfabd2-aab9-11dd-bdc2-000ae4ebbaff}\Shell - "" = AutoRun
O33 - MountPoints2\{83bfabd2-aab9-11dd-bdc2-000ae4ebbaff}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{83bfabd4-aab9-11dd-bdc2-000ae4ebbaff}\Shell - "" = AutoRun
O33 - MountPoints2\{83bfabd4-aab9-11dd-bdc2-000ae4ebbaff}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/09/14 11.47.34 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 14 Days ==========

[2009/12/08 18.37.28 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/08 18.36.55 | 00,000,000 | ---D | C] -- C:\Programmi\ERUNT
[2009/12/08 14.29.11 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Luca\Recent
[2009/12/07 14.30.22 | 00,000,000 | ---D | C] -- C:\Programmi\uTorrent
[2009/12/07 14.29.29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Luca\Dati applicazioni\uTorrent
[2005/05/11 23.36.48 | 00,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/08 21.09.50 | 00,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/12/08 21.07.08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2009/12/08 21.06.32 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/08 21.06.06 | 00,000,098 | ---- | M] () -- C:\WINDOWS\ComponentList.xml
[2009/12/08 21.05.36 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/08 21.05.28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/08 21.05.26 | 52,689,7152 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/08 21.04.46 | 04,456,448 | -H-- | M] () -- C:\Documents and Settings\Luca\NTUSER.DAT
[2009/12/08 21.04.46 | 00,000,194 | -HS- | M] () -- C:\Documents and Settings\Luca\ntuser.ini
[2009/12/08 20.12.50 | 00,008,704 | ---- | M] () -- C:\Documents and Settings\Luca\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/08 18.42.52 | 00,062,720 | ---- | M] () -- C:\Documents and Settings\Luca\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
[2009/12/08 18.40.54 | 00,251,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/08 18.37.00 | 00,000,499 | ---- | M] () -- C:\Documents and Settings\Luca\Desktop\NTREGOPT.lnk
[2009/12/08 18.37.00 | 00,000,480 | ---- | M] () -- C:\Documents and Settings\Luca\Desktop\ERUNT.lnk
[2009/12/07 14.30.24 | 00,000,518 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2009/12/07 14.20.48 | 02,642,688 | -H-- | M] () -- C:\Documents and Settings\Luca\Impostazioni locali\Dati applicazioni\IconCache.db
[2009/12/03 16.14.06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16.13.56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/08 21.05.24 | 52,689,7152 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/08 18.36.58 | 00,000,499 | ---- | C] () -- C:\Documents and Settings\Luca\Desktop\NTREGOPT.lnk
[2009/12/08 18.36.58 | 00,000,480 | ---- | C] () -- C:\Documents and Settings\Luca\Desktop\ERUNT.lnk
[2009/12/07 14.30.22 | 00,000,518 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2008/08/31 19.54.03 | 00,000,133 | ---- | C] () -- C:\Documents and Settings\Luca\Impostazioni locali\Dati applicazioni\fusioncache.dat
[2008/08/31 19.41.03 | 00,000,378 | ---- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\hpzinstall.log
[2008/01/03 14.59.04 | 00,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Dati applicazioni\.zreglib
[2007/04/30 20.01.49 | 00,021,504 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2006/04/06 20.11.20 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006/04/03 11.25.52 | 00,008,704 | ---- | C] () -- C:\Documents and Settings\Luca\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/21 21.13.33 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/03/05 14.34.39 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/02/10 13.38.50 | 00,000,424 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/10 03.27.24 | 00,078,031 | ---- | C] () -- C:\WINDOWS\System32\Autorun.ini
