May anyone there give me help, also suggesting what I can do in order to improve the post readability (probably I’ve not been clear enough to explain my problem)?
Hi there and thanks in advance for all the help you will provide me on this topic. I'm running a PC vith Vista Home Premium and during the last few weeks I noticed an odd behavior surfing the Internet: the content of selected websites seem to disappear as I jump from one tab to another and then back in Firefox.
Lately the situation is getting worse, now it is difficult to access my email, sometimes pages of obvious websites (e.g. google) are not found or do not load and often surfing is so slow that I just have to stop the connection.
I scanned the PC with avast, that returned I was infected with JS:packed-BB and JS:pdfks-OZ. However the infected files were deleted and quarantined. Further scan did not reveal any other infection, however the situation did not improve.
Then I followed your spyware cleaning guide advice, running in a row TFC, System restore, ERUNT and Malwarebytes. The latter detected two malwares during two consecutive scans (quick and complete), logs included below. Again these were quarantined and deleted successfully, but again the situation did not improve.
Then I ran RootRepeal and OTL, whose logs are included below.
I don't know whether it matters or not, but I'm sending you this message from a different machine.
Thanks again for all the help!
mackx
Malwarebytes' Anti-Malware 1.36
Database version: 1961
Windows 6.0.6001 Service Pack 1
11/09/2009 20.47.34
mbam-log-2009-09-11 (20-47-34).txt
Scan type: Quick Scan
Objects scanned: 60876
Time elapsed: 2 minute(s), 55 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\Setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 6.0.6001 Service Pack 1
11/09/2009 22.08.49
mbam-log-2009-09-11 (22-08-49).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 238986
Time elapsed: 1 hour(s), 8 minute(s), 24 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\SUPERAntiSpyware\keygen.exe (Dont.Steal.Our.Software.A) -> Quarantined and deleted successfully.
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/11 22:40
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================
Drivers
-------------------
Name: 1394BUS.SYS
Image Path: C:\Windows\system32\DRIVERS\1394BUS.SYS
Address: 0x8E15D000 Size: 57344 File Visible: - Signed: -
Status: -
Name: acpi.sys
Image Path: C:\Windows\system32\drivers\acpi.sys
Address: 0x80693000 Size: 286720 File Visible: - Signed: -
Status: -
Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x81E16000 Size: 3907584 File Visible: - Signed: -
Status: -
Name: afd.sys
Image Path: C:\Windows\system32\drivers\afd.sys
Address: 0x8E93C000 Size: 294912 File Visible: - Signed: -
Status: -
Name: Apfiltr.sys
Image Path: C:\Windows\system32\DRIVERS\Apfiltr.sys
Address: 0x8E207000 Size: 184320 File Visible: - Signed: -
Status: -
Name: aswFsBlk.sys
Image Path: C:\Windows\system32\DRIVERS\aswFsBlk.sys
Address: 0x8EB9B000 Size: 32768 File Visible: - Signed: -
Status: -
Name: aswMonFlt.sys
Image Path: C:\Windows\system32\DRIVERS\aswMonFlt.sys
Address: 0x8EB84000 Size: 94208 File Visible: - Signed: -
Status: -
Name: aswRdr.SYS
Image Path: C:\Windows\System32\Drivers\aswRdr.SYS
Address: 0x8E984000 Size: 15136 File Visible: - Signed: -
Status: -
Name: aswSP.SYS
Image Path: C:\Windows\System32\Drivers\aswSP.SYS
Address: 0x8EA5D000 Size: 135168 File Visible: - Signed: -
Status: -
Name: aswTdi.SYS
Image Path: C:\Windows\System32\Drivers\aswTdi.SYS
Address: 0x8E931000 Size: 41664 File Visible: - Signed: -
Status: -
Name: atapi.sys
Image Path: C:\Windows\system32\drivers\atapi.sys
Address: 0x80796000 Size: 32768 File Visible: - Signed: -
Status: -
Name: ataport.SYS
Image Path: C:\Windows\system32\drivers\ataport.SYS
Address: 0x8079E000 Size: 122880 File Visible: - Signed: -
Status: -
Name: atikmdag.sys
Image Path: C:\Windows\system32\DRIVERS\atikmdag.sys
Address: 0x8DA09000 Size: 5861376 File Visible: - Signed: -
Status: -
Name: BATTC.SYS
Image Path: C:\Windows\system32\DRIVERS\BATTC.SYS
Address: 0x80723000 Size: 40960 File Visible: - Signed: -
Status: -
Name: BCM42RLY.sys
Image Path: C:\Windows\system32\drivers\BCM42RLY.sys
Address: 0x9B78B000 Size: 32768 File Visible: - Signed: -
Status: -
Name: Beep.SYS
Image Path: C:\Windows\System32\Drivers\Beep.SYS
Address: 0x8E57D000 Size: 28672 File Visible: - Signed: -
Status: -
Name: BOOTVID.dll
Image Path: C:\Windows\system32\BOOTVID.dll
Address: 0x8047C000 Size: 32768 File Visible: - Signed: -
Status: -
Name: bowser.sys
Image Path: C:\Windows\system32\DRIVERS\bowser.sys
Address: 0x98397000 Size: 102400 File Visible: - Signed: -
Status: -
Name: cdd.dll
Image Path: C:\Windows\System32\cdd.dll
Address: 0x95120000 Size: 57344 File Visible: - Signed: -
Status: -
Name: cdfs.sys
Image Path: C:\Windows\system32\DRIVERS\cdfs.sys
Address: 0x9B793000 Size: 90112 File Visible: - Signed: -
Status: -
Name: cdrom.sys
Image Path: C:\Windows\system32\DRIVERS\cdrom.sys
Address: 0x8E23F000 Size: 98304 File Visible: - Signed: -
Status: -
Name: CI.dll
Image Path: C:\Windows\system32\CI.dll
Address: 0x804C5000 Size: 917504 File Visible: - Signed: -
Status: -
Name: circlass.sys
Image Path: C:\Windows\system32\DRIVERS\circlass.sys
Address: 0x8E3CE000 Size: 57344 File Visible: - Signed: -
Status: -
Name: CLASSPNP.SYS
Image Path: C:\Windows\system32\drivers\CLASSPNP.SYS
Address: 0x89FA2000 Size: 135168 File Visible: - Signed: -
Status: -
Name: CLFS.SYS
Image Path: C:\Windows\system32\CLFS.SYS
Address: 0x80484000 Size: 266240 File Visible: - Signed: -
Status: -
Name: CmBatt.sys
Image Path: C:\Windows\system32\DRIVERS\CmBatt.sys
Address: 0x8E26F000 Size: 14208 File Visible: - Signed: -
Status: -
Name: compbatt.sys
Image Path: C:\Windows\system32\DRIVERS\compbatt.sys
Address: 0x80720000 Size: 10496 File Visible: - Signed: -
Status: -
Name: crashdmp.sys
Image Path: C:\Windows\System32\Drivers\crashdmp.sys
Address: 0x8EB2E000 Size: 53248 File Visible: - Signed: -
Status: -
Name: crcdisk.sys
Image Path: C:\Windows\system32\drivers\crcdisk.sys
Address: 0x89FC3000 Size: 36864 File Visible: - Signed: -
Status: -
Name: dfmirage.sys
Image Path: C:\Windows\system32\DRIVERS\dfmirage.sys
Address: 0x8E273000 Size: 27392 File Visible: - Signed: -
Status: -
Name: dfsc.sys
Image Path: C:\Windows\System32\Drivers\dfsc.sys
Address: 0x8EA46000 Size: 94208 File Visible: - Signed: -
Status: -
Name: disk.sys
Image Path: C:\Windows\system32\drivers\disk.sys
Address: 0x89F91000 Size: 69632 File Visible: - Signed: -
Status: -
Name: drmk.sys
Image Path: C:\Windows\system32\drivers\drmk.sys
Address: 0x8E4B3000 Size: 151552 File Visible: - Signed: -
Status: -
Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8EB3B000 Size: 45056 File Visible: No Signed: -
Status: -
Name: dump_msahci.sys
Image Path: C:\Windows\System32\Drivers\dump_msahci.sys
Address: 0x8EB46000 Size: 40960 File Visible: No Signed: -
Status: -
Name: Dxapi.sys
Image Path: C:\Windows\System32\drivers\Dxapi.sys
Address: 0x8EB50000 Size: 40960 File Visible: - Signed: -
Status: -
Name: dxgkrnl.sys
Image Path: C:\Windows\System32\drivers\dxgkrnl.sys
Address: 0x8E002000 Size: 651264 File Visible: - Signed: -
Status: -
Name: ecache.sys
Image Path: C:\Windows\System32\drivers\ecache.sys
Address: 0x89F6A000 Size: 159744 File Visible: - Signed: -
Status: -
Name: fastfat.SYS
Image Path: C:\Windows\System32\Drivers\fastfat.SYS
Address: 0x8EAFD000 Size: 163840 File Visible: - Signed: -
Status: -
Name: fileinfo.sys
Image Path: C:\Windows\system32\drivers\fileinfo.sys
Address: 0x807D4000 Size: 65536 File Visible: - Signed: -
Status: -
Name: fltmgr.sys
Image Path: C:\Windows\system32\drivers\fltmgr.sys
Address: 0x805A5000 Size: 204800 File Visible: - Signed: -
Status: -
Name: Fs_Rec.SYS
Image Path: C:\Windows\System32\Drivers\Fs_Rec.SYS
