[SirStone]

hi
I need some help in analyzing the logs from OTL.

Thanks in advance

OTL logfile created on: 17/05/2013 19:15:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Utente\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,91 Gb Available Physical Memory | 72,71% Memory free
8,00 Gb Paging File | 6,80 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 889,31 Gb Free Space | 95,48% Space Free | Partition Type: NTFS

Computer Name: UTENTE-PC3 | User Name: Utente | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/17 19:14:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Utente\Downloads\OTL.exe
PRC - [2013/04/09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/12/18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012/11/13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012/11/13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012/11/13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/05 00:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
MOD - [2013/04/09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 10:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013/04/09 10:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013/04/09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/02/04 15:15:24 | 000,698,680 | ---- | M] () [Disabled | Stopped] -- C:\ProgramData\IBUpdaterService\ibsvc.exe -- (IBUpdaterService)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/05 00:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010/01/09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/02/01 13:30:54 | 000,622,624 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl819xp.sys -- (rtl819xpn64)
DRV:64bit: - [2009/11/12 15:48:56 | 000,005,504 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/01/08 10:57:43 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2007/01/08 10:55:44 | 000,054,072 | R--- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2009/11/12 15:48:56 | 000,007,168 | ---- | M] () [File_System | Disabled | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1482847580-1378044522-3793485853-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKU\S-1-5-21-1482847580-1378044522-3793485853-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1482847580-1378044522-3793485853-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it-IT
IE - HKU\S-1-5-21-1482847580-1378044522-3793485853-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE 10 56 8D 5A A4 CC 01 [binary data]
IE - HKU\S-1-5-21-1482847580-1378044522-3793485853-1000\..\SearchScopes,DefaultScope = {50729A49-6E32-4592-8680-4AD1E42F9796}
IE - HKU\S-1-5-21-1482847580-1378044522-3793485853-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1482847580-1378044522-3793485853-1000\..\SearchScopes\{50729A49-6E32-4592-8680-4AD1E42F9796}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-1482847580-1378044522-3793485853-1000\..\SearchScopes\{CCD05D80-52C6-4D6D-823D-13B2A5509405}: "URL" = http://websearch.ask...AC-F483085B3468
IE - HKU\S-1-5-21-1482847580-1378044522-3793485853-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks: C:\Users\Utente\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2013/02/04 15:15:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Utente\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/03/19 09:22:24 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks: C:\Users\Utente\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2013/02/04 15:15:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Utente\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/02/04 15:15:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Utente\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/03/19 09:22:24 | 000,000,000 | ---D | M]

[2013/03/19 09:22:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Utente\AppData\Roaming\mozilla\Extensions
[2013/03/19 09:22:24 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Users\Utente\AppData\Roaming\mozilla\Extensions\[email protected]
[2013/02/04 15:15:57 | 000,000,000 | ---D | M] (Special Savings) -- C:\Users\Utente\AppData\Roaming\mozilla\Extensions\[email protected]
[2013/02/04 15:15:43 | 000,000,000 | ---D | M] (Smiley Bar for Facebook) -- C:\Users\Utente\AppData\Roaming\mozilla\Extensions\statuswinks@StatusWinks

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.it/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U21 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - Extension: SpecialSavings.com = C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\aidbbndgjnlaclnmhkdimcdjiebjpdel\2.0.0_0\
CHR - Extension: Docs = C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Drive = C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: SpecialSavings = C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfcpnihmbfoaeoakalclfalkdepgiaje\2.0.0.1_0\
CHR - Extension: YouTube = C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Ricerca Google = C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Smiley Bar for Facebook = C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgojaaaiddhmiiakpejiklijbalpckih\1.0.0.5_0\
CHR - Extension: Gmail = C:\Users\Utente\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/05/17 18:12:57 | 000,447,225 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15354 more lines...
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {bb184e6d-26d1-461a-9226-b93ca8da2af9} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKU\S-1-5-21-1482847580-1378044522-3793485853-1000\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
O3 - HKU\S-1-5-21-1482847580-1378044522-3793485853-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1482847580-1378044522-3793485853-1000..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1482847580-1378044522-3793485853-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{556FD848-415F-4F19-9B6D-B40F50749BBC}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79928191-FBE9-4E25-8ECD-E09401AD02E4}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/17 18:10:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/05/17 18:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/05/17 18:09:45 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/05/17 18:09:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/05/17 17:39:48 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/05/17 17:32:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/05/17 17:31:00 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\Google
[2013/05/17 17:31:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/05/17 17:30:36 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\Deployment
[2013/05/17 17:30:36 | 000,000,000 | ---D | C] -- C:\Users\Utente\AppData\Local\Apps
[2013/05/15 12:00:55 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/05/15 12:00:55 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/05/15 12:00:54 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/05/15 12:00:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/05/15 12:00:53 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/05/15 12:00:53 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/05/15 12:00:53 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/05/15 12:00:53 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/05/15 12:00:53 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/05/15 12:00:53 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/05/15 12:00:53 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/05/15 12:00:52 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/05/15 12:00:52 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/05/15 12:00:52 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/05/15 12:00:52 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/05/15 08:31:01 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/05/15 08:31:01 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/05/15 08:30:49 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/05/15 08:30:49 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/05/15 08:30:48 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/05/15 08:30:48 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013/05/15 08:30:39 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013/05/07 14:57:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/04/29 09:07:12 | 000,000,000 | ---D | C] -- C:\Firefox
[2013/04/29 08:56:34 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/04/29 08:56:34 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/04/29 08:56:34 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

========== Files - Modified Within 30 Days ==========

[2013/05/17 19:13:39 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/17 19:13:39 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/17 19:12:56 | 013,029,102 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2013/05/17 19:12:56 | 004,494,948 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/17 19:12:56 | 004,381,140 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2013/05/17 19:12:56 | 003,810,648 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/17 19:12:56 | 000,005,418 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/17 19:05:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/17 19:05:19 | 3220,549,632 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/17 18:58:05 | 000,000,387 | ---- | M] () -- C:\Windows\wininit.ini
[2013/05/17 18:12:57 | 000,447,225 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/05/17 17:32:17 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/17 17:31:02 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/17 07:37:04 | 004,346,816 | ---- | M] () -- C:\Users\Utente\Desktop\ccsetup401.exe
[2013/05/15 18:05:59 | 000,000,017 | ---- | M] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2013/05/15 13:24:57 | 000,291,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/13 17:35:08 | 000,000,906 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013/05/04 08:36:12 | 025,339,588 | ---- | M] () -- C:\ProgramData\SamPCFax000016240000
[2013/05/03 08:38:01 | 417,930,571 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2013/05/17 18:38:40 | 002,086,240 | ---- | C] () -- C:\Users\Utente\Desktop\avira_free_antivirus.exe
[2013/05/17 18:36:32 | 000,000,387 | ---- | C] () -- C:\Windows\wininit.ini
[2013/05/17 18:09:50 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/05/17 17:32:17 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/17 17:31:02 | 000,001,146 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/17 09:41:50 | 000,005,418 | ---- | C] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/17 09:00:49 | 004,346,816 | ---- | C] () -- C:\Users\Utente\Desktop\ccsetup401.exe
[2013/05/15 18:05:59 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2013/05/04 08:36:06 | 025,339,588 | ---- | C] () -- C:\ProgramData\SamPCFax000016240000
[2011/03/28 18:53:14 | 004,223,268 | ---- | C] () -- C:\ProgramData\SamPCFax000013A80000
[2011/03/28 18:49:23 | 000,010,389 | ---- | C] () -- C:\Users\Utente\AppData\Roaming\SmarThruOptions.xml

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

OTL Extras logfile created on: 17/05/2013 19:15:57 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Utente\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,91 Gb Available Physical Memory | 72,71% Memory free
8,00 Gb Paging File | 6,80 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 889,31 Gb Free Space | 95,48% Space Free | Partition Type: NTFS

Computer Name: UTENTE-PC3 | User Name: Utente | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1482847580-1378044522-3793485853-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{045DA129-B78E-4C45-8ABF-BABC17695D9C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0E072D28-0AD8-4F6F-9209-7E3842FFB1B7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{12101701-BEE1-4AD6-B848-9C1D276FE662}" = lport=138 | protocol=17 | dir=in | app=system |
"{146B2993-839D-47D1-9D32-3631D288A684}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1D88AA4B-F9F1-42C9-B41E-9B436D4379D0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{202D90AF-FB7D-48C2-9862-F1C891BDEBE1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{34B3D491-4E60-4779-8CCA-E7AE8E517A1E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{379D64F3-E647-47E6-AF0E-3A5D09146CB3}" = lport=137 | protocol=17 | dir=in | app=system |
"{3C8492A4-C53C-4ABA-ACCC-933807C19EC4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{3FD95DC9-FF5C-4D02-B563-063551536CAD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{47DD1BD7-F21F-4F18-88EF-89FD3C669E4C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4A04880C-88D8-4689-A185-12B060CFC8C8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{519DF348-D441-43F4-95C6-0F4F9042E4EE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52996AC4-553D-435A-A610-E04ADA6710E0}" = lport=445 | protocol=6 | dir=in | app=system |
"{6267E05E-BDC3-4A77-AE44-4E8FFE92FF48}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6B597DF4-A1CF-47E8-AA4F-6CF4E49D77F9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{73F44899-F5C1-4ECC-88E3-948C4A00A09E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{74426C58-9ED7-4C85-8882-DBCB15C21FBF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{77F3B6A3-49D1-4E07-8311-B7167AF7AA8D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{77F8A200-E0FB-49B7-AC22-1B81B1A0979A}" = rport=139 | protocol=6 | dir=out | app=system |
"{951C5971-DF2B-4A7F-AD0B-8993F63A4D36}" = rport=445 | protocol=6 | dir=out | app=system |
"{A44F143A-0C5F-4652-9EB8-528052D79F3D}" = lport=139 | protocol=6 | dir=in | app=system |
"{A637E902-98B2-415D-9DB1-0C167C133F89}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B0D18D98-C1D6-4DD6-B183-E48D8E6A4DB7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{B4B8B506-CC7F-4429-B5B8-2C879A8B9F1C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BAD68F65-3731-431E-8B0C-B33AC5AF88CC}" = rport=137 | protocol=17 | dir=out | app=system |
"{DFCFD95D-FA4D-49A8-8A5D-BD38BB4A7EF7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F1E0C985-DA99-4F89-A78D-A00BE6F9C02E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F431DE63-28ED-4BA4-9F79-0C3790B61E63}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F5DCAA88-CC8A-4AF8-BAC3-D8441E46DC23}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FC9C5C7B-7591-45CB-94C8-ADD3D938E7BC}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{24AA95E2-D4D2-46D2-9DE6-C8AA794929CB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3732DAC9-816F-4DFC-A9C1-BB160BA81066}" = protocol=58 | dir=out | [email protected],-28546 |
"{4DC8C351-7B42-4A61-A53A-E86D65BE5467}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{55233422-79F2-4E76-A738-D9AB2C2A928C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{684FC1B8-C8CB-41F3-AEAA-FC2B2224EDEC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{693FD859-D33B-4D33-AC5C-406EDBEBEF60}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7192E1F3-8F03-4793-A359-C92EEC42B674}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7A1DF456-FFE9-4443-8B27-5F04C1B2A526}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7D35F3FA-EC9E-4279-BC28-A074C4A1FED5}" = protocol=1 | dir=in | [email protected],-28543 |
"{8BC97674-846C-4908-912C-153342EE2518}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{93DC6DE0-5F76-407B-AF16-C235A1366B92}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A4192A97-6D9C-45CB-A982-414A4F440800}" = protocol=6 | dir=out | app=system |
"{B154A6D1-6915-4F1A-B90F-0A9B4757FAEA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BB4BEE90-9EC9-4229-AF1C-B2C643E46DC1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D0FF43BA-BAF1-4F53-9AA7-34D44B00FABA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DC2C3EBF-D7AB-4796-A198-3BFF4F8934E2}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E0A775BE-9EED-4169-BA04-B2A83F60F75C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E65025FF-D0E8-411E-9E59-A8B9FE3977E2}" = protocol=58 | dir=in | [email protected],-28545 |
"{FC125C79-F699-420F-BF7E-F98154D5556B}" = protocol=1 | dir=out | [email protected],-28544 |
"{FF6B052F-2DEB-483C-967F-40807E8F0045}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{4FD7C238-2494-4464-BBE7-6292FA0D29A3}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdupdate.exe |
"UDP Query User{8478290D-354E-4706-B9F6-CEA33FB94097}C:\program files (x86)\spybot - search & destroy 2\sdupdate.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdupdate.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{25B473DB-CC8D-384A-ACE7-7CFB119B7E03}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-006D-0410-1000-0000000FF1CE}" = Microsoft Office a portata di clic 2010
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Driver 3D Vision 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Pannello di controllo NVIDIA 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver grafico 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Canon LBP2900" = Canon LBP2900
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09C14BAE-2D45-4133-B0FA-5EA4FE5CF978}" = SpecialSavings
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{90140011-0066-0410-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Italiano
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1040-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Italiano
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"7-Zip" = 7-Zip 9.15 beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Google Chrome" = Google Chrome
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Full)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office a portata di clic 2010
"Samsung ML-2010 Series" = Samsung ML-2010 Series
"SmarThru PC Fax" = SmarThru PC Fax
"Smiley Bar for Facebook" = Smiley Bar for Facebook
"SpecialSavings" = SpecialSavings
"Updater Service" = Updater Service

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 17/05/2013 13:15:27 | Computer Name = Utente-PC3 | Source = Application Error | ID = 1005
Description = Impossibile accedere al file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002
per uno dei motivi seguenti: Si è verificato un problema relativo alla connessione
di rete, al disco in cui è archiviato il file o ai driver di archiviazione installati
nel computer oppure il disco è assente. Il programma Microsoft Windows Search Indexer
è stato chiuso a causa dell'errore. Programma: Microsoft Windows Search Indexer File:
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002

Il
valore dell'errore è indicato nella sezione Dati aggiuntivi. Azione utente 1. Aprire
nuovamente il file. Potrebbe trattarsi di un problema temporaneo che si risolverà
automaticamente rieseguendo il programma. 2. Se il file risulta comunque non accessibile
e: - Si trova in rete, è necessario che l'amministratore della rete verifichi la
presenza di eventuali problemi di rete e che sia possibile contattare il server.
-
Si trova in un disco rimovibile, ad esempio un disco floppy o un CD, verificare
che il disco sia inserito correttamente nel computer. 3. Controllare e ripristinare
il file system eseguendo CHKDSK. Per eseguire CHKDSK, fare clic sul pulsante Start,
scegliere Esegui, digitare CMD, quindi scegliere OK. Al prompt dei comandi, digitare
CHKDSK /F, quindi premere INVIO. 4. Se il problema persiste, ripristinare il file
da una copia di backup. 5. Determinare se è possibile aprire altri file nello stesso
disco. Se non è possibile, il disco potrebbe essere danneggiato. Se si tratta di
un disco rigido, contattare l'amministratore o il fornitore dell'hardware del computer
per ottenere assistenza. Dati aggiuntivi Valore errore: C0000185 Tipo disco: 3

Error - 17/05/2013 13:17:05 | Computer Name = Utente-PC3 | Source = Application Error | ID = 1000
Description = Nome dell'applicazione che ha generato l'errore: SearchIndexer.exe,
versione: 7.0.7601.17610, timestamp: 0x4dc0d019 Nome del modulo che ha generato
l'errore: msvcrt.dll, versione: 7.0.7601.17744, timestamp: 0x4eeb033f Codice eccezione:
0xc0000006 Offset errore 0x000000000000120b ID processo che ha generato l'errore:
0x144 Ora di avvio dell'applicazione che ha generato l'errore: 0x01ce532242db4369
Percorso
dell'applicazione che ha generato l'errore: C:\Windows\system32\SearchIndexer.exe
Percorso
del modulo che ha generato l'errore: C:\Windows\system32\msvcrt.dll ID segnalazione:
983f1378-bf15-11e2-80ee-0025113b6d69

Error - 17/05/2013 13:17:05 | Computer Name = Utente-PC3 | Source = Application Error | ID = 1005
Description = Impossibile accedere al file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002
per uno dei motivi seguenti: Si è verificato un problema relativo alla connessione
di rete, al disco in cui è archiviato il file o ai driver di archiviazione installati
nel computer oppure il disco è assente. Il programma Microsoft Windows Search Indexer
è stato chiuso a causa dell'errore. Programma: Microsoft Windows Search Indexer File:
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002

Il
valore dell'errore è indicato nella sezione Dati aggiuntivi. Azione utente 1. Aprire
nuovamente il file. Potrebbe trattarsi di un problema temporaneo che si risolverà
automaticamente rieseguendo il programma. 2. Se il file risulta comunque non accessibile
e: - Si trova in rete, è necessario che l'amministratore della rete verifichi la
presenza di eventuali problemi di rete e che sia possibile contattare il server.
-
Si trova in un disco rimovibile, ad esempio un disco floppy o un CD, verificare
che il disco sia inserito correttamente nel computer. 3. Controllare e ripristinare
il file system eseguendo CHKDSK. Per eseguire CHKDSK, fare clic sul pulsante Start,
scegliere Esegui, digitare CMD, quindi scegliere OK. Al prompt dei comandi, digitare
CHKDSK /F, quindi premere INVIO. 4. Se il problema persiste, ripristinare il file
da una copia di backup. 5. Determinare se è possibile aprire altri file nello stesso
disco. Se non è possibile, il disco potrebbe essere danneggiato. Se si tratta di
un disco rigido, contattare l'amministratore o il fornitore dell'hardware del computer
per ottenere assistenza. Dati aggiuntivi Valore errore: C0000185 Tipo disco: 3

Error - 17/05/2013 13:21:09 | Computer Name = Utente-PC3 | Source = Application Error | ID = 1000
Description = Nome dell'applicazione che ha generato l'errore: SearchIndexer.exe,
versione: 7.0.7601.17610, timestamp: 0x4dc0d019 Nome del modulo che ha generato
l'errore: msvcrt.dll, versione: 7.0.7601.17744, timestamp: 0x4eeb033f Codice eccezione:
0xc0000006 Offset errore 0x000000000000120b ID processo che ha generato l'errore:
0xc3c Ora di avvio dell'applicazione che ha generato l'errore: 0x01ce5322d4abe7ee
Percorso
dell'applicazione che ha generato l'errore: C:\Windows\system32\SearchIndexer.exe
Percorso
del modulo che ha generato l'errore: C:\Windows\system32\msvcrt.dll ID segnalazione:
29f32ee2-bf16-11e2-80ee-0025113b6d69

Error - 17/05/2013 13:21:09 | Computer Name = Utente-PC3 | Source = Application Error | ID = 1005
Description = Impossibile accedere al file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002
per uno dei motivi seguenti: Si è verificato un problema relativo alla connessione
di rete, al disco in cui è archiviato il file o ai driver di archiviazione installati
nel computer oppure il disco è assente. Il programma Microsoft Windows Search Indexer
è stato chiuso a causa dell'errore. Programma: Microsoft Windows Search Indexer File:
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002

Il
valore dell'errore è indicato nella sezione Dati aggiuntivi. Azione utente 1. Aprire
nuovamente il file. Potrebbe trattarsi di un problema temporaneo che si risolverà
automaticamente rieseguendo il programma. 2. Se il file risulta comunque non accessibile
e: - Si trova in rete, è necessario che l'amministratore della rete verifichi la
presenza di eventuali problemi di rete e che sia possibile contattare il server.
-
Si trova in un disco rimovibile, ad esempio un disco floppy o un CD, verificare
che il disco sia inserito correttamente nel computer. 3. Controllare e ripristinare
il file system eseguendo CHKDSK. Per eseguire CHKDSK, fare clic sul pulsante Start,
scegliere Esegui, digitare CMD, quindi scegliere OK. Al prompt dei comandi, digitare
CHKDSK /F, quindi premere INVIO. 4. Se il problema persiste, ripristinare il file
da una copia di backup. 5. Determinare se è possibile aprire altri file nello stesso
disco. Se non è possibile, il disco potrebbe essere danneggiato. Se si tratta di
un disco rigido, contattare l'amministratore o il fornitore dell'hardware del computer
per ottenere assistenza. Dati aggiuntivi Valore errore: C0000185 Tipo disco: 3

Error - 17/05/2013 13:21:50 | Computer Name = Utente-PC3 | Source = Application Error | ID = 1000
Description = Nome dell'applicazione che ha generato l'errore: SearchIndexer.exe,
versione: 7.0.7601.17610, timestamp: 0x4dc0d019 Nome del modulo che ha generato
l'errore: msvcrt.dll, versione: 7.0.7601.17744, timestamp: 0x4eeb033f Codice eccezione:
0xc0000006 Offset errore 0x000000000000120b ID processo che ha generato l'errore:
0x9c8 Ora di avvio dell'applicazione che ha generato l'errore: 0x01ce5322eca641ef
Percorso
dell'applicazione che ha generato l'errore: C:\Windows\system32\SearchIndexer.exe
Percorso
del modulo che ha generato l'errore: C:\Windows\system32\msvcrt.dll ID segnalazione:
420d465a-bf16-11e2-80ee-0025113b6d69

Error - 17/05/2013 13:21:50 | Computer Name = Utente-PC3 | Source = Application Error | ID = 1005
Description = Impossibile accedere al file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002
per uno dei motivi seguenti: Si è verificato un problema relativo alla connessione
di rete, al disco in cui è archiviato il file o ai driver di archiviazione installati
nel computer oppure il disco è assente. Il programma Microsoft Windows Search Indexer
è stato chiuso a causa dell'errore. Programma: Microsoft Windows Search Indexer File:
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002

Il
valore dell'errore è indicato nella sezione Dati aggiuntivi. Azione utente 1. Aprire
nuovamente il file. Potrebbe trattarsi di un problema temporaneo che si risolverà
automaticamente rieseguendo il programma. 2. Se il file risulta comunque non accessibile
e: - Si trova in rete, è necessario che l'amministratore della rete verifichi la
presenza di eventuali problemi di rete e che sia possibile contattare il server.
-
Si trova in un disco rimovibile, ad esempio un disco floppy o un CD, verificare
che il disco sia inserito correttamente nel computer. 3. Controllare e ripristinare
il file system eseguendo CHKDSK. Per eseguire CHKDSK, fare clic sul pulsante Start,
scegliere Esegui, digitare CMD, quindi scegliere OK. Al prompt dei comandi, digitare
CHKDSK /F, quindi premere INVIO. 4. Se il problema persiste, ripristinare il file
da una copia di backup. 5. Determinare se è possibile aprire altri file nello stesso
disco. Se non è possibile, il disco potrebbe essere danneggiato. Se si tratta di
un disco rigido, contattare l'amministratore o il fornitore dell'hardware del computer
per ottenere assistenza. Dati aggiuntivi Valore errore: C0000185 Tipo disco: 3

Error - 17/05/2013 13:22:30 | Computer Name = Utente-PC3 | Source = Application Error | ID = 1000
Description = Nome dell'applicazione che ha generato l'errore: SearchIndexer.exe,
versione: 7.0.7601.17610, timestamp: 0x4dc0d019 Nome del modulo che ha generato
l'errore: msvcrt.dll, versione: 7.0.7601.17744, timestamp: 0x4eeb033f Codice eccezione:
0xc0000006 Offset errore 0x000000000000120b ID processo che ha generato l'errore:
0xfac Ora di avvio dell'applicazione che ha generato l'errore: 0x01ce532304dd0993
Percorso
dell'applicazione che ha generato l'errore: C:\Windows\system32\SearchIndexer.exe
Percorso
del modulo che ha generato l'errore: C:\Windows\system32\msvcrt.dll ID segnalazione:
5a07a05b-bf16-11e2-80ee-0025113b6d69

Error - 17/05/2013 13:22:30 | Computer Name = Utente-PC3 | Source = Application Error | ID = 1005
Description = Impossibile accedere al file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002
per uno dei motivi seguenti: Si è verificato un problema relativo alla connessione
di rete, al disco in cui è archiviato il file o ai driver di archiviazione installati
nel computer oppure il disco è assente. Il programma Microsoft Windows Search Indexer
è stato chiuso a causa dell'errore. Programma: Microsoft Windows Search Indexer File:
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002

Il
valore dell'errore è indicato nella sezione Dati aggiuntivi. Azione utente 1. Aprire
nuovamente il file. Potrebbe trattarsi di un problema temporaneo che si risolverà
automaticamente rieseguendo il programma. 2. Se il file risulta comunque non accessibile
e: - Si trova in rete, è necessario che l'amministratore della rete verifichi la
presenza di eventuali problemi di rete e che sia possibile contattare il server.
-
Si trova in un disco rimovibile, ad esempio un disco floppy o un CD, verificare
che il disco sia inserito correttamente nel computer. 3. Controllare e ripristinare
il file system eseguendo CHKDSK. Per eseguire CHKDSK, fare clic sul pulsante Start,
scegliere Esegui, digitare CMD, quindi scegliere OK. Al prompt dei comandi, digitare
CHKDSK /F, quindi premere INVIO. 4. Se il problema persiste, ripristinare il file
da una copia di backup. 5. Determinare se è possibile aprire altri file nello stesso
disco. Se non è possibile, il disco potrebbe essere danneggiato. Se si tratta di
un disco rigido, contattare l'amministratore o il fornitore dell'hardware del computer
per ottenere assistenza. Dati aggiuntivi Valore errore: C0000185 Tipo disco: 3

Error - 17/05/2013 13:23:10 | Computer Name = Utente-PC3 | Source = Application Error | ID = 1000
Description = Nome dell'applicazione che ha generato l'errore: SearchIndexer.exe,
versione: 7.0.7601.17610, timestamp: 0x4dc0d019 Nome del modulo che ha generato
l'errore: msvcrt.dll, versione: 7.0.7601.17744, timestamp: 0x4eeb033f Codice eccezione:
0xc0000006 Offset errore 0x000000000000120b ID processo che ha generato l'errore:
0xe18 Ora di avvio dell'applicazione che ha generato l'errore: 0x01ce53231c9b1d02
Percorso
dell'applicazione che ha generato l'errore: C:\Windows\system32\SearchIndexer.exe
Percorso
del modulo che ha generato l'errore: C:\Windows\system32\msvcrt.dll ID segnalazione:
720a10cb-bf16-11e2-80ee-0025113b6d69

Error - 17/05/2013 13:23:10 | Computer Name = Utente-PC3 | Source = Application Error | ID = 1005
Description = Impossibile accedere al file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002
per uno dei motivi seguenti: Si è verificato un problema relativo alla connessione
di rete, al disco in cui è archiviato il file o ai driver di archiviazione installati
nel computer oppure il disco è assente. Il programma Microsoft Windows Search Indexer
è stato chiuso a causa dell'errore. Programma: Microsoft Windows Search Indexer File:
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.002

Il
valore dell'errore è indicato nella sezione Dati aggiuntivi. Azione utente 1. Aprire
nuovamente il file. Potrebbe trattarsi di un problema temporaneo che si risolverà
automaticamente rieseguendo il programma. 2. Se il file risulta comunque non accessibile
e: - Si trova in rete, è necessario che l'amministratore della rete verifichi la
presenza di eventuali problemi di rete e che sia possibile contattare il server.
-
Si trova in un disco rimovibile, ad esempio un disco floppy o un CD, verificare
che il disco sia inserito correttamente nel computer. 3. Controllare e ripristinare
il file system eseguendo CHKDSK. Per eseguire CHKDSK, fare clic sul pulsante Start,
scegliere Esegui, digitare CMD, quindi scegliere OK. Al prompt dei comandi, digitare
CHKDSK /F, quindi premere INVIO. 4. Se il problema persiste, ripristinare il file
da una copia di backup. 5. Determinare se è possibile aprire altri file nello stesso
disco. Se non è possibile, il disco potrebbe essere danneggiato. Se si tratta di
un disco rigido, contattare l'amministratore o il fornitore dell'hardware del computer
per ottenere assistenza. Dati aggiuntivi Valore errore: C0000185 Tipo disco: 3

[ System Events ]
Error - 17/05/2013 13:10:25 | Computer Name = Utente-PC3 | Source = Service Control Manager | ID = 7001
Description = Il servizio Gruppi reti peer dipende dal servizio Protocollo PNRP
che non è stato avviato per il seguente errore: %%-2140993535

Error - 17/05/2013 13:12:53 | Computer Name = Utente-PC3 | Source = Service Control Manager | ID = 7034
Description = Arresto imprevista del servizio Windows Search. Questo evento si è
già verificato 5 volta(e).

Error - 17/05/2013 13:13:39 | Computer Name = Utente-PC3 | Source = Service Control Manager | ID = 7034
Description = Arresto imprevista del servizio Windows Search. Questo evento si è
già verificato 6 volta(e).

Error - 17/05/2013 13:14:20 | Computer Name = Utente-PC3 | Source = Service Control Manager | ID = 7034
Description = Arresto imprevista del servizio Windows Search. Questo evento si è
già verificato 7 volta(e).

Error - 17/05/2013 13:15:27 | Computer Name = Utente-PC3 | Source = Service Control Manager | ID = 7034
Description = Arresto imprevista del servizio Windows Search. Questo evento si è
già verificato 8 volta(e).

Error - 17/05/2013 13:17:05 | Computer Name = Utente-PC3 | Source = Service Control Manager | ID = 7034
Description = Arresto imprevista del servizio Windows Search. Questo evento si è
già verificato 9 volta(e).

Error - 17/05/2013 13:21:10 | Computer Name = Utente-PC3 | Source = Service Control Manager | ID = 7034
Description = Arresto imprevista del servizio Windows Search. Questo evento si è
già verificato 10 volta(e).

Error - 17/05/2013 13:21:50 | Computer Name = Utente-PC3 | Source = Service Control Manager | ID = 7034
Description = Arresto imprevista del servizio Windows Search. Questo evento si è
già verificato 11 volta(e).

Error - 17/05/2013 13:22:30 | Computer Name = Utente-PC3 | Source = Service Control Manager | ID = 7034
Description = Arresto imprevista del servizio Windows Search. Questo evento si è
già verificato 12 volta(e).

Error - 17/05/2013 13:23:10 | Computer Name = Utente-PC3 | Source = Service Control Manager | ID = 7034
Description = Arresto imprevista del servizio Windows Search. Questo evento si è
già verificato 13 volta(e).


< End of report >

Attached Files

•  Extras.Txt   67.49KB   122 downloads
•  OTL.Txt   64.34KB   71 downloads

[Advertisements]

Hello SirStone and welcome to the Virus, Spyware, Malware Removal forum !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.