[2006/02/10 03.20.38 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2005/06/30 17.38.27 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/30 17.23.12 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/06/30 17.22.22 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/06/30 17.22.22 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/06/30 17.22.22 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/06/30 17.22.22 | 00,001,024 | ---- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/06/30 17.21.05 | 00,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys
[2005/06/30 17.14.54 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/06/30 17.07.43 | 00,001,150 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/06/30 17.07.42 | 00,872,448 | ---- | C] () -- C:\WINDOWS\iconv.dll
[2005/06/30 17.07.42 | 00,743,424 | ---- | C] () -- C:\WINDOWS\libxml2.dll
[2005/06/30 17.07.42 | 00,225,280 | ---- | C] () -- C:\WINDOWS\Capsule.dll
[2004/09/14 11.57.05 | 00,003,476 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2001/12/26 16.12.30 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23.46.38 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16.33.56 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22.04.36 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1999/01/22 16.46.58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2006/12/14 22.49.16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Avg7
[2008/01/03 14.59.12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\SlySoft
[2008/06/10 20.00.30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\phenomedia
[2009/11/14 13.53.06 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2006/09/28 15.12.10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Luca\Dati applicazioni\Cartella di caricamento Share-to-Web
[2007/06/02 19.14.42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Luca\Dati applicazioni\Rainlendar
[2008/01/03 15.27.28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Luca\Dati applicazioni\RipIt4Me
[2008/11/17 16.50.40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Luca\Dati applicazioni\OpenOffice.org
[2009/12/07 14.29.30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Luca\Dati applicazioni\uTorrent
[2009/12/08 21.09.50 | 00,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/04/13 20.36.38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20.36.38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23.07.42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 20.40.30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20.40.30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22.59.44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22.59.44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 04.13.40 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=BD5FEE908FDD9CB09AA3E78111AB1119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04.13.40 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=BD5FEE908FDD9CB09AA3E78111AB1119 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/19 20.00.00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=D1CAA255F33C06C8302769A86FFB905E -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2004/08/19 20.00.00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=926BB51BB6DE79DEDB93E9C2B0811CCF -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/14 04.13.46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=E1DACEE13CAF8E118416399ABD2A08D9 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04.13.46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=E1DACEE13CAF8E118416399ABD2A08D9 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 04.13.50 | 00,187,904 | ---- | M] (Microsoft Corporation) MD5=034B4B1E882563562B35E1FAB279DEDF -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04.13.50 | 00,187,904 | ---- | M] (Microsoft Corporation) MD5=034B4B1E882563562B35E1FAB279DEDF -- C:\WINDOWS\system32\scecli.dll
[2004/08/19 20.00.00 | 00,186,880 | ---- | M] (Microsoft Corporation) MD5=1446EB71ADF0F54980CDD7E5A812E102 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >


OTL Extras logfile created on: 08/12/2009 21.16.19 - Run 1
OTL by OldTimer - Version 3.1.11.9 Folder = C:\Documents and Settings\Luca\Documenti\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

502,42 Mb Total Physical Memory | 143,41 Mb Available Physical Memory | 28,54% Memory free
1,20 Gb Paging File | 0,86 Gb Available in Paging File | 71,73% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 26,27 Gb Total Space | 6,34 Gb Free Space | 24,13% Space Free | Partition Type: FAT32
Drive D: | 26,66 Gb Total Space | 20,93 Gb Free Space | 78,51% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NOTEBOOK-LUCA
Current User Name: Luca
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Programmi\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- C:\PROGRA~1\MICROS~3\Office\FRONTPG.EXE File not found
htmlfile [open] -- "C:\Programmi\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Programmi\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Programmi\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Programmi\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Programmi\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Programmi\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programmi\uTorrent\uTorrent.exe" = C:\Programmi\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{110E8E90-1F9A-4804-9221-1DA0D0379C90}" = SA30xx Media Converter
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Arcade 3.0
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 17
"{2766C573-EFD3-4f15-83A5-2788B48994F0}" = HP Scanjet 4370
"{289CDCBA-1E82-460A-9DCA-E9FB6BAC1A42}" = SA30xx Device Manager
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{33471FA2-1DE4-47e9-9FDB-828B341BA4FA}" = hpg4370QFolder
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3C6D1F24-C121-407D-A49D-46C0971C9751}" = Moorhuhn Soccer
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePowerManagement
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5DC09527-BE89-4FD0-AF67-73FBA5EEB8BC}" = SA30xx Media Converter
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"{85F0337D-33AC-43B4-A003-DF35061F1D8D}" = OpenOffice.org 3.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A4CBCF09-0C7E-40AA-0080-34B8A5CFE7FA}" = Harry Potter™ e il prigioniero di Azkaban
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1040-7B44-000000000001}" = Adobe Reader 6.0 - Italiano
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CFBA694F-E1A3-4ED4-8364-1A94F4ADE456}" = hpg4370
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.0.8.8
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F2D2B58B-B2FD-46D1-8319-DCE564079934}" = Microsoft .NET Framework 1.1 Italian Language Pack
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"AceMoney_is1" = AceMoney
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AnyDVD" = AnyDVD
"avast!" = avast! Antivirus
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_006A1025" = SoftV90 Data Fax Modem with SmartCP
"CoCSoft Stream Down 3.3" = CoCSoft Stream Down 3.3
"Desperados 1.0" = Desperados 1.0
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ERUNT_is1" = ERUNT 1.1j
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 1.99.1
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"RipIt4Me" = RipIt4Me
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SpywareGuard_is1" = SpywareGuard v2.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TotoSapore" = Totò Sapore
"Tutore Dattilo" = Tutore Dattilo 4.0
"uTorrent" = µTorrent
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 10/06/2008 15.39.34 | Computer Name = NOTEBOOK-LUCA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://au.download.w...07bfb863a2b.cab
failed, 00000026.

Error - 14/07/2008 14.55.36 | Computer Name = NOTEBOOK-LUCA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://au.download.w...a969aed8758.cab
failed, 00000026.

Error - 17/11/2008 12.30.35 | Computer Name = NOTEBOOK-LUCA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\Desktop-isa\shareddocs\Cucina\Limoncello.doc failed, 00000005.

Error - 17/11/2008 12.30.35 | Computer Name = NOTEBOOK-LUCA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\Desktop-isa\shareddocs\Cucina\Spesa Esselunga.doc failed, 00000005.

Error - 17/11/2008 12.30.35 | Computer Name = NOTEBOOK-LUCA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\Desktop-isa\shareddocs\Cucina\Pizza.doc failed, 00000005.

Error - 17/11/2008 12.30.37 | Computer Name = NOTEBOOK-LUCA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\Desktop-isa\shareddocs\Cucina\Ricettario.xls failed, 00000005.

Error - 17/11/2008 12.30.37 | Computer Name = NOTEBOOK-LUCA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\Desktop-isa\shareddocs\Cucina\Inviti.xls failed, 00000005.

Error - 03/02/2009 14.08.22 | Computer Name = NOTEBOOK-LUCA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.centometr...260437741900463
failed, 0000A413.

Error - 09/11/2009 16.29.08 | Computer Name = NOTEBOOK-LUCA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://clients1.goog...?...ethim&cp=13 failed,
0000A413.

Error - 13/11/2009 7.20.29 | Computer Name = NOTEBOOK-LUCA | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://maps.gstatic....21a/geocoder.js failed, 0000A413.


[ Application Events ]
Error - 06/06/2009 7.59.29 | Computer Name = NOTEBOOK-LUCA | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
servizio Server non verranno restituiti. Il codice di errore restituito si trova
nella DWORD 0 dei dati.

Error - 20/06/2009 5.41.36 | Computer Name = NOTEBOOK-LUCA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore ashdisp.exe, versione 4.8.1335.0,
modulo che ha provocato l'errore unknown, versione 0.0.0.0, indirizzo errore 0x7dd180b6.

Error - 19/07/2009 4.30.52 | Computer Name = NOTEBOOK-LUCA | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
servizio Server non verranno restituiti. Il codice di errore restituito si trova
nella DWORD 0 dei dati.