Address: 0x8E56D000 Size: 36864 File Visible: - Signed: -
Status: -
Name: fwpkclnt.sys
Image Path: C:\Windows\System32\drivers\fwpkclnt.sys
Address: 0x8E8EC000 Size: 110592 File Visible: - Signed: -
Status: -
Name: hal.dll
Image Path: C:\Windows\system32\hal.dll
Address: 0x821D0000 Size: 208896 File Visible: - Signed: -
Status: -
Name: HDAudBus.sys
Image Path: C:\Windows\system32\DRIVERS\HDAudBus.sys
Address: 0x8E0AE000 Size: 73728 File Visible: - Signed: -
Status: -
Name: HdAudio.sys
Image Path: C:\Windows\system32\drivers\HdAudio.sys
Address: 0x8E447000 Size: 258048 File Visible: - Signed: -
Status: -
Name: HIDCLASS.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDCLASS.SYS
Address: 0x8E545000 Size: 65536 File Visible: - Signed: -
Status: -
Name: hidir.sys
Image Path: C:\Windows\system32\DRIVERS\hidir.sys
Address: 0x8E53A000 Size: 45056 File Visible: - Signed: -
Status: -
Name: HIDPARSE.SYS
Image Path: C:\Windows\system32\DRIVERS\HIDPARSE.SYS
Address: 0x8E555000 Size: 28672 File Visible: - Signed: -
Status: -
Name: hidusb.sys
Image Path: C:\Windows\system32\DRIVERS\hidusb.sys
Address: 0x8EB25000 Size: 36864 File Visible: - Signed: -
Status: -
Name: HTTP.sys
Image Path: C:\Windows\system32\drivers\HTTP.sys
Address: 0x9830F000 Size: 438272 File Visible: - Signed: -
Status: -
Name: i8042prt.sys
Image Path: C:\Windows\system32\DRIVERS\i8042prt.sys
Address: 0x89DED000 Size: 77824 File Visible: - Signed: -
Status: -
Name: intelppm.sys
Image Path: C:\Windows\system32\DRIVERS\intelppm.sys
Address: 0x8E257000 Size: 61440 File Visible: - Signed: -
Status: -
Name: itecir.sys
Image Path: C:\Windows\system32\DRIVERS\itecir.sys
Address: 0x8DFA0000 Size: 360448 File Visible: - Signed: -
Status: -
Name: k57nd60x.sys
Image Path: C:\Windows\system32\DRIVERS\k57nd60x.sys
Address: 0x8E118000 Size: 217088 File Visible: - Signed: -
Status: -
Name: kbdclass.sys
Image Path: C:\Windows\system32\DRIVERS\kbdclass.sys
Address: 0x89C00000 Size: 45056 File Visible: - Signed: -
Status: -
Name: kbdhid.sys
Image Path: C:\Windows\system32\DRIVERS\kbdhid.sys
Address: 0x8E55C000 Size: 36864 File Visible: - Signed: -
Status: -
Name: kdcom.dll
Image Path: C:\Windows\system32\kdcom.dll
Address: 0x80403000 Size: 32768 File Visible: - Signed: -
Status: -
Name: ks.sys
Image Path: C:\Windows\system32\DRIVERS\ks.sys
Address: 0x8E3A4000 Size: 172032 File Visible: - Signed: -
Status: -
Name: ksecdd.sys
Image Path: C:\Windows\System32\Drivers\ksecdd.sys
Address: 0x89C0C000 Size: 462848 File Visible: - Signed: -
Status: -
Name: lltdio.sys
Image Path: C:\Windows\system32\DRIVERS\lltdio.sys
Address: 0x982B8000 Size: 65536 File Visible: - Signed: -
Status: -
Name: luafv.sys
Image Path: C:\Windows\system32\drivers\luafv.sys
Address: 0x8EB69000 Size: 110592 File Visible: - Signed: -
Status: -
Name: mcupdate_GenuineIntel.dll
Image Path: C:\Windows\system32\mcupdate_GenuineIntel.dll
Address: 0x8040B000 Size: 393216 File Visible: - Signed: -
Status: -
Name: monitor.sys
Image Path: C:\Windows\system32\DRIVERS\monitor.sys
Address: 0x8EB5A000 Size: 61440 File Visible: - Signed: -
Status: -
Name: mouclass.sys
Image Path: C:\Windows\system32\DRIVERS\mouclass.sys
Address: 0x8E234000 Size: 45056 File Visible: - Signed: -
Status: -
Name: mouhid.sys
Image Path: C:\Windows\system32\DRIVERS\mouhid.sys
Address: 0x8E565000 Size: 32768 File Visible: - Signed: -
Status: -
Name: mountmgr.sys
Image Path: C:\Windows\System32\drivers\mountmgr.sys
Address: 0x80786000 Size: 65536 File Visible: - Signed: -
Status: -
Name: mpsdrv.sys
Image Path: C:\Windows\System32\drivers\mpsdrv.sys
Address: 0x983B0000 Size: 86016 File Visible: - Signed: -
Status: -
Name: mrxdav.sys
Image Path: C:\Windows\system32\drivers\mrxdav.sys
Address: 0x983C5000 Size: 131072 File Visible: - Signed: -
Status: -
Name: mrxsmb.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb.sys
Address: 0x8EBA3000 Size: 126976 File Visible: - Signed: -
Status: -
Name: mrxsmb10.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb10.sys
Address: 0x8EBC2000 Size: 233472 File Visible: - Signed: -
Status: -
Name: mrxsmb20.sys
Image Path: C:\Windows\system32\DRIVERS\mrxsmb20.sys
Address: 0x983E5000 Size: 98304 File Visible: - Signed: -
Status: -
Name: msahci.sys
Image Path: C:\Windows\system32\drivers\msahci.sys
Address: 0x807BC000 Size: 40960 File Visible: - Signed: -
Status: -
Name: Msfs.SYS
Image Path: C:\Windows\System32\Drivers\Msfs.SYS
Address: 0x8E5B4000 Size: 45056 File Visible: - Signed: -
Status: -
Name: msisadrv.sys
Image Path: C:\Windows\system32\drivers\msisadrv.sys
Address: 0x806E2000 Size: 32768 File Visible: - Signed: -
Status: -
Name: msiscsi.sys
Image Path: C:\Windows\system32\DRIVERS\msiscsi.sys
Address: 0x8E29B000 Size: 188416 File Visible: - Signed: -
Status: -
Name: msrpc.sys
Image Path: C:\Windows\system32\drivers\msrpc.sys
Address: 0x89D88000 Size: 176128 File Visible: - Signed: -
Status: -
Name: mssmbios.sys
Image Path: C:\Windows\system32\DRIVERS\mssmbios.sys
Address: 0x8E3DC000 Size: 40960 File Visible: - Signed: -
Status: -
Name: mup.sys
Image Path: C:\Windows\System32\Drivers\mup.sys
Address: 0x89F5B000 Size: 61440 File Visible: - Signed: -
Status: -
Name: ndis.sys
Image Path: C:\Windows\system32\drivers\ndis.sys
Address: 0x89C7D000 Size: 1093632 File Visible: - Signed: -
Status: -
Name: ndistapi.sys
Image Path: C:\Windows\system32\DRIVERS\ndistapi.sys
Address: 0x8E32C000 Size: 45056 File Visible: - Signed: -
Status: -
Name: ndisuio.sys
Image Path: C:\Windows\system32\DRIVERS\ndisuio.sys
Address: 0x982F2000 Size: 40960 File Visible: - Signed: -
Status: -
Name: ndiswan.sys
Image Path: C:\Windows\system32\DRIVERS\ndiswan.sys
Address: 0x8E337000 Size: 143360 File Visible: - Signed: -
Status: -
Name: NDProxy.SYS
Image Path: C:\Windows\System32\Drivers\NDProxy.SYS
Address: 0x8E436000 Size: 69632 File Visible: - Signed: -
Status: -
Name: netbios.sys
Image Path: C:\Windows\system32\DRIVERS\netbios.sys
Address: 0x8E9D0000 Size: 57344 File Visible: - Signed: -
Status: -
Name: netbt.sys
Image Path: C:\Windows\System32\DRIVERS\netbt.sys
Address: 0x8E988000 Size: 204800 File Visible: - Signed: -
Status: -
Name: NETIO.SYS
Image Path: C:\Windows\system32\drivers\NETIO.SYS
Address: 0x89DB3000 Size: 237568 File Visible: - Signed: -
Status: -
Name: Npfs.SYS
Image Path: C:\Windows\System32\Drivers\Npfs.SYS
Address: 0x8E5BF000 Size: 57344 File Visible: - Signed: -
Status: -
Name: nsiproxy.sys
Image Path: C:\Windows\system32\drivers\nsiproxy.sys
Address: 0x8EA3C000 Size: 40960 File Visible: - Signed: -
Status: -
Name: Ntfs.sys
Image Path: C:\Windows\System32\Drivers\Ntfs.sys
Address: 0x89E0B000 Size: 1110016 File Visible: - Signed: -
Status: -
Name: ntkrnlpa.exe
Image Path: C:\Windows\system32\ntkrnlpa.exe
Address: 0x81E16000 Size: 3907584 File Visible: - Signed: -
Status: -
Name: Null.SYS
Image Path: C:\Windows\System32\Drivers\Null.SYS
Address: 0x8E576000 Size: 28672 File Visible: - Signed: -
Status: -
Name: nwifi.sys
Image Path: C:\Windows\system32\DRIVERS\nwifi.sys
Address: 0x982C8000 Size: 172032 File Visible: - Signed: -
Status: -
Name: OA001Ufd.sys
Image Path: C:\Windows\system32\DRIVERS\OA001Ufd.sys
Address: 0x8EAD9000 Size: 144672 File Visible: - Signed: -
Status: -
Name: OA001Vid.sys
Image Path: C:\Windows\system32\DRIVERS\OA001Vid.sys
Address: 0x8EA95000 Size: 277440 File Visible: - Signed: -
Status: -
Name: ohci1394.sys
Image Path: C:\Windows\system32\DRIVERS\ohci1394.sys
Address: 0x8E14D000 Size: 61952 File Visible: - Signed: -
Status: -
Name: pacer.sys
Image Path: C:\Windows\system32\DRIVERS\pacer.sys
Address: 0x8E9BA000 Size: 90112 File Visible: - Signed: -
Status: -
Name: partmgr.sys
Image Path: C:\Windows\System32\drivers\partmgr.sys
Address: 0x80711000 Size: 61440 File Visible: - Signed: -
Status: -
Name: pci.sys
Image Path: C:\Windows\system32\drivers\pci.sys
Address: 0x806EA000 Size: 159744 File Visible: - Signed: -
Status: -
Name: PCIIDEX.SYS
Image Path: C:\Windows\system32\drivers\PCIIDEX.SYS
Address: 0x807C6000 Size: 57344 File Visible: - Signed: -
Status: -
Name: peauth.sys
Image Path: C:\Windows\system32\drivers\peauth.sys
Address: 0x9B670000 Size: 909312 File Visible: - Signed: -
Status: -
Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x81E16000 Size: 3907584 File Visible: - Signed: -
Status: -
Name: portcls.sys
Image Path: C:\Windows\system32\drivers\portcls.sys
Address: 0x8E486000 Size: 184320 File Visible: - Signed: -
Status: -
Name: PSHED.dll
Image Path: C:\Windows\system32\PSHED.dll
Address: 0x8046B000 Size: 69632 File Visible: - Signed: -
Status: -
Name: PxHelp20.sys
Image Path: C:\Windows\System32\Drivers\PxHelp20.sys
Address: 0x807E4000 Size: 36288 File Visible: - Signed: -
Status: -
Name: rasacd.sys
Image Path: C:\Windows\System32\DRIVERS\rasacd.sys
Address: 0x8E5CD000 Size: 36864 File Visible: - Signed: -
Status: -
Name: rasl2tp.sys
Image Path: C:\Windows\system32\DRIVERS\rasl2tp.sys
Address: 0x8E315000 Size: 94208 File Visible: - Signed: -
Status: -
Name: raspppoe.sys
Image Path: C:\Windows\system32\DRIVERS\raspppoe.sys
Address: 0x8E35A000 Size: 61440 File Visible: - Signed: -
Status: -
Name: raspptp.sys
Image Path: C:\Windows\system32\DRIVERS\raspptp.sys
Address: 0x8E369000 Size: 81920 File Visible: - Signed: -
Status: -
Name: rassstp.sys
Image Path: C:\Windows\system32\DRIVERS\rassstp.sys
Address: 0x8E37D000 Size: 86016 File Visible: - Signed: -
Status: -
Name: RAW
Image Path: \FileSystem\RAW
Address: 0x81E16000 Size: 3907584 File Visible: - Signed: -
Status: -
Name: rdbss.sys
Image Path: C:\Windows\system32\DRIVERS\rdbss.sys
Address: 0x8EA00000 Size: 245760 File Visible: - Signed: -
Status: -
Name: RDPCDD.sys
Image Path: C:\Windows\System32\DRIVERS\RDPCDD.sys
Address: 0x8E5A4000 Size: 32768 File Visible: - Signed: -
Status: -
Name: rdpencdd.sys
Image Path: C:\Windows\system32\drivers\rdpencdd.sys
Address: 0x8E5AC000 Size: 32768 File Visible: - Signed: -
Status: -
Name: rimmptsk.sys
Image Path: C:\Windows\system32\DRIVERS\rimmptsk.sys
Address: 0x8E185000 Size: 69632 File Visible: - Signed: -
Status: -
Name: rimsptsk.sys
Image Path: C:\Windows\system32\DRIVERS\rimsptsk.sys
Address: 0x8E196000 Size: 81920 File Visible: - Signed: -
Status: -
Name: rixdptsk.sys
Image Path: C:\Windows\system32\DRIVERS\rixdptsk.sys
Address: 0x8E1AA000 Size: 335872 File Visible: - Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x9B7EE000 Size: 49152 File Visible: No Signed: -
Status: -
Name: rspndr.sys
Image Path: C:\Windows\system32\DRIVERS\rspndr.sys
Address: 0x982FC000 Size: 77824 File Visible: - Signed: -
Status: -
Name: sdbus.sys
Image Path: C:\Windows\system32\DRIVERS\sdbus.sys
Address: 0x8E16B000 Size: 106496 File Visible: - Signed: -
Status: -
Name: secdrv.SYS
Image Path: C:\Windows\System32\Drivers\secdrv.SYS
Address: 0x9B74E000 Size: 40960 File Visible: - Signed: -
Status: -
Name: smb.sys
Image Path: C:\Windows\system32\DRIVERS\smb.sys
Address: 0x8E91D000 Size: 81920 File Visible: - Signed: -
Status: -
Name: spldr.sys
Image Path: C:\Windows\System32\Drivers\spldr.sys
Address: 0x89F53000 Size: 32768 File Visible: - Signed: -
Status: -
Name: spsys.sys
Image Path: C:\Windows\system32\drivers\spsys.sys
Address: 0x98209000 Size: 716800 File Visible: - Signed: -
Status: -
Name: srv.sys
Image Path: C:\Windows\System32\DRIVERS\srv.sys
Address: 0x9B60C000 Size: 311296 File Visible: - Signed: -
Status: -
Name: srv2.sys
Image Path: C:\Windows\System32\DRIVERS\srv2.sys
Address: 0x8E5D6000 Size: 159744 File Visible: - Signed: -
Status: -
Name: srvnet.sys
Image Path: C:\Windows\System32\DRIVERS\srvnet.sys
Address: 0x9837A000 Size: 118784 File Visible: - Signed: -
Status: -
Name: storport.sys
Image Path: C:\Windows\system32\DRIVERS\storport.sys
Address: 0x8E2C9000 Size: 266240 File Visible: - Signed: -
Status: -
Name: stwrt.sys
Image Path: C:\Windows\system32\DRIVERS\stwrt.sys
Address: 0x8E4D8000 Size: 401408 File Visible: - Signed: -
Status: -
Name: swenum.sys
Image Path: C:\Windows\system32\DRIVERS\swenum.sys
Address: 0x8E3A2000 Size: 4992 File Visible: - Signed: -
Status: -
Name: tcpip.sys
Image Path: C:\Windows\System32\drivers\tcpip.sys
Address: 0x8E803000 Size: 954368 File Visible: - Signed: -
Status: -
Name: tcpipreg.sys
Image Path: C:\Windows\System32\drivers\tcpipreg.sys
Address: 0x9B758000 Size: 49152 File Visible: - Signed: -
Status: -
Name: TDI.SYS
Image Path: C:\Windows\system32\DRIVERS\TDI.SYS
Address: 0x8E30A000 Size: 45056 File Visible: - Signed: -
Status: -
Name: tdx.sys
Image Path: C:\Windows\system32\DRIVERS\tdx.sys
Address: 0x8E907000 Size: 90112 File Visible: - Signed: -
Status: -
Name: termdd.sys
Image Path: C:\Windows\system32\DRIVERS\termdd.sys
Address: 0x8E392000 Size: 65536 File Visible: - Signed: -
Status: -
Name: TSDDD.dll
Image Path: C:\Windows\System32\TSDDD.dll
Address: 0x95100000 Size: 36864 File Visible: - Signed: -
Status: -
Name: tunmp.sys
Image Path: C:\Windows\system32\DRIVERS\tunmp.sys
Address: 0x89E00000 Size: 36864 File Visible: - Signed: -
Status: -
Name: tunnel.sys
Image Path: C:\Windows\system32\DRIVERS\tunnel.sys
Address: 0x89FEE000 Size: 45056 File Visible: - Signed: -
Status: -
Name: umbus.sys
Image Path: C:\Windows\system32\DRIVERS\umbus.sys
Address: 0x8E3E6000 Size: 53248 File Visible: - Signed: -
Status: -
Name: usbccgp.sys
Image Path: C:\Windows\system32\DRIVERS\usbccgp.sys
Address: 0x8EA7E000 Size: 94208 File Visible: - Signed: -
Status: -
Name: USBD.SYS
Image Path: C:\Windows\system32\DRIVERS\USBD.SYS
Address: 0x8E5A2000 Size: 8192 File Visible: - Signed: -
Status: -
Name: usbehci.sys
Image Path: C:\Windows\system32\DRIVERS\usbehci.sys
Address: 0x8E109000 Size: 61440 File Visible: - Signed: -
Status: -
Name: usbhub.sys
Image Path: C:\Windows\system32\DRIVERS\usbhub.sys
Address: 0x8E401000 Size: 217088 File Visible: - Signed: -
Status: -
Name: USBPORT.SYS
Image Path: C:\Windows\system32\DRIVERS\USBPORT.SYS
Address: 0x8E0CB000 Size: 253952 File Visible: - Signed: -
Status: -
Name: USBSTOR.SYS
Image Path: C:\Windows\system32\DRIVERS\USBSTOR.SYS
Address: 0x9B7A9000 Size: 73728 File Visible: - Signed: -
Status: -
Name: usbuhci.sys
Image Path: C:\Windows\system32\DRIVERS\usbuhci.sys
Address: 0x8E0C0000 Size: 45056 File Visible: - Signed: -
Status: -
Name: vga.sys
Image Path: C:\Windows\System32\drivers\vga.sys
Address: 0x8E584000 Size: 49152 File Visible: - Signed: -
Status: -
Name: VIDEOPRT.SYS
Image Path: C:\Windows\system32\DRIVERS\VIDEOPRT.SYS
Address: 0x8E27A000 Size: 135168 File Visible: - Signed: -
Status: -
Name: volmgr.sys
Image Path: C:\Windows\system32\drivers\volmgr.sys
Address: 0x8072D000 Size: 61440 File Visible: - Signed: -
Status: -
Name: volmgrx.sys
Image Path: C:\Windows\System32\drivers\volmgrx.sys
Address: 0x8073C000 Size: 303104 File Visible: - Signed: -
Status: -
Name: volsnap.sys
Image Path: C:\Windows\system32\drivers\volsnap.sys
Address: 0x89F1A000 Size: 233472 File Visible: - Signed: -
Status: -
Name: wanarp.sys
Image Path: C:\Windows\system32\DRIVERS\wanarp.sys
Address: 0x8E9DE000 Size: 77824 File Visible: - Signed: -
Status: -
Name: watchdog.sys
Image Path: C:\Windows\System32\drivers\watchdog.sys
Address: 0x8E0A1000 Size: 53248 File Visible: - Signed: -
Status: -
Name: Wdf01000.sys
Image Path: C:\Windows\system32\drivers\Wdf01000.sys
Address: 0x8060A000 Size: 507904 File Visible: - Signed: -
Status: -
Name: WDFLDR.SYS
Image Path: C:\Windows\system32\drivers\WDFLDR.SYS
Address: 0x80686000 Size: 53248 File Visible: - Signed: -
Status: -
Name: Win32k
Image Path: \Driver\Win32k
Address: 0x94EE0000 Size: 2105344 File Visible: - Signed: -
Status: -
Name: win32k.sys
Image Path: C:\Windows\System32\win32k.sys
Address: 0x94EE0000 Size: 2105344 File Visible: - Signed: -
Status: -
Name: wmiacpi.sys
Image Path: C:\Windows\system32\DRIVERS\wmiacpi.sys
Address: 0x8E266000 Size: 36864 File Visible: - Signed: -
Status: -
Name: WMILIB.SYS
Image Path: C:\Windows\system32\drivers\WMILIB.SYS
Address: 0x806D9000 Size: 36864 File Visible: - Signed: -
Status: -
Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x81E16000 Size: 3907584 File Visible: - Signed: -
Status: -
Name: WUDFPf.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFPf.sys
Address: 0x9B7D0000 Size: 73728 File Visible: - Signed: -
Status: -
Name: WUDFRd.sys
Image Path: C:\Windows\system32\DRIVERS\WUDFRd.sys
Address: 0x9B7BB000 Size: 83328 File Visible: - Signed: -
Status: -
OTL logfile created on: 12/09/2009 12.27.39 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\gd\Documents\AbsoluteValue\Antimalware
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 93,49% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,92 Gb Total Space | 208,98 Gb Free Space | 72,58% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,55 Gb Free Space | 45,48% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 249,47 Mb Total Space | 248,49 Mb Free Space | 99,61% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC-GD
Current User Name: gd
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2008/11/24 11.31.44 | 00,692,224 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2008/08/25 12.31.34 | 00,225,362 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe
PRC - [2008/11/24 11.31.44 | 00,692,224 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2008/11/20 12.20.52 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE
PRC - [2008/11/20 12.19.56 | 02,654,208 | ---- | M] (Dell Inc.) -- C:\Windows\System32\bcmwltry.exe
PRC - [2009/08/17 17.58.55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/17 18.07.17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/10/29 08.29.41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2008/01/21 04.23.32 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/08/25 13.25.54 | 00,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/08/25 12.31.40 | 00,442,460 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/08/25 13.25.52 | 00,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/06/10 05.27.04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/06/24 15.21.46 | 00,668,912 | ---- | M] () -- C:\Program Files\Dell V105\dldnmon.exe
PRC - [2008/11/20 12.20.50 | 03,563,520 | ---- | M] (Dell Inc.) -- C:\Windows\System32\WLTRAY.EXE
PRC - [2008/06/24 15.21.52 | 00,025,840 | ---- | M] () -- C:\Program Files\Dell V105\dldnMsdMon.exe
PRC - [2007/07/17 12.13.56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2009/01/22 17.01.27 | 00,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2008/06/03 16.54.56 | 00,446,635 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
PRC - [2008/11/03 10.54.00 | 01,745,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2008/10/04 14.58.02 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/08/17 18.07.23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2006/06/15 13.36.18 | 00,229,376 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
PRC - [2009/08/24 17.48.35 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/01/21 04.25.11 | 00,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2006/06/27 17.21.14 | 01,449,984 | ---- | M] (Time Information Services Ltd.) -- C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
PRC - [2008/01/21 04.25.11 | 00,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008/08/25 13.26.04 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\HidFind.exe
PRC - [2008/08/25 13.25.54 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apntex.exe
PRC - [2008/10/27 18.03.46 | 00,759,072 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
PRC - [2006/06/09 11.37.18 | 00,471,552 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
PRC - [2007/07/17 12.13.34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2008/08/25 12.31.22 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe
PRC - [2008/06/05 16.26.36 | 00,518,696 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PRC - [2008/08/25 11.28.16 | 00,099,568 | ---- | M] () -- C:\Windows\System32\spool\DRIVERS\W32X86\3\dldnserv.exe
PRC - [2008/03/04 19.42.40 | 00,595,184 | ---- | M] ( ) -- C:\Windows\System32\dldncoms.exe
PRC - [2008/07/01 13.44.02 | 00,849,920 | ---- | M] () -- C:\Program Files\RDM+\rdmpserv.exe
PRC - [2009/08/17 18.07.01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/08/17 18.04.21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/07/01 10.45.28 | 00,950,784 | ---- | M] (SHAPE Services) -- C:\Program Files\RDM+\rdmpserv_cpanel.exe
PRC - [2006/06/05 14.59.18 | 00,174,080 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
PRC - [2008/10/04 14.58.04 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/01/21 04.25.33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/06/05 16.26.36 | 00,752,168 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/07/31 13.58.38 | 01,616,976 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/06/12 22.17.01 | 00,042,168 | ---- | M] (Antony Lewis) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2009/01/09 20.57.16 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/03/03 04.16.04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2008/01/21 04.25.33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2009/01/09 20.58.20 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/17 18.03.04 | 00,159,280 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
PRC - [2009/08/17 18.01.39 | 00,068,640 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashChest.exe
PRC - [2009/09/10 14.53.56 | 01,312,080 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2007/01/02 13.20.00 | 04,579,403 | ---- | M] (IDM Computer Solutions, Inc.) -- C:\Program Files\IDM Computer Solutions\UltraEdit-32\uedit32.exe
PRC - [2009/09/12 12.22.36 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\gd\Documents\AbsoluteValue\Antimalware\OTL.exe
PRC - [2008/01/21 04.24.59 | 00,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
========== Win32 Services (SafeList) ==========
SRV - [2008/10/27 18.03.46 | 00,759,072 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.9.0 [Auto | Running])
SRV - [2008/08/25 12.31.22 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\aestsrv.exe -- (AESTFilters [Auto | Running])
SRV - [2009/08/17 17.58.55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2008/11/24 11.31.44 | 00,692,224 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])
SRV - [2009/08/17 18.07.17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/08/17 18.07.01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/08/17 18.04.21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/06/05 16.26.36 | 00,518,696 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2008/07/27 20.03.13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/08/25 11.28.16 | 00,099,568 | ---- | M] () -- C:\Windows\System32\spool\DRIVERS\W32X86\3\dldnserv.exe -- (dldnCATSCustConnectService [Auto | Running])
SRV - [2008/03/04 19.42.40 | 00,595,184 | ---- | M] ( ) -- C:\Windows\System32\dldncoms.exe -- (dldn_device [Auto | Running])
SRV - [2008/01/21 04.25.09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 14.35.29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 14.35.29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/01/21 04.23.49 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2008/06/20 03.14.44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/01/22 17.01.27 | 00,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-092308-165331 [On_Demand | Stopped])
SRV - [2009/01/22 17.12.56 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist [On_Demand | Stopped])
SRV - [2008/06/20 03.14.31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/06/20 03.14.31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/07/01 13.44.02 | 00,849,920 | ---- | M] () -- C:\Program Files\RDM+\rdmpserv.exe -- (RDMPLocalService [Auto | Running])
SRV - [2006/06/05 14.59.18 | 00,174,080 | ---- | M] (Nokia.) -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer [On_Demand | Running])
SRV - [2008/04/21 18.04.54 | 00,073,728 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service [On_Demand | Stopped])
SRV - [2008/10/04 14.58.04 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter [Auto | Running])
SRV - [2008/08/25 12.31.34 | 00,225,362 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\STacSV.exe -- (STacSV [Auto | Running])
SRV - [2008/03/24 08.35.22 | 00,074,384 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2008/01/21 04.23.32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/11/20 12.20.52 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])
SRV - [2008/01/21 04.25.33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.it...amp;ibd=4090122
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.defaulturl: "http://search.babylo...=browsersearch"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (it)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/home"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3789
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 20.33.07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext [2009/08/24 17.49.12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/04 21.14.20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/04 21.14.20 | 00,000,000 | ---D | M]
[2009/03/05 22.39.52 | 00,000,000 | ---D | M] -- C:\Users\gd\AppData\Roaming\mozilla\Extensions
[2009/03/05 22.39.52 | 00,000,000 | ---D | M] -- C:\Users\gd\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/09 23.18.44 | 00,000,000 | ---D | M] -- C:\Users\gd\AppData\Roaming\mozilla\Firefox\Profiles\bzn80eju.default\extensions
[2009/09/03 18.30.42 | 00,000,000 | ---D | M] -- C:\Users\gd\AppData\Roaming\mozilla\Firefox\Profiles\bzn80eju.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/19 20.51.20 | 00,001,032 | ---- | M] () -- C:\Users\gd\AppData\Roaming\Mozilla\FireFox\Profiles\bzn80eju.default\searchplugins\wikipedia-eng.xml
[2009/09/12 11.07.41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/04 21.14.20 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/11 20.07.52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/09/04 21.14.14 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/04 21.14.14 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/01/22 17.01.31 | 00,122,880 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2007/02/04 23.02.56 | 01,642,496 | ---- | M] (LizardTech) -- C:\Program Files\mozilla firefox\plugins\npdjvu.dll
[2009/09/04 21.14.16 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/08/24 17.49.05 | 00,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2009/08/24 17.49.16 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2009/08/24 17.49.01 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/04/21 20.51.34 | 00,002,194 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2009/09/04 21.14.17 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/09/04 21.14.17 | 00,001,412 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\demauro.xml
[2009/09/04 21.14.17 | 00,000,744 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-it.xml
[2009/09/04 21.14.17 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/09/04 21.14.17 | 00,001,182 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-it.xml
[2009/09/04 21.14.17 | 00,000,649 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-it.xml
[2009/04/06 22.08.54 | 00,000,815 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast!] C:\Programmi\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dldnamon] C:\Program Files\Dell V105\dldnamon.exe ()
O4 - HKLM..\Run: [dldnmon.exe] C:\Program Files\Dell V105\dldnmon.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UDC Integration] File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKCU..\Run: [Torrent2Exe[3113b924fc6648f22af25493854b27811c6d651d]] C:\_OTMoveIt\MovedFiles\04102009_122709\Users\gd\Downloads\inoDVDRip.exe File not found
O4 - HKCU..\Run: [Torrent2Exe[3d6e3a92f9e69e4030f7a9f9c6a3c55602c61abb]] C:\_OTMoveIt\MovedFiles\04102009_122709\Users\gd\Downloads\iceage2themeltdown.exe File not found
O4 - HKCU..\Run: [Torrent2Exe[4aeaf8b6d13a4dd5f15f8317173606533c253ca9]] C:\_OTMoveIt\MovedFiles\04102009_122709\Users\gd\Downloads\2644610.exe File not found
O4 - HKCU..\Run: [Torrent2Exe[585136cdaadf72dbadf37e58c6488a4f823f2309]] C:\_OTMoveIt\MovedFiles\04102009_122709\Users\gd\Downloads\2874513.exe File not found
O4 - HKCU..\Run: [Torrent2Exe[6b5f078ce4a2aaa7c6d8f37ab729443e23dc3952]] C:\Users\gd\Downloads\slaughterhousefive.exe File not found
O4 - HKCU..\Run: [Torrent2Exe[7824c00f053da3989d8671451df6a53da9609d4e]] C:\_OTMoveIt\MovedFiles\04102009_122709\Users\gd\Downloads\iceage3.exe ()
O4 - HKCU..\Run: [Torrent2Exe[a478ed05ae845d18a88ea1fab61edcedee81cbe9]] C:\_OTMoveIt\MovedFiles\04102009_122709\Users\gd\Downloads\a2.exe File not found
O4 - HKCU..\Run: [Torrent2Exe[a64091cd96bb34a9f5e8c5d9a8b893d7659bdf02]] C:\_OTMoveIt\MovedFiles\04102009_122709\Users\gd\Downloads\12_Astronomy_Books.exe File not found
O4 - HKCU..\Run: [Torrent2Exe[b7ac1f11f03bda1b155d4c18796ced3db6304ec2]] C:\_OTMoveIt\MovedFiles\04102009_122709\Users\gd\Downloads\2701334.exe File not found
O4 - HKCU..\Run: [Torrent2Exe[c2560ca17095f14d8f40db6c7984991094b60a6f]] C:\Users\gd\Downloads\2120111.exe File not found
O4 - HKCU..\Run: [Torrent2Exe[c5e93dd1e777f9c0305fe24718df1d63867ab48f]] C:\Users\gd\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SJJOUWV\masturb[1].exe File not found
O4 - HKCU..\Run: [Torrent2Exe[d13b27f5f3926de81f3dae28b1ba2ef152607489]] C:\_OTMoveIt\MovedFiles\04102009_122709\Users\gd\Downloads\2204247.exe ()
O4 - HKCU..\Run: [Torrent2Exe[ff570ec79e7f5a6391b7973ee661aff913b93db2]] C:\Users\gd\Downloads\2198232.exe File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Users\gd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\gd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe (Antony Lewis)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll File not found
O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Programmi\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23.43.36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nla - Service key not found. File not found
NetSvcs: Ntmssvc - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found
========== Files/Folders - Created Within 14 Days ==========
[2009/09/11 21.41.18 | 00,034,666 | ---- | C] () -- C:\Users\gd\Desktop\Bruno..srt.bak
[2009/09/11 21.41.18 | 00,034,509 | ---- | C] () -- C:\Users\gd\Desktop\Bruno..srt
[2009/09/11 20.46.09 | 00,034,652 | ---- | C] () -- C:\Users\gd\Desktop\Bruno.CAM.XVID-STG_Complete.Subs._ Eng..srt
[2009/09/11 20.46.09 | 00,034,419 | ---- | C] () -- C:\Users\gd\Desktop\Bruno.CAM.XVID-STG_Complete.Subs._ Eng..srt.bak
[2009/09/11 20.41.45 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/09/11 20.40.41 | 00,000,735 | ---- | C] () -- C:\Users\gd\Desktop\NTREGOPT.lnk
[2009/09/11 20.40.41 | 00,000,716 | ---- | C] () -- C:\Users\gd\Desktop\ERUNT.lnk
[2009/09/11 20.40.40 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/10 22.35.31 | 00,010,917 | ---- | C] () -- C:\Users\gd\Documents\Where_are_they.odt
[2009/09/09 18.01.38 | 02,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/09/05 09.40.29 | 00,013,312 | ---- | C] () -- C:\Users\gd\Documents\sciopero.doc
[2009/09/04 23.00.24 | 00,010,986 | ---- | C] () -- C:\Users\gd\Documents\sciopero.odt
[2009/09/01 19.55.08 | 00,067,058 | ---- | C] () -- C:\Users\gd\Desktop\Bruno R5 09 Coa ANL.srt
[2009/08/29 16.32.53 | 00,000,000 | ---D | C] -- C:\Users\gd\AppData\Roaming\Nokia Multimedia Player
========== Files - Modified Within 14 Days ==========
[2009/09/12 12.09.47 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/12 12.09.47 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/12 11.36.34 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/12 11.36.25 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/12 11.36.22 | 32,158,67904 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/12 11.16.45 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/09/11 22.45.03 | 03,187,588 | -H-- | M] () -- C:\Users\gd\AppData\Local\IconCache.db
[2009/09/11 22.29.14 | 00,034,509 | ---- | M] () -- C:\Users\gd\Desktop\Bruno..srt
[2009/09/11 21.41.18 | 00,034,666 | ---- | M] () -- C:\Users\gd\Desktop\Bruno..srt.bak
[2009/09/11 21.40.32 | 00,034,652 | ---- | M] () -- C:\Users\gd\Desktop\Bruno.CAM.XVID-STG_Complete.Subs._ Eng..srt
[2009/09/11 20.57.07 | 01,461,438 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/09/11 20.57.07 | 00,662,846 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2009/09/11 20.57.07 | 00,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/09/11 20.57.07 | 00,120,326 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2009/09/11 20.57.07 | 00,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/09/11 20.40.41 | 00,000,735 | ---- | M] () -- C:\Users\gd\Desktop\NTREGOPT.lnk
[2009/09/11 20.40.41 | 00,000,716 | ---- | M] () -- C:\Users\gd\Desktop\ERUNT.lnk
[2009/09/10 23.13.42 | 00,010,917 | ---- | M] () -- C:\Users\gd\Documents\Where_are_they.odt
[2009/09/10 14.54.06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/09/10 14.53.50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/09/08 22.38.47 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/09/08 18.59.38 | 00,051,200 | ---- | M] () -- C:\Users\gd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/05 09.40.33 | 00,013,312 | ---- | M] () -- C:\Users\gd\Documents\sciopero.doc
[2009/09/04 23.00.25 | 00,010,986 | ---- | M] () -- C:\Users\gd\Documents\sciopero.odt
[2009/08/31 22.51.20 | 00,067,058 | ---- | M] () -- C:\Users\gd\Desktop\Bruno R5 09 Coa ANL.srt
========== LOP Check ==========
[2009/08/29 16.32.53 | 00,000,000 | ---D | M] -- C:\Users\gd\AppData\Roaming
[2009/04/09 16.45.03 | 00,000,000 | ---D | M] -- C:\Users\gd\AppData\Roaming\Antispyware
[2009/01/27 20.59.58 | 00,000,000 | ---D | M] -- C:\Users\gd\AppData\Roaming\ATI
[2009/06/06 00.03.35 | 00,000,000 | ---D | M] -- C:\Users\gd\AppData\Roaming\calibre
[2009/04/02 20.58.52 | 00,000,000 | ---D | M] -- C:\Users\gd\AppData\Roaming\CyberLink
[2009/08/24 12.40.14 | 00,000,000 | ---D | M] -- C:\Users\gd\AppData\Roaming\Dell Imaging Toolbox
[2009/04/17 23.11.36 | 00,000,000 | ---D | M] -- C:\Users\gd\AppData\Roaming\Download Manager
[2009/03/05 23.14.08 | 00,000,000 | ---D | M] -- C:\Users\gd\AppData\Roaming\IDMComp
[2006/11/02 14.37.34 | 00,000,000 | ---D | M] -- C:\Users\gd\AppData\Roaming\Media Center Programs
[2009/04/09 19.05.26 | 00,000,000 | ---D | M] -- C:\Users\gd\AppData\Roaming\Nitro PDF
[2009/08/29 16.32.38 | 00,000,000 | ---D | M] -- C:\Users\gd\AppData\Roaming\Nokia
[2009/08/29 16.32.53 | 00,000,000 | ---D | M] -- C:\Users\gd\AppData\Roaming\Nokia Multimedia Player
[2009/03/06 22.28.22 | 00,000,000 | ---D | M] -- C:\Users\gd\AppData\Roaming\OpenOffice.org
[2009/03/10 23.26.44 | 00,000,000 | ---D | M] -- C:\Users\gd\AppData\Roaming\PC Suite
[2009/04/24 21.27.34 | 00,000,000 | ---D | M] -- C:\Users\gd\AppData\Roaming\Roxio
[2009/05/16 15.08.45 | 00,000,000 | ---D | M] -- C:\Users\gd\AppData\Roaming\Template
[2009/06/27 14.49.55 | 00,000,000 | ---D | M] -- C:\Users\gd\AppData\Roaming\VistaCodecs
[2009/09/12 11.36.34 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/09/12 11.16.45 | 00,032,482 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %systemroot%\system32\eventlog.dll >
< %systemroot%\system32\scecli.dll >
[2008/01/21 04.24.50 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scecli.dll
< %systemroot%\netlogon.dll >
< %systemroot%\system32\cngaudit.dll >
[2006/11/02 11.46.03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cngaudit.dll
< %systemroot%\system32\sceclt.dll >
< %systemroot%\ntelogon.dll >
< %systemroot%\system32\logevent.dll >
< End of report >
OTL Extras logfile created on: 12/09/2009 12.27.39 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\gd\Documents\AbsoluteValue\Antimalware
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 93,49% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287,92 Gb Total Space | 208,98 Gb Free Space | 72,58% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,55 Gb Free Space | 45,48% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 249,47 Mb Total Space | 248,49 Mb Free Space | 99,61% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PC-GD
Current User Name: gd
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.txt [@ = UltraEdit.txt] -- C:\Program Files\IDM Computer Solutions\UltraEdit-32\uedit32.exe (IDM Computer Solutions, Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1705165244-1831230996-3561274201-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06A2E0CD-E95B-48C9-8AF5-388E5485C7C3}" = protocol=6 | dir=in | app=c:\program files\dell v105\frun.exe |
"{14129C5E-4637-4200-8BD1-763E98CEBC1A}" = protocol=17 | dir=in | app=c:\windows\system32\dldncoms.exe |
"{1D5CB31D-70FD-4FE1-AF9A-D22F0DFBB47F}" = protocol=6 | dir=in | app=c:\program files\dell v105\dldntime.exe |
"{22B12AD2-5045-4A56-B889-A6ACF0ED5572}" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{2598C6B3-2C08-4C36-9F08-E6304F362C94}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{25D3CDB4-128C-4C02-85DD-C35AA1379E2C}" = protocol=17 | dir=in | app=c:\program files\dell v105\frun.exe |
"{29D4DD96-52C8-4EA7-B85E-9861A0D84E83}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldnjswx.exe |
"{3265EEB5-4581-4C6E-8FD4-31A0FAA73342}" = protocol=6 | dir=in | app=c:\program files\dell v105\dldnmon.exe |
"{37101604-AB04-4538-8AC8-BA62CE11D9A4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3BB4A53A-A903-4F0E-A045-417DA0740992}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldntime.exe |
"{4B29D047-7A2B-4BBD-A39E-D72CCD10C603}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{532393FD-E41E-4594-9C8E-76AC46B980C7}" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"{62E956C1-659A-4C4E-BB46-EE9A2CA2ADB0}" = protocol=6 | dir=in | app=c:\program files\dell v105\dldnamon.exe |
"{6C5CE584-3A20-43D6-BC01-359A13E209A1}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldntime.exe |
"{8ED0CFFA-B419-46AE-B9CA-0E3ED09029FC}" = protocol=17 | dir=in | app=c:\program files\dell v105\netsupp.dll |
"{927B2870-AC51-4E44-AA4B-2DC7CF85B040}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldnjswx.exe |
"{BA163176-74F0-49D3-AC41-FCB979A274EF}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldnpswx.exe |
"{BA656CAD-10D8-4784-95B8-69B399A2F11D}" = protocol=17 | dir=in | app=c:\program files\dell v105\dldnamon.exe |
"{D00684F6-5CFC-457C-981F-65D4A52523AF}" = protocol=17 | dir=in | app=c:\program files\dell v105\dldnmon.exe |
"{D2AC7419-AAB1-4909-8E1E-4C61B12F7B4D}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldnpswx.exe |
"{D346DE3F-B1D1-49A2-95AE-37332C261861}" = protocol=6 | dir=in | app=c:\program files\dell v105\netsupp.dll |
"{F13B4C8B-C017-41BF-A110-B85EB401D2C2}" = protocol=6 | dir=in | app=c:\windows\system32\dldncoms.exe |
"{FE880185-23B5-455C-90F8-B4E23FF71C3F}" = protocol=17 | dir=in | app=c:\program files\dell v105\dldntime.exe |
"TCP Query User{0014E4C5-9465-42C2-8201-067941C08819}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\slaughterhousefive.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\slaughterhousefive.exe |
"TCP Query User{05EF6367-C12E-4696-9D0D-BB2BF9D991BB}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2701334.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2701334.exe |
"TCP Query User{06D8D95D-23ED-4E49-BAAB-D53AF95D9D53}C:\program files\briscola\briscolachiamata.exe" = protocol=6 | dir=in | app=c:\program files\briscola\briscolachiamata.exe |
"TCP Query User{1CEC35A1-0AEE-4BC5-B392-D5C1F517315D}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\iceage2themeltdown.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\iceage2themeltdown.exe |
"TCP Query User{1F607D08-0524-4D84-99AF-DEEEFFC69087}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\a1.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\a1.exe |
"TCP Query User{215D3E61-AF26-4B1B-81CB-C39CDFBF1E8B}C:\users\gd\downloads\2198232.exe" = protocol=6 | dir=in | app=c:\users\gd\downloads\2198232.exe |
"TCP Query User{25F7DCFF-1326-4931-8497-A8759F50A538}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\a1.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\a1.exe |
"TCP Query User{268D60B8-EA1F-44C2-9D9D-19A788CB7D44}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\618719.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\618719.exe |
"TCP Query User{2724C2BF-B5F7-4C25-8AD1-84D8E661C862}C:\program files\dell v105\dldnmon.exe" = protocol=6 | dir=in | app=c:\program files\dell v105\dldnmon.exe |
"TCP Query User{28B3749E-0366-446C-A345-19F33E96ECD0}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\a2.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\a2.exe |
"TCP Query User{2A90B38B-F8B0-40B8-80E7-F8DFAE9BB0E0}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\iceage2themeltdown.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\iceage2themeltdown.exe |
"TCP Query User{317A3244-27E1-4CD4-A313-9B797BD675A8}C:\users\gd\downloads\slaughterhousefive.exe" = protocol=6 | dir=in | app=c:\users\gd\downloads\slaughterhousefive.exe |
"TCP Query User{324A9923-771F-4822-A064-5EBAB6C664E0}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2644610.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2644610.exe |
"TCP Query User{38EB5CF0-A8C9-458F-8891-36D366B571FB}C:\windows\system32\spool\drivers\w32x86\3\dldnpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldnpswx.exe |
"TCP Query User{39DC1E0E-B8A6-4D53-981F-FDCAFDDA4474}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2204247.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2204247.exe |
"TCP Query User{3CAFFC92-1821-46F7-9A9F-8CD242492352}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2701334.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2701334.exe |
"TCP Query User{4008FEB8-CCB2-41E0-A66E-B81F333DF6DE}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2644610.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2644610.exe |
"TCP Query User{417AAB6C-7C80-4685-84D5-FC25B88D4BC2}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\12_astronomy_books.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\12_astronomy_books.exe |
"TCP Query User{427E95A2-2DF8-4EDB-8F65-9E19302B2069}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{4307C858-4AC0-4189-AC5B-A7567359D197}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2670318.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2670318.exe |
"TCP Query User{4762E13F-3D2D-42A3-B49F-C62DAA5F3FD0}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2777617.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2777617.exe |
"TCP Query User{49E08216-4269-433F-A530-1F25EEE272BE}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2874513.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2874513.exe |
"TCP Query User{4A7D7AE6-6FA5-498B-8D7E-1601A0C2A250}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2204247.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2204247.exe |
"TCP Query User{4D24B0F7-C920-42C1-AA3B-CAFE222B7CA2}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2893485.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2893485.exe |
"TCP Query User{53788CB8-7E7B-4799-8016-D1007F6E606F}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\iceage3.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\iceage3.exe |
"TCP Query User{54875D1A-E8D2-48E0-8CEF-41B0FF20B256}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2893485.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2893485.exe |
"TCP Query User{550BC81D-9A59-435E-824E-3D31D446EDD7}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\1039523.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\1039523.exe |
"TCP Query User{5B6AB5CD-D67C-43FD-9539-551759DE5716}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2874513.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2874513.exe |
"TCP Query User{5B9F0E5B-DAF6-41E4-A1D8-FE0A3367D9CA}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\inodvdrip.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\inodvdrip.exe |
"TCP Query User{70C85CB1-B54C-4EDE-A8CB-0530F3391639}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\12_astronomy_books.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\12_astronomy_books.exe |
"TCP Query User{7301648B-312C-459B-8B7A-DE0BBFF34BE3}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2670318.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2670318.exe |
"TCP Query User{7C4EA6E0-9DD4-4B55-83D6-E47E8CADB71A}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\1039523.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\1039523.exe |
"TCP Query User{7FA21FB0-F964-4090-B2CD-66B26AD504FC}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\a2.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\a2.exe |
"TCP Query User{80A1451E-6EF6-4727-9CE3-1E9C92CB013B}C:\users\gd\downloads\2120111.exe" = protocol=6 | dir=in | app=c:\users\gd\downloads\2120111.exe |
"TCP Query User{95C8587A-4B62-4212-9A7F-11380A72D77F}C:\program files\briscola\briscolachiamata.exe" = protocol=6 | dir=in | app=c:\program files\briscola\briscolachiamata.exe |
"TCP Query User{95D610A8-15FF-456E-8DB1-97D219CAFA05}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\iceage3.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\iceage3.exe |
"TCP Query User{9A5F622F-ECCD-4EB8-94A8-DAE46401C20D}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\1359220.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\1359220.exe |
"TCP Query User{A8B1C5AB-348B-4397-A393-7AD666072F3C}C:\users\gd\appdata\local\microsoft\windows\temporary internet files\content.ie5\2sjjouwv\masturb[1].exe" = protocol=6 | dir=in | app=c:\users\gd\appdata\local\microsoft\windows\temporary internet files\content.ie5\2sjjouwv\masturb[1].exe |
"TCP Query User{B6C81B04-A3BC-4613-AC55-E3952426C726}C:\program files\emule\emule.exe" = protocol=6 | dir=in | app=c:\program files\emule\emule.exe |
"TCP Query User{CA83CEC6-9193-48A4-9B57-7A586D548955}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\618719.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\618719.exe |
"TCP Query User{D685F857-C8EE-4C32-9FB4-1491AD4C21F9}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\subtle_is_the_lord__the_science_and_the_life_of_albert_einstein.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\subtle_is_the_lord__the_science_and_the_life_of_albert_einstein.exe |
"TCP Query User{DAAC7896-1921-424A-8491-0E7E37F5D547}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\inodvdrip.exe" = protocol=6 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\inodvdrip.exe |
"TCP Query User{DCBA4635-C390-47E3-97F5-8BB18044BD48}C:\users\gd\downloads\2198232.exe" = protocol=6 | dir=in | app=c:\users\gd\downloads\2198232.exe |
"TCP Query User{F9C9C4F4-80FF-4A5C-BFE1-61E488E738DB}C:\users\gd\appdata\local\microsoft\windows\temporary internet files\content.ie5\949xs7jt\7824c00f053da3989d8671451df6a53da9609d4e[1].exe" = protocol=6 | dir=in | app=c:\users\gd\appdata\local\microsoft\windows\temporary internet files\content.ie5\949xs7jt\7824c00f053da3989d8671451df6a53da9609d4e[1].exe |