• Please read all of my response through at least once before attempting to follow the procedures described.
• Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
• Please follow the steps exactly as written, in the same order.
• If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
• This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
• Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.

Let's remove the adware and see what else is going on in there. After completing these steps, please tell me how the computer is doing.

Step 1

Remove an extension from Chrome
Click on the Chrome menu and click Tools

In the Extensions list please delete the following (you can delete by clicking on the trash can for the offending extensions)

• SpecialSavings
• Smiley Bar for Facebook

Step 2
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL by right clicking and selecting Run as administrator

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :commands
  [createrestorepoint]
  :OTL
  FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks: C:\Users\Utente\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2013/02/04 15:15:43 | 000,000,000 | ---D | M]
  FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Utente\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/03/19 09:22:24 | 000,000,000 | ---D | M]
  FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks: C:\Users\Utente\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2013/02/04 15:15:43 | 000,000,000 | ---D | M]
  FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Utente\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/02/04 15:15:57 | 000,000,000 | ---D | M]
  FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Utente\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/03/19 09:22:24 | 000,000,000 | ---D | M]
  [2013/03/19 09:22:24 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Users\Utente\AppData\Roaming\mozilla\Extensions\[email protected]
  [2013/02/04 15:15:57 | 000,000,000 | ---D | M] (Special Savings) -- C:\Users\Utente\AppData\Roaming\mozilla\Extensions\[email protected]
  [2013/02/04 15:15:43 | 000,000,000 | ---D | M] (Smiley Bar for Facebook) -- C:\Users\Utente\AppData\Roaming\mozilla\Extensions\statuswinks@StatusWinks
  O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
  O3 - HKU\S-1-5-21-1482847580-1378044522-3793485853-1000\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
  O3 - HKU\S-1-5-21-1482847580-1378044522-3793485853-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
  :commands
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the log it produces in your next reply.

Step 3
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete



Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

Step 4
Download Security Check from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

and finally
Step 5
Re-run OTL

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open OTL.Txt which is saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it in your response.

In your next reply I would like to see:

• did you remove the bad extensions from Chrome
• OTL fix log
• ADWcleaner log
• checkup.txt
• fresh OTL scan
• How is your computer running now?

[Crowbar]

Hello SirStone and welcome to the Virus, Spyware, Malware Removal forum !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.

• Please read all of my response through at least once before attempting to follow the procedures described.
• Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
• Please follow the steps exactly as written, in the same order.
• If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
• This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
• Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.

Let's remove the adware and see what else is going on in there. After completing these steps, please tell me how the computer is doing.

Step 1

Remove an extension from Chrome
Click on the Chrome menu and click Tools

In the Extensions list please delete the following (you can delete by clicking on the trash can for the offending extensions)

• SpecialSavings
• Smiley Bar for Facebook

Step 2
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL by right clicking and selecting Run as administrator

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :commands
  [createrestorepoint]
  :OTL
  FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks: C:\Users\Utente\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2013/02/04 15:15:43 | 000,000,000 | ---D | M]
  FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Utente\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/03/19 09:22:24 | 000,000,000 | ---D | M]
  FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks: C:\Users\Utente\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2013/02/04 15:15:43 | 000,000,000 | ---D | M]
  FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Utente\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/02/04 15:15:57 | 000,000,000 | ---D | M]
  FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Utente\AppData\Roaming\Mozilla\Extensions\[email protected] [2013/03/19 09:22:24 | 000,000,000 | ---D | M]
  [2013/03/19 09:22:24 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Users\Utente\AppData\Roaming\mozilla\Extensions\[email protected]
  [2013/02/04 15:15:57 | 000,000,000 | ---D | M] (Special Savings) -- C:\Users\Utente\AppData\Roaming\mozilla\Extensions\[email protected]
  [2013/02/04 15:15:43 | 000,000,000 | ---D | M] (Smiley Bar for Facebook) -- C:\Users\Utente\AppData\Roaming\mozilla\Extensions\statuswinks@StatusWinks
  O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
  O3 - HKU\S-1-5-21-1482847580-1378044522-3793485853-1000\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found.
  O3 - HKU\S-1-5-21-1482847580-1378044522-3793485853-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
  :commands
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post the log it produces in your next reply.

Step 3
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete



Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

Step 4
Download Security Check from here or here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

and finally
Step 5
Re-run OTL

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open OTL.Txt which is saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it in your response.

In your next reply I would like to see:

• did you remove the bad extensions from Chrome
• OTL fix log
• ADWcleaner log
• checkup.txt
• fresh OTL scan
• How is your computer running now?

[Crowbar]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.