Error - 03/10/2009 10.40.36 | Computer Name = NOTEBOOK-LUCA | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
servizio Server non verranno restituiti. Il codice di errore restituito si trova
nella DWORD 0 dei dati.

Error - 23/10/2009 17.21.18 | Computer Name = NOTEBOOK-LUCA | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
servizio Server non verranno restituiti. Il codice di errore restituito si trova
nella DWORD 0 dei dati.

Error - 14/11/2009 5.02.18 | Computer Name = NOTEBOOK-LUCA | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
servizio Server non verranno restituiti. Il codice di errore restituito si trova
nella DWORD 0 dei dati.

Error - 14/11/2009 8.53.44 | Computer Name = NOTEBOOK-LUCA | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 14/11/2009 8.57.03 | Computer Name = NOTEBOOK-LUCA | Source = crypt32 | ID = 131083
Description = Impossibile estrarre l'elenco principale di altri produttori dal file
.cab di aggiornamento automatico in: <http://www.download....uthrootstl.cab>
a causa del seguente errore: Un certificato richiesto non rientra nel suo periodo
di validità se verificato rispetto all'ora corrente del sistema o al timestamp
sul file firmato.

Error - 14/11/2009 8.57.03 | Computer Name = NOTEBOOK-LUCA | Source = crypt32 | ID = 131083
Description = Impossibile estrarre l'elenco principale di altri produttori dal file
.cab di aggiornamento automatico in: <http://www.download....uthrootstl.cab>
a causa del seguente errore: Un certificato richiesto non rientra nel suo periodo
di validità se verificato rispetto all'ora corrente del sistema o al timestamp
sul file firmato.

Error - 08/12/2009 13.42.15 | Computer Name = NOTEBOOK-LUCA | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
servizio Server non verranno restituiti. Il codice di errore restituito si trova
nella DWORD 0 dei dati.

[ System Events ]
Error - 08/12/2009 15.59.13 | Computer Name = NOTEBOOK-LUCA | Source = Service Control Manager | ID = 7001
Description = Il servizio Client DNS dipende dal servizio Driver protocollo TCP/IP
che non è stato avviato per il seguente errore: %%31

Error - 08/12/2009 15.59.13 | Computer Name = NOTEBOOK-LUCA | Source = Service Control Manager | ID = 7001
Description = Il servizio Helper NetBIOS di TCP/IP dipende dal servizio AFD che
non è stato avviato per il seguente errore: %%31

Error - 08/12/2009 15.59.13 | Computer Name = NOTEBOOK-LUCA | Source = Service Control Manager | ID = 7001
Description = Il servizio Servizi IPSEC dipende dal servizio Driver IPSEC che non
è stato avviato per il seguente errore: %%31

Error - 08/12/2009 15.59.13 | Computer Name = NOTEBOOK-LUCA | Source = Service Control Manager | ID = 7026
Description = All'avvio non è stato possibile caricare i seguenti driver: Aavmker4
AFD
aswSP
aswTdi
ElbyCDIO
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip

Error - 08/12/2009 15.59.23 | Computer Name = NOTEBOOK-LUCA | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio EventSystem con gli argomenti "" per eseguire il server {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 08/12/2009 15.59.49 | Computer Name = NOTEBOOK-LUCA | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio netman con gli argomenti "" per eseguire il server {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 08/12/2009 16.00.28 | Computer Name = NOTEBOOK-LUCA | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio StiSvc con gli argomenti "" per eseguire il server {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 08/12/2009 16.04.38 | Computer Name = NOTEBOOK-LUCA | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio netman con gli argomenti "" per eseguire il server {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 08/12/2009 16.04.42 | Computer Name = NOTEBOOK-LUCA | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio EventSystem con gli argomenti "" per eseguire il server {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 08/12/2009 16.05.52 | Computer Name = NOTEBOOK-LUCA | Source = NetBT | ID = 4307
Description = Inizializzazione non riuscita perché il trasporto non ha aperto gli
indirizzi iniziali.


< End of report >

Attached Files


  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP