I have my computer infected by this virus.
After I used combofix, malwarebytes, tdskiller, the firewall is still out.
I have xp pro service pack 3.
I post otl.txt and extras.txt.
Thank you for your help.
Max
OTL logfile created on: 23/04/2014 7.46.04 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Documents and Settings\Gigino\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 70,10% Memory free
3,85 Gb Paging File | 3,41 Gb Available in Paging File | 88,50% Paging File free
Paging file location(s): D:\pagefile.sys 0 0 [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Programmi
Drive C: | 48,83 Gb Total Space | 28,53 Gb Free Space | 58,43% Space Free | Partition Type: NTFS
Drive D: | 27,48 Gb Total Space | 4,71 Gb Free Space | 17,15% Space Free | Partition Type: FAT32
Computer Name: ORG-CEFISGJM7KR | User Name: Gigino | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
========== Processes (SafeList) ==========
PRC - D:\Documents and Settings\Gigino\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Programmi\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - D:\Programmi\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH)
PRC - D:\Programmi\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH)
PRC - D:\Programmi\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - D:\Programmi\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - D:\Programmi\Java\jre7\bin\javaw.exe (Oracle Corporation)
PRC - D:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - D:\WINDOWS\system32\devldr32.exe (Creative Technology Ltd.)
========== Modules (No Company Name) ==========
MOD - D:\WINDOWS\system32\msdmo.dll ()
MOD - D:\Programmi\VAIOXP\Libraries\vadvapi32.dll ()
MOD - D:\Programmi\VAIOXP\Libraries\vntdll.dll ()
MOD - D:\Programmi\VAIOXP\Libraries\vshell32.dll ()
MOD - D:\Programmi\VAIOXP\Libraries\vmsvcrt.dll ()
MOD - D:\Programmi\VAIOXP\Libraries\vuser32.dll ()
MOD - D:\Programmi\VAIOXP\Libraries\vuxtheme.dll ()
MOD - D:\Programmi\VAIOXP\Libraries\vcomctl32.dll ()
MOD - D:\Programmi\VAIOXP\Libraries\vkernel32.dll ()
MOD - D:\Programmi\VAIOXP\Libraries\vgdiplus.dll ()
MOD - D:\Programmi\VAIOXP\Libraries\vdwmapi.dll ()
========== Services (SafeList) ==========
SRV - (TeamViewer9) -- D:\Programmi\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeFlashPlayerUpdateSvc) -- D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- D:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MsMpSvc) -- D:\Programmi\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- D:\Programmi\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- D:\Programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (UMVPFSrv) -- D:\Programmi\File comuni\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (IDriverT) -- D:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
========== Driver Services (SafeList) ==========
DRV - (xhfrywjo) -- D:\WINDOWS\system32\drivers\xhfrywjo.sys File not found
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (ossrv) -- system32\drivers\ctoss2k.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (IntcAzAudAddService) -- system32\drivers\RtkHDAud.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (gmcsersa) -- D:\WINDOWS\system32\drivers\gmcsersa.sys File not found
DRV - (dgderdrv) -- System32\drivers\dgderdrv.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- D:\DOCUME~1\Gigino\IMPOST~1\Temp\catchme.sys File not found
DRV - (WsAudio_Device(3) -- D:\WINDOWS\system32\drivers\VirtualAudio3.sys (Wondershare)
DRV - (WsAudio_Device(2) -- D:\WINDOWS\system32\drivers\VirtualAudio2.sys (Wondershare)
DRV - (WsAudio_Device(1) -- D:\WINDOWS\system32\drivers\VirtualAudio1.sys (Wondershare)
DRV - (cpuidlep) -- D:\WINDOWS\System32\drivers\cpuidlep.sys ()
DRV - (LVUVC) -- D:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- D:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (MPE) -- D:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (gameenum) -- D:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (nvnetbus) -- D:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- D:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (3xHybrid) -- D:\WINDOWS\system32\drivers\3xHybrid.sys (ASUSTeK Computer Inc.)
DRV - (AsIO) -- D:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (MTsensor) -- D:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (PfModNT) -- D:\WINDOWS\system32\PFMODNT.SYS (Creative Technology Ltd.)
DRV - (sfman) -- D:\WINDOWS\system32\drivers\sfmanm.sys (Creative Technology Ltd.)
DRV - (emu10k1) -- D:\WINDOWS\system32\drivers\ctlfacem.sys (Creative Technology Ltd.)
DRV - (emu10k) -- D:\WINDOWS\system32\drivers\emu10k1m.sys (Creative Technology Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1085031214-920026266-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.it/
IE - HKU\S-1-5-21-1085031214-920026266-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1085031214-920026266-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it
IE - HKU\S-1-5-21-1085031214-920026266-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 1B 04 FA 55 06 CF 01 [binary data]
IE - HKU\S-1-5-21-1085031214-920026266-725345543-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1085031214-920026266-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-1085031214-920026266-725345543-1003\..\SearchScopes\{215784F3-A78E-4D00-9B68-5F0FFF215A63}: "URL" = http://www.google.co...{outputEncoding?}
IE - HKU\S-1-5-21-1085031214-920026266-725345543-1003\..\SearchScopes\{877CB1A2-1CE6-4995-A5B6-DB0ABC79700C}: "URL" = http://www.google.it...fca69c98b5d77d7
IE - HKU\S-1-5-21-1085031214-920026266-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Cerca..."
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"
FF - prefs.js..extensions.enabledAddons: %7B20cc25e2-48c9-45e1-9a1f-1ccc1882b81b%7D:1.9
FF - prefs.js..extensions.enabledAddons: %7B524B8EF8-C312-11DB-8039-536F56D89593%7D:4.39.0.0
FF - prefs.js..extensions.enabledAddons: %7Be968fc70-8f95-4ab9-9e79-304de2a71ee1%7D:0.7.3
FF - prefs.js..extensions.enabledAddons: %7Bc2921baa-9930-4d73-a203-f69db688f139%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 62667
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: D:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: D:\Programmi\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Programmi\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: D:\Programmi\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Programmi\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Programmi\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: D:\Programmi\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: D:\Programmi\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: D:\Programmi\Mozilla Firefox\plugins [2013/12/25 12.36.52 | 000,000,000 | ---D | M]
[2011/04/10 06.53.36 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Gigino\Dati applicazioni\Mozilla\Extensions
[2011/08/24 03.48.42 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Gigino\Dati applicazioni\Mozilla\Firefox\Profiles\wcte2m8l.default\extensions
[2011/08/24 03.48.54 | 000,010,285 | ---- | M] () (No name found) -- D:\Documents and Settings\Gigino\Dati applicazioni\Mozilla\Firefox\Profiles\wcte2m8l.default\extensions\{20cc25e2-48c9-45e1-9a1f-1ccc1882b81b}.xpi
[2012/08/19 11.01.14 | 000,050,279 | ---- | M] () (No name found) -- D:\Documents and Settings\Gigino\Dati applicazioni\Mozilla\Firefox\Profiles\wcte2m8l.default\extensions\{524B8EF8-C312-11DB-8039-536F56D89593}.xpi
[2012/08/23 16.10.00 | 000,042,336 | ---- | M] () (No name found) -- D:\Documents and Settings\Gigino\Dati applicazioni\Mozilla\Firefox\Profiles\wcte2m8l.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi
[2012/08/23 16.34.58 | 000,003,714 | ---- | M] () (No name found) -- D:\Documents and Settings\Gigino\Dati applicazioni\Mozilla\Firefox\Profiles\wcte2m8l.default\extensions\{c2921baa-9930-4d73-a203-f69db688f139}.xpi
[2013/12/23 03.36.12 | 000,714,654 | ---- | M] () (No name found) -- D:\Documents and Settings\Gigino\Dati applicazioni\Mozilla\Firefox\Profiles\wcte2m8l.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013/12/25 12.36.52 | 000,000,000 | ---D | M] (No name found) -- D:\Programmi\Mozilla Firefox\extensions
[2013/12/25 12.36.54 | 000,000,000 | ---D | M] (No name found) -- D:\Programmi\Mozilla Firefox\browser\extensions
[2013/12/25 12.36.54 | 000,000,000 | ---D | M] (Default) -- D:\Programmi\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2013/01/04 01.41.32 | 000,000,779 | RHS- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (Supporto di collegamento per Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Programmi\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programmi\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [MSC] D:\Programmi\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartupDelayer] D:\Programmi\r2 Studios\Startup Delayer\Startup Launcher.exe (r2 Studios)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] D:\Programmi\File comuni\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] D:\Programmi\File comuni\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - Startup: D:\Documents and Settings\Gigino\Menu Avvio\Programmi\Esecuzione automatica\Collegamento a html2pop3.lnk = D:\html2pop3249f\html2pop3.jar ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-920026266-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1085031214-920026266-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = [binary data]
O7 - HKU\S-1-5-21-1085031214-920026266-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1085031214-920026266-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Accoda collegamento con BID - D:\Programmi\Bulk Image Downloader\iemenu\iebidlinkqueue.htm ()
O8 - Extra context menu item: Accoda la pagina corrente con BID - D:\Programmi\Bulk Image Downloader\iemenu\iebidqueue.htm ()
O8 - Extra context menu item: Apri la pagina corrente con BID - D:\Programmi\Bulk Image Downloader\iemenu\iebid.htm ()
O8 - Extra context menu item: Apri la pagina corrente con BID Link Explorer - D:\Programmi\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm ()
O8 - Extra context menu item: Apri link con BID - D:\Programmi\Bulk Image Downloader\iemenu\iebidlink.htm ()
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C131726F-8793-4068-8C0D-1309A3574C16}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C131726F-8793-4068-8C0D-1309A3574C16}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CE40AA11-5A25-4BD4-9B4C-C276498D2B88}: NameServer = 176.31.229.24,176.31.229.25
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - D:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (vistaui.exe) - D:\WINDOWS\System32\vistaui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23.43.36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/01/03 19.09.16 | 000,000,000 | ---- | M] () - D:\autoexec.bat -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 60 Days ==========
[2014/04/23 07.42.33 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Gigino\Desktop\OTL.exe
[2014/04/23 07.35.03 | 000,000,000 | ---D | C] -- D:\AdwCleaner
[2014/04/21 01.46.07 | 000,000,000 | -HSD | C] -- D:\$RECYCLE.BIN
[2014/04/21 01.03.49 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/21 01.03.35 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes Anti-Malware
[2014/04/21 01.03.19 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/21 01.03.19 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2014/04/21 01.03.19 | 000,000,000 | ---D | C] -- D:\Programmi\Malwarebytes Anti-Malware
[2014/04/21 00.45.08 | 000,000,000 | -HSD | C] -- D:\Recycled
[2014/04/21 00.17.26 | 000,000,000 | --SD | C] -- D:\ComboFix
[2014/04/21 00.17.21 | 000,000,000 | ---D | C] -- D:\Qoobox
[2014/04/21 00.09.10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dati applicazioni\2992199F9A
[2014/04/20 22.05.26 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Gigino\Recent
[2014/04/20 16.44.14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Gigino\Dati applicazioni\TeamViewer
[2014/04/20 16.44.07 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Menu Avvio\Programmi\TeamViewer 9
[2014/04/20 16.43.58 | 000,000,000 | ---D | C] -- D:\Programmi\TeamViewer
[2014/04/04 16.58.30 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Gigino\Documenti\Nuova cartella
[2014/02/28 16.09.50 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dati applicazioni\nView_Profiles
[2014/02/28 16.03.52 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dati applicazioni\NVIDIA Corporation
[2014/02/28 16.03.22 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrshe.dll
[2014/02/28 16.03.22 | 000,286,720 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrsfr.dll
[2014/02/28 16.03.22 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrsit.dll
[2014/02/28 16.03.22 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrses.dll
[2014/02/28 16.03.22 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrspt.dll
[2014/02/28 16.03.22 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrsnl.dll
[2014/02/28 16.03.22 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrsja.dll
[2014/02/28 16.03.22 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrsesm.dll
[2014/02/28 16.03.22 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrsru.dll
[2014/02/28 16.03.22 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrsptb.dll
[2014/02/28 16.03.22 | 000,266,240 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrsko.dll
[2014/02/28 16.03.22 | 000,262,144 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrshu.dll
[2014/02/28 16.03.22 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrstr.dll
[2014/02/28 16.03.22 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrssl.dll
[2014/02/28 16.03.22 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrssk.dll
[2014/02/28 16.03.22 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrspl.dll
[2014/02/28 16.03.22 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrsth.dll
[2014/02/28 16.03.22 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrssv.dll
[2014/02/28 16.03.22 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrsno.dll
[2014/02/28 16.03.22 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrsfi.dll
[2014/02/28 16.03.22 | 000,229,376 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrszhc.dll
[2014/02/28 16.03.22 | 000,126,976 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrszht.dll
[2014/02/28 16.03.21 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrsar.dll
[2014/02/28 16.03.21 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrsel.dll
[2014/02/28 16.03.21 | 000,278,528 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrsde.dll
[2014/02/28 16.03.21 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrsda.dll
[2014/02/28 16.03.21 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrseng.dll
[2014/02/28 16.03.21 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvrscs.dll
[2014/02/28 16.03.21 | 000,144,160 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvcolor.exe
[2014/02/28 16.03.20 | 015,517,472 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvcpl.dll
[2014/02/28 16.03.19 | 000,108,832 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvmctray.dll
[2014/02/28 16.03.16 | 000,054,272 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvwddi.dll
[2014/02/28 16.01.54 | 019,189,760 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvoglnt.dll
[2014/02/28 16.01.54 | 007,536,640 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvcuda.dll
[2014/02/28 16.01.54 | 005,967,872 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvopencl.dll
[2014/02/28 16.01.54 | 002,581,792 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvcuvid.dll
[2014/02/28 16.01.54 | 001,869,088 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvcuvenc.dll
[2014/02/28 16.01.54 | 001,010,464 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvdispco32.dll
[2014/02/28 16.01.54 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvdispgenco32.dll
[2014/02/28 16.01.46 | 017,551,360 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvcompiler.dll
[2014/02/28 16.01.46 | 002,389,504 | ---- | C] (NVIDIA Corporation) -- D:\WINDOWS\System32\nvapi.dll
[2014/02/28 16.01.17 | 000,000,000 | ---D | C] -- D:\Programmi\NVIDIA Corporation
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[1 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 60 Days ==========
[2014/04/23 07.50.02 | 000,000,436 | -H-- | M] () -- D:\WINDOWS\tasks\User_Feed_Synchronization-{7BDB5661-0CA4-4032-85BA-EF1F5206B7B0}.job
[2014/04/23 07.49.30 | 000,000,398 | -H-- | M] () -- D:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/04/23 07.49.00 | 000,000,358 | -H-- | M] () -- D:\WINDOWS\tasks\MpIdleTask.job
[2014/04/23 07.45.28 | 000,001,130 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/23 07.43.02 | 000,000,978 | ---- | M] () -- D:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/04/23 07.42.02 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Gigino\Desktop\OTL.exe
[2014/04/23 07.39.06 | 000,001,126 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/23 07.39.02 | 000,000,262 | ---- | M] () -- D:\WINDOWS\tasks\Controllo volume.job
[2014/04/23 07.38.58 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2014/04/21 01.42.18 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2014/04/21 01.04.06 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
[2014/04/21 01.03.36 | 000,000,657 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/21 00.10.36 | 000,000,480 | ---- | M] () -- D:\WINDOWS\System32\drivers\jlkodeyz.dat
[2014/04/21 00.10.02 | 000,000,480 | ---- | M] () -- D:\WINDOWS\System32\drivers\peufxjif.dat
[2014/04/21 00.09.34 | 000,000,480 | ---- | M] () -- D:\WINDOWS\System32\drivers\dvyqsfem.dat
[2014/04/20 21.38.14 | 000,147,608 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2014/04/19 19.00.54 | 000,000,578 | ---- | M] () -- D:\Documents and Settings\Gigino\Desktop\INPS GIGINO.url
[2014/04/19 18.49.50 | 000,004,327 | ---- | M] () -- D:\Documents and Settings\Gigino\Desktop\ilCiriaco.it » Quotidiano on line della provincia di Avellino (2).url
[2014/04/18 19.43.36 | 000,000,679 | ---- | M] () -- D:\Documents and Settings\Gigino\Desktop\Ottopagine.net - Quotidiano online.url
[2014/04/14 19.24.34 | 000,000,516 | ---- | M] () -- D:\Documents and Settings\Gigino\Desktop\il Quaderno.url
[2014/04/09 17.08.58 | 000,002,517 | ---- | M] () -- D:\Documents and Settings\Gigino\Desktop\Microsoft Word.lnk
[2014/04/04 15.25.48 | 000,004,376 | ---- | M] () -- D:\Documents and Settings\Gigino\Desktop\Corriere della Sera.url
[2014/04/03 09.51.06 | 000,050,648 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/04/03 09.50.56 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2014/04/01 17.36.52 | 000,000,259 | ---- | M] () -- D:\Documents and Settings\Gigino\Desktop\L'Irpinia che vuole cambiare Il blog di Romeo Castiglione.url
[2014/04/01 16.50.00 | 000,965,692 | ---- | M] () -- D:\Documents and Settings\All Users\Dati applicazioni\3mqbnzjhbn.bbr
[2014/03/23 19.20.08 | 000,000,220 | ---- | M] () -- D:\Documents and Settings\Gigino\Desktop\La Repubblica.it - Homepage.url
[2014/03/21 20.06.42 | 000,002,241 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Skype.lnk
[2014/03/21 19.57.20 | 000,001,550 | ---- | M] () -- D:\WINDOWS\System32\drivers\kmjmppes.dat
[2014/03/06 11.52.24 | 000,000,256 | ---- | M] () -- D:\Documents and Settings\Gigino\Desktop\Google Traduttore.url
[2014/03/01 21.52.04 | 000,520,652 | ---- | M] () -- D:\WINDOWS\System32\perfh010.dat
[2014/03/01 21.52.04 | 000,473,858 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2014/03/01 21.52.04 | 000,089,836 | ---- | M] () -- D:\WINDOWS\System32\perfc010.dat
[2014/03/01 21.52.04 | 000,076,744 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2014/03/01 10.42.18 | 009,961,472 | ---- | M] () -- D:\Documents and Settings\Gigino\ntuser.bak
[2014/02/28 16.02.36 | 001,072,544 | ---- | M] () -- D:\WINDOWS\System32\nvdrsdb0.bin
[2014/02/28 16.02.36 | 000,000,001 | ---- | M] () -- D:\WINDOWS\System32\nvdrssel.bin
[2014/02/28 16.02.22 | 001,072,544 | ---- | M] () -- D:\WINDOWS\System32\nvdrsdb1.bin
[2014/02/28 16.02.22 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\nvdrswr.lk
[2014/02/28 15.52.58 | 000,001,984 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
[2014/02/28 15.47.04 | 000,000,010 | ---- | M] () -- D:\WINDOWS\WININIT.INI
[2014/02/24 15.05.00 | 000,000,835 | ---- | M] () -- D:\Documents and Settings\Gigino\Desktop\Panorama.url
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[1 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/04/21 01.03.35 | 000,000,657 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/21 00.10.34 | 000,000,480 | ---- | C] () -- D:\WINDOWS\System32\drivers\jlkodeyz.dat
[2014/04/21 00.09.59 | 000,000,480 | ---- | C] () -- D:\WINDOWS\System32\drivers\peufxjif.dat
[2014/04/21 00.09.32 | 000,000,480 | ---- | C] () -- D:\WINDOWS\System32\drivers\dvyqsfem.dat
[2014/03/23 11.05.57 | 000,965,692 | ---- | C] () -- D:\Documents and Settings\All Users\Dati applicazioni\3mqbnzjhbn.bbr
[2014/03/21 19.57.17 | 000,001,550 | ---- | C] () -- D:\WINDOWS\System32\drivers\kmjmppes.dat
[2014/02/28 16.28.03 | 000,000,259 | ---- | C] () -- D:\Documents and Settings\Gigino\Desktop\L'Irpinia che vuole cambiare Il blog di Romeo Castiglione.url
[2014/02/28 16.02.22 | 001,072,544 | ---- | C] () -- D:\WINDOWS\System32\nvdrsdb0.bin
[2014/02/28 16.02.21 | 001,072,544 | ---- | C] () -- D:\WINDOWS\System32\nvdrsdb1.bin
[2014/02/28 16.02.21 | 000,000,001 | ---- | C] () -- D:\WINDOWS\System32\nvdrssel.bin
[2014/02/28 16.02.21 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\nvdrswr.lk
[2014/02/28 16.01.54 | 002,816,504 | ---- | C] () -- D:\WINDOWS\System32\nvdata.data
[2014/02/28 16.01.54 | 000,015,449 | ---- | C] () -- D:\WINDOWS\System32\nvinfo.pb
[2014/02/28 15.46.44 | 000,000,010 | ---- | C] () -- D:\WINDOWS\WININIT.INI
[2013/12/31 12.14.03 | 000,000,000 | ---- | C] () -- D:\WINDOWS\ativpsrm.bin
[2013/12/05 17.24.37 | 000,346,998 | ---- | C] () -- D:\Documents and Settings\Gigino\Carol.zip
[2013/12/05 17.24.37 | 000,031,186 | ---- | C] () -- D:\Documents and Settings\Gigino\R. Verdesca ed altri 001.jpg
[2013/10/28 18.24.04 | 000,149,483 | ---- | C] () -- D:\Documents and Settings\Gigino\attoACQ (1).pdf
[2013/10/22 17.07.29 | 005,646,336 | ---- | C] () -- D:\Documents and Settings\Gigino\17- Alfred+de+Musset-Venise.pps
[2013/09/29 20.07.20 | 006,777,344 | ---- | C] () -- D:\Documents and Settings\Gigino\Montenegro (fm K).pps
[2013/09/29 19.49.57 | 013,196,024 | ---- | C] () -- D:\Documents and Settings\Gigino\ADYA_GEISHA_-_CHERUBINOS_ARIA_Official_Video.flv
[2013/08/24 11.10.17 | 000,000,600 | ---- | C] () -- D:\Documents and Settings\Gigino\PUTTY.RND
[2013/08/22 13.56.22 | 000,134,042 | ---- | C] () -- D:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\WPFFontCache_v0400-System.dat
[2013/08/22 01.05.39 | 000,000,014 | ---- | C] () -- D:\WINDOWS\System32\SysInfo_Xinfire_Std.dll
[2013/08/20 10.06.45 | 000,065,536 | ---- | C] ( ) -- D:\WINDOWS\System32\a3d.dll
[2013/08/15 23.59.20 | 000,000,011 | ---- | C] () -- D:\WINDOWS\SBWIN.INI
[2013/08/15 23.59.18 | 001,048,576 | ---- | C] () -- D:\WINDOWS\System32\SFMAN.DAT
[2013/08/15 23.59.18 | 000,000,231 | ---- | C] () -- D:\WINDOWS\AC3API.INI
[2013/06/14 19.56.18 | 000,974,848 | ---- | C] () -- D:\WINDOWS\System32\cis-2.4.dll
[2013/06/14 19.56.18 | 000,081,920 | ---- | C] () -- D:\WINDOWS\System32\issacapi_bs-2.3.dll
[2013/06/14 19.56.18 | 000,065,536 | ---- | C] () -- D:\WINDOWS\System32\issacapi_pe-2.3.dll
[2013/06/14 19.56.18 | 000,057,344 | ---- | C] () -- D:\WINDOWS\System32\issacapi_se-2.3.dll
[2013/01/11 09.31.16 | 000,000,000 | ---- | C] () -- D:\WINDOWS\Irremote.ini
[2013/01/10 20.03.41 | 000,001,024 | ---- | C] () -- D:\Documents and Settings\Gigino\.rnd
[2013/01/06 16.45.37 | 000,008,184 | RHS- | C] () -- D:\Documents and Settings\All Users\ntuser.pol
[2013/01/03 18.32.24 | 000,001,152 | ---- | C] () -- D:\WINDOWS\System32\windrv.sys
[2013/01/03 13.39.01 | 000,256,000 | ---- | C] () -- D:\WINDOWS\PEV.exe
[2013/01/03 13.39.01 | 000,208,896 | ---- | C] () -- D:\WINDOWS\MBR.exe
[2013/01/03 13.39.01 | 000,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe
[2013/01/03 13.39.01 | 000,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe
[2013/01/03 13.39.01 | 000,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe
[2013/01/02 15.29.54 | 009,961,472 | ---- | C] () -- D:\Documents and Settings\Gigino\ntuser.bak
[2012/12/30 05.31.53 | 000,000,076 | ---- | C] () -- D:\WINDOWS\FaceSwapper.ini
[2012/12/02 19.58.51 | 002,762,240 | ---- | C] () -- D:\Documents and Settings\Gigino\il camuffaggio in natura GB.pps
[2012/11/30 19.26.29 | 008,990,645 | ---- | C] () -- D:\Documents and Settings\Gigino\van1.wmv
[2012/11/30 19.26.29 | 001,450,496 | ---- | C] () -- D:\Documents and Settings\Gigino\Photos de paysages.pps
[2012/11/25 19.47.33 | 007,092,736 | ---- | C] () -- D:\Documents and Settings\Gigino\Canaux_du_monde (fm K).pps
[2012/11/25 19.47.32 | 003,930,624 | ---- | C] () -- D:\Documents and Settings\Gigino\Anna_Kostenko_Paintings_not_Photographs1.pps
[2012/09/29 01.11.42 | 000,003,072 | ---- | C] () -- D:\WINDOWS\System32\iacenc.dll
[2012/08/19 00.58.40 | 000,000,026 | ---- | C] () -- D:\WINDOWS\iTouch.ini
[2012/08/17 04.21.22 | 000,001,984 | ---- | C] () -- D:\WINDOWS\System32\d3d9caps.dat
[2012/08/15 15.42.00 | 000,024,576 | R--- | C] () -- D:\WINDOWS\System32\AsIO.dll
[2012/08/15 15.41.59 | 000,012,664 | R--- | C] () -- D:\WINDOWS\System32\drivers\AsIO.sys
[2012/08/15 15.40.48 | 000,017,241 | ---- | C] () -- D:\WINDOWS\Ascd_tmp.ini
[2012/08/15 12.14.30 | 000,004,484 | ---- | C] () -- D:\WINDOWS\System32\drivers\cpuidlep.sys
[2012/08/14 19.21.45 | 000,000,516 | ---- | C] () -- D:\WINDOWS\System32\drivers\utphgqmx.dat
[2012/06/30 15.12.34 | 000,029,102 | ---- | C] () -- D:\Documents and Settings\Gigino\Menu Avvio.rar
[2011/09/02 14.22.18 | 000,000,470 | RHS- | C] () -- D:\Documents and Settings\Gigino\ntuser.pol
[2011/01/01 17.35.25 | 000,041,984 | ---- | C] () -- D:\Documents and Settings\Gigino\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2011/04/22 18.54.24 | 000,000,227 | RHS- | M] () -- D:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 03.13.50 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 11.51.44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 03.13.56 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2011/01/01 17.45.18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dati applicazioni\UDL
[2011/03/05 18.30.46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dati applicazioni\IM
[2011/03/05 18.30.46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dati applicazioni\IncrediMail
[2011/04/10 17.54.20 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dati applicazioni\TEMP
[2011/08/15 23.55.36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dati applicazioni\Speed Soft
[2013/01/03 15.55.26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dati applicazioni\HitmanPro
[2013/08/22 01.05.42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dati applicazioni\Xinfire
[2013/08/22 10.44.50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dati applicazioni\Samsung
[2014/01/02 14.42.10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dati applicazioni\Auslogics
[2014/01/05 21.55.18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dati applicazioni\AVAST Software
[2014/01/08 17.40.08 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dati applicazioni\r2 Studios
[2014/01/11 01.28.08 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dati applicazioni\Doctor Web
[2014/04/21 00.09.12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Dati applicazioni\2992199F9A
[2011/01/01 23.24.10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\Styler
[2011/04/10 19.27.00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\URSoft
[2011/03/02 19.33.16 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\Oplua
[2011/04/14 01.53.46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\uTorrent
[2011/04/21 10.51.24 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\Anthropics
[2011/08/22 17.51.26 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\EPSON
[2011/08/22 18.10.32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\XnView
[2011/08/25 16.18.52 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\GetRightToGo
[2011/08/25 16.31.08 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\Xentient
[2011/08/31 18.11.18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\WinMacro
[2011/09/02 00.07.04 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\Morpheus Software
[2011/09/03 01.36.34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\FogelSoft
[2011/09/03 02.22.58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\ChemTable Software
[2011/09/03 15.06.48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\ViStart
[2012/08/17 04.56.50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\Oracle
[2012/08/17 19.48.18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\HD Tune Pro
[2012/08/22 02.12.28 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\Shareaza
[2012/12/24 10.31.14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\Orbit
[2012/12/24 10.33.10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\GrabPro
[2012/12/24 10.33.16 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\ProgSense
[2013/04/01 03.27.14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\Wise Registry Cleaner
[2013/08/15 10.33.18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\KoshyJohn.com
[2013/08/16 22.47.02 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\ZipGenius
[2013/08/18 00.48.46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\BID
[2013/08/22 10.48.58 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\Samsung
[2013/09/14 11.54.46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\Printparade
[2013/12/26 17.57.04 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\FLVPlayer4Free
[2013/12/30 23.01.36 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\Leadertech
[2014/01/02 14.57.50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\Auslogics
[2014/01/07 00.40.44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\ElevatedDiagnostics
[2014/04/20 16.44.16 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Gigino\Dati applicazioni\TeamViewer
[2014/01/05 16.45.22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Dati applicazioni\Xentient
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2013/11/25 19.18.46 | 106,151,155 | ---- | M] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\䪑⻭唄6
[2013/11/25 19.18.44 | 106,151,155 | ---- | C] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\䪑⻭唄6
[2013/11/25 11.56.52 | 106,035,404 | ---- | M] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\跀購唄6
[2013/11/25 11.56.51 | 106,035,404 | ---- | C] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\跀購唄6
[2013/11/18 17.45.18 | 104,931,504 | ---- | M] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\綛⊧唄6
[2013/11/18 17.45.17 | 104,931,504 | ---- | C] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\綛⊧唄6
[2013/11/16 16.19.04 | 191,594,496 | ---- | M] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\璆찝唄6
[2013/11/16 16.19.02 | 191,594,496 | ---- | C] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\璆찝唄6
[2013/10/27 08.16.00 | 103,214,166 | ---- | M] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\믔唄6
[2013/10/27 08.08.36 | 103,214,166 | ---- | C] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\믔唄6
[2013/10/20 15.49.32 | 102,034,533 | ---- | M] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\눯촛唄6
[2013/10/20 15.49.30 | 102,034,533 | ---- | C] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\눯촛唄6
[2013/10/07 19.32.40 | 099,717,279 | ---- | M] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\䍕늓唄6
[2013/10/07 18.13.06 | 099,717,279 | ---- | C] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\䍕늓唄6
[2013/10/03 12.09.00 | 315,719,680 | ---- | M] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\⣅⼑唄6
[2013/10/03 12.08.58 | 315,719,680 | ---- | C] ()(D:\WINDOWS\System32\???6) -- D:\WINDOWS\System32\⣅⼑唄6
< End of report >
OTL Extras logfile created on: 23/04/2014 7.46.04 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Documents and Settings\Gigino\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 70,10% Memory free
3,85 Gb Paging File | 3,41 Gb Available in Paging File | 88,50% Paging File free
Paging file location(s): D:\pagefile.sys 0 0 [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Programmi
Drive C: | 48,83 Gb Total Space | 28,53 Gb Free Space | 58,43% Space Free | Partition Type: NTFS
Drive D: | 27,48 Gb Total Space | 4,71 Gb Free Space | 17,15% Space Free | Partition Type: FAT32
Computer Name: ORG-CEFISGJM7KR | User Name: Gigino | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-1085031214-920026266-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03ADC8AB-C130-0C3D-1FF9-2C385DF25689}" = CCC Help Czech
"{07021185-008D-ABF9-7716-475AC035F8B3}" = CCC Help Spanish
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{0F8D0406-7755-AC37-6529-73AD649DBE32}" = Catalyst Control Center Graphics Previews Common
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1859BB19-EF0A-4196-9F48-569499FE7420}" = Raccolta foto di Windows Live
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22072CC8-7230-96F8-52F4-05EAF3F906B6}" = CCC Help Polish
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2368ADBD-6FDF-4B9F-FE41-E20B4D78E79E}" = CCC Help Chinese Standard
"{2445981B-A23B-4A0E-AD15-3D391BDAEC3E}" = HDD Regenerator
"{25EF0DC4-B072-2E04-4581-A13C91423CE6}" = CCC Help Portuguese
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5
"{26F7855C-443B-00A6-F7B8-A97A5403F617}" = CCC Help Danish
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2CB4A925-48A7-DA65-DCEE-D4DE224B7D84}" = CCC Help English
"{2F7E5F47-40EC-403E-844C-0874E07F5358}" = RealSpeak Solo per l'Italiano, Silvia
"{306D75B9-7FFF-FF65-0C76-57F2FE4FE1D6}" = Catalyst Control Center Core Implementation
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32714140-CBC5-3FAF-BFC2-3A7376C3EECF}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack
"{32B12FE4-5A51-751A-1FB6-A14E97EBDD5C}" = CCC Help German
"{350C97BE-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{351512E5-01BD-E878-6F57-AA3E517D9ECE}" = Skins
"{354A387E-0374-21A3-6832-335674A6D7D1}" = CCC Help French
"{3C00BEE9-26D0-D9E0-A2D1-62F70D412A12}" = CCC Help Turkish
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FCAADB8-EB1B-11D6-AB2D-0090271A23A2}" = Sound Blaster Live! Web 2K/XP
"{4346F7AA-3D56-0941-424C-4454E04D37F6}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CAE2F2C-75CD-A0DE-7520-449BCBBCC833}" = CCC Help Korean
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F7F0A5-8F22-8E63-E819-803B5C9CA3A5}" = CCC Help Dutch
"{5EA437D2-7A57-B60E-E8F2-76BFAC0895A5}" = CCC Help Chinese Traditional
"{61AF4E75-050E-0304-3417-8BC16417FEB1}" = CCC Help Greek
"{632005DA-C291-5275-284C-5EE96B05C714}" = Catalyst Control Center HydraVision Full
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6C72BE0C-3E25-CACD-0070-2FD9C02ABA14}" = ccc-core-preinstall
"{6F695BCF-9BDC-48AB-8D46-D57CFAD7A248}" = Assistente per l'accesso a Windows Live
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Aslogics BoostSpeed
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{880BB617-914E-17E8-D877-A96BAC5794D2}" = Catalyst Control Center Graphics Full New
"{8897CF22-DB6C-8248-895C-12BFA2677F51}" = CCC Help Hungarian
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0410-0000-0000000FF1CE}" = Pacchetto di compatibilità per Office System 2007
"{90280410-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional con FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CEB017E-CC16-4C89-B9E4-AAB5A1DD12F9}" = Windows Live Essentials
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1040-7B44-A82000000003}" = Adobe Reader 8.2.6 - Italiano
"{AF710FDE-2815-8C8D-5281-8004C2654AA6}" = CCC Help Russian
"{AFF2D965-C6F2-A210-FBF7-532612AA1D23}" = CCC Help Swedish
"{B21336EE-4AEF-9940-4AC7-EDB89854B8D3}" = CCC Help Thai
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Pannello di controllo NVIDIA 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver grafico 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aggiornamenti NVIDIA 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BB05D173-9681-4812-A7FA-BD4042A3DA00}" = VAIOXP
"{BBA69346-61A1-BD34-E75A-4D81232DB1FE}" = Catalyst Control Center Localization All
"{BFD5ED08-F066-92D5-BE67-3B9AE5DCFF0C}" = CCC Help Japanese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4609F15-FB3C-D97E-BAA1-4F10815039C2}" = Catalyst Control Center Graphics Full Existing
"{C89F2092-B9E4-46FD-83BB-C6F2D7838CED}" = Windows Live Sync
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01FAC3D-86B4-3A19-9D10-9156A0EB3EBE}" = CCC Help Finnish
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Software della webcam Logitech
"{D70666B2-7E6B-46F0-85E2-06C30C1269C0}" = ASUS MyCinema Series
"{D73722C8-3F65-C75B-A631-5D36894DAB92}" = ccc-core-static
"{DDAD33B6-8C00-428D-087B-A7088355B9BE}" = Catalyst Control Center Graphics Light
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
"{E31A24A7-CF73-42B7-8FA1-26644296C9E3}" = Windows Live Mail
"{E333F074-FC7F-596D-3D61-44F0EC28E8C0}" = ccc-utility
"{EDAED426-FE30-482A-8AA7-87AD7642107F}" = Parser MSXML 6.0
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FA38F9E4-BED7-E021-B660-8FDFF7EC6E1A}" = CCC Help Norwegian
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Bulk Image Downloader_is1" = Bulk Image Downloader v4.21.0.0
"CCleaner" = CCleaner
"eMule" = eMule
"EPSON Printer and Utilities" = Software per stampante EPSON
"EPSON Scanner" = EPSON Scan
"ESDX6000_CX5900 Guida utente" = ESDX6000_CX5900 Guida utente
"HotKeyz_is1" = HotKeyz 2.8.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware versione 2.0.1.1004
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 26.0 (x86 it)" = Mozilla Firefox 26.0 (x86 it)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OE-Mail Recovery_is1" = OE-Mail Recovery 1.7
"Speed TV Player_is1" = Speed TV Player 1.3.0.15
"Startup Delayer" = Startup Delayer v3.0 (build 359)
"TeamViewer 9" = TeamViewer 9
"Tweak UI 2.10" = Tweak UI
"uTorrent" = µTorrent
"Visual Task Tips" = Visual Task Tips 3.4
"VLC media player" = VLC media player 2.1.2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Sidebar" = Windows Sidebar
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 beta 3 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xentient Thumbnails_is1" = Xentient Thumbnails v1.0.2
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1085031214-920026266-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20/04/2014 18.43.18 | Computer Name = ORG-CEFISGJM7KR | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
servizio Server non verranno restituiti. Il codice di errore restituito si trova
nella DWORD 0 dei dati.
Error - 20/04/2014 18.43.36 | Computer Name = ORG-CEFISGJM7KR | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry,
P4 1.1.10502.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
Error - 20/04/2014 18.53.55 | Computer Name = ORG-CEFISGJM7KR | Source = MsiInstaller | ID = 10005
Description = Prodotto: Microsoft Fix it 50981 -- Microsoft Fix it non valido per
il sistema operativo o per la versione dell'applicazione in uso.
Error - 21/04/2014 13.31.59 | Computer Name = ORG-CEFISGJM7KR | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
servizio Server non verranno restituiti. Il codice di errore restituito si trova
nella DWORD 0 dei dati.
Error - 21/04/2014 13.32.16 | Computer Name = ORG-CEFISGJM7KR | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry,
P4 1.1.10502.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
Error - 22/04/2014 3.11.36 | Computer Name = ORG-CEFISGJM7KR | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
servizio Server non verranno restituiti. Il codice di errore restituito si trova
nella DWORD 0 dei dati.
Error - 22/04/2014 3.11.43 | Computer Name = ORG-CEFISGJM7KR | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry,
P4 1.1.10502.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
Error - 23/04/2014 1.20.36 | Computer Name = ORG-CEFISGJM7KR | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
servizio Server non verranno restituiti. Il codice di errore restituito si trova
nella DWORD 0 dei dati.
Error - 23/04/2014 1.20.47 | Computer Name = ORG-CEFISGJM7KR | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry,
P4 1.1.10502.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
Error - 23/04/2014 1.39.34 | Computer Name = ORG-CEFISGJM7KR | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry,
P4 1.1.10502.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.
[ System Events ]
Error - 23/04/2014 1.40.09 | Computer Name = ORG-CEFISGJM7KR | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1083" durante il tentativo di avviare
il servizio winmgmt con gli argomenti "" per eseguire il server {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error - 23/04/2014 1.40.09 | Computer Name = ORG-CEFISGJM7KR | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1083" durante il tentativo di avviare
il servizio winmgmt con gli argomenti "" per eseguire il server {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error - 23/04/2014 1.41.32 | Computer Name = ORG-CEFISGJM7KR | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1083" durante il tentativo di avviare
il servizio winmgmt con gli argomenti "" per eseguire il server {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error - 23/04/2014 1.41.32 | Computer Name = ORG-CEFISGJM7KR | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1083" durante il tentativo di avviare
il servizio winmgmt con gli argomenti "" per eseguire il server {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error - 23/04/2014 1.41.40 | Computer Name = ORG-CEFISGJM7KR | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1083" durante il tentativo di avviare
il servizio winmgmt con gli argomenti "" per eseguire il server {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error - 23/04/2014 1.51.59 | Computer Name = ORG-CEFISGJM7KR | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1083" durante il tentativo di avviare
il servizio winmgmt con gli argomenti "" per eseguire il server {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error - 23/04/2014 1.51.59 | Computer Name = ORG-CEFISGJM7KR | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1083" durante il tentativo di avviare
il servizio winmgmt con gli argomenti "" per eseguire il server {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error - 23/04/2014 1.51.59 | Computer Name = ORG-CEFISGJM7KR | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1083" durante il tentativo di avviare
il servizio winmgmt con gli argomenti "" per eseguire il server {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error - 23/04/2014 1.51.59 | Computer Name = ORG-CEFISGJM7KR | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1083" durante il tentativo di avviare
il servizio winmgmt con gli argomenti "" per eseguire il server {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Error - 23/04/2014 1.51.59 | Computer Name = ORG-CEFISGJM7KR | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1083" durante il tentativo di avviare
il servizio winmgmt con gli argomenti "" per eseguire il server {8BC3F05E-D86B-11D0-A075-00C04FB68820}
< End of report >