"TCP Query User{FAED1435-90FE-429A-A03D-5C577EB9A634}C:\users\gd\appdata\local\microsoft\windows\temporary internet files\content.ie5\949xs7jt\7824c00f053da3989d8671451df6a53da9609d4e[1].exe" = protocol=6 | dir=in | app=c:\users\gd\appdata\local\microsoft\windows\temporary internet files\content.ie5\949xs7jt\7824c00f053da3989d8671451df6a53da9609d4e[1].exe |
"UDP Query User{06D977AB-B978-41F6-8B8B-CB9AE35D2FE9}C:\program files\briscola\briscolachiamata.exe" = protocol=17 | dir=in | app=c:\program files\briscola\briscolachiamata.exe |
"UDP Query User{096C0763-5A17-490C-822C-EAF4E04596B3}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\618719.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\618719.exe |
"UDP Query User{0E096EAC-DCED-494E-8B28-DDD72D3DDC18}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\iceage2themeltdown.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\iceage2themeltdown.exe |
"UDP Query User{151BE3E7-E366-4222-8CD7-C69F2C93BA9D}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\inodvdrip.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\inodvdrip.exe |
"UDP Query User{17D3A27A-BD82-49AA-BFD6-7025F4CA7EEE}C:\users\gd\downloads\2120111.exe" = protocol=17 | dir=in | app=c:\users\gd\downloads\2120111.exe |
"UDP Query User{2536FC32-8161-46AA-B859-1D8BB177570A}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\a1.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\a1.exe |
"UDP Query User{2B3A1B9E-90D8-4A06-83F2-22ACF8EA048D}C:\program files\emule\emule.exe" = protocol=17 | dir=in | app=c:\program files\emule\emule.exe |
"UDP Query User{3E8644BE-620E-46C5-B7CB-7B2EEBA7E134}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2644610.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2644610.exe |
"UDP Query User{403E7073-0DBE-4CCE-BBA8-DE93D49B4785}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2670318.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2670318.exe |
"UDP Query User{40954D1A-1EBE-44F4-A1CC-8745D9E4678A}C:\users\gd\appdata\local\microsoft\windows\temporary internet files\content.ie5\949xs7jt\7824c00f053da3989d8671451df6a53da9609d4e[1].exe" = protocol=17 | dir=in | app=c:\users\gd\appdata\local\microsoft\windows\temporary internet files\content.ie5\949xs7jt\7824c00f053da3989d8671451df6a53da9609d4e[1].exe |
"UDP Query User{42C8801C-408D-4285-9584-AFCDA155F692}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\iceage3.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\iceage3.exe |
"UDP Query User{45430112-77A6-4E60-A23C-8333C6B03E31}C:\users\gd\appdata\local\microsoft\windows\temporary internet files\content.ie5\949xs7jt\7824c00f053da3989d8671451df6a53da9609d4e[1].exe" = protocol=17 | dir=in | app=c:\users\gd\appdata\local\microsoft\windows\temporary internet files\content.ie5\949xs7jt\7824c00f053da3989d8671451df6a53da9609d4e[1].exe |
"UDP Query User{4804A49C-E2AB-4570-84F1-B5981DAE3924}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2204247.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2204247.exe |
"UDP Query User{51DFE249-5D39-4948-8DD9-8C3CE585EDDC}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\a2.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\a2.exe |
"UDP Query User{53AB3891-DBA8-4CA6-9F53-2BC30AD06A81}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2874513.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2874513.exe |
"UDP Query User{54C507A8-12E5-48E0-A459-028E7020BCB5}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\iceage3.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\iceage3.exe |
"UDP Query User{5D63AF3F-2D06-4388-9B65-09A9C0A8F32E}C:\users\gd\downloads\2198232.exe" = protocol=17 | dir=in | app=c:\users\gd\downloads\2198232.exe |
"UDP Query User{69670EED-FCC5-4D59-ACD6-5A3FB331D34C}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2701334.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2701334.exe |
"UDP Query User{69E6D0DB-3C93-4F8E-8CE0-ABFA33096489}C:\program files\dell v105\dldnmon.exe" = protocol=17 | dir=in | app=c:\program files\dell v105\dldnmon.exe |
"UDP Query User{6D8968B2-3D45-4CD4-8E32-128E3F386C29}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2204247.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2204247.exe |
"UDP Query User{6F6810A5-1A26-48FE-861E-2C5571A987E2}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\a2.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\a2.exe |
"UDP Query User{783B4E54-7ACA-4468-B842-D3D17B2B7B3A}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\12_astronomy_books.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\12_astronomy_books.exe |
"UDP Query User{78F8D5CB-3804-4960-A93E-5A4822C35963}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2893485.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2893485.exe |
"UDP Query User{7A3BE82A-CE60-4D5D-BF6B-E6DF4CF8D40F}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2670318.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2670318.exe |
"UDP Query User{7A51C0EF-8C97-4703-A1FE-FC905A66918A}C:\windows\system32\spool\drivers\w32x86\3\dldnpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldnpswx.exe |
"UDP Query User{822E8076-E98B-408A-85BC-8F37C89120B9}C:\users\gd\appdata\local\microsoft\windows\temporary internet files\content.ie5\2sjjouwv\masturb[1].exe" = protocol=17 | dir=in | app=c:\users\gd\appdata\local\microsoft\windows\temporary internet files\content.ie5\2sjjouwv\masturb[1].exe |
"UDP Query User{9090DEB7-E4C5-48B6-849C-EB2CB0C82C0A}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\1359220.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\1359220.exe |
"UDP Query User{9A13E131-BD31-4EC4-BFD8-9C2A2CE93B76}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\slaughterhousefive.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\slaughterhousefive.exe |
"UDP Query User{9DE8BF88-DF0A-4EBD-B13E-AF7B13F233E0}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2777617.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2777617.exe |
"UDP Query User{A3D04210-4020-43EF-A4A7-8421819C4825}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2874513.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2874513.exe |
"UDP Query User{A7B1D5ED-E467-40A8-B2B8-D740C9F59497}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\12_astronomy_books.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\12_astronomy_books.exe |
"UDP Query User{A8A029D9-FC9E-4DC7-A09C-C184F77A0642}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2893485.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2893485.exe |
"UDP Query User{A8B7FC47-62DF-4C24-8122-336287BBF6BD}C:\users\gd\downloads\slaughterhousefive.exe" = protocol=17 | dir=in | app=c:\users\gd\downloads\slaughterhousefive.exe |
"UDP Query User{AAD02E29-4071-42BC-B19C-E946316EF358}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\618719.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\618719.exe |
"UDP Query User{B0B3304D-5101-4CAE-A9B6-128FF8A04741}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\1039523.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\1039523.exe |
"UDP Query User{B393181A-0A7A-4068-B0B6-70B969D01CE5}C:\program files\briscola\briscolachiamata.exe" = protocol=17 | dir=in | app=c:\program files\briscola\briscolachiamata.exe |
"UDP Query User{CFE228E4-AA2A-4E9D-A465-2DEB577E9EE7}C:\users\gd\downloads\2198232.exe" = protocol=17 | dir=in | app=c:\users\gd\downloads\2198232.exe |
"UDP Query User{D003002A-5236-4EEC-836F-A299E772AC4E}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2644610.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2644610.exe |
"UDP Query User{D4AD9AF1-0E4C-4704-A704-CE53D3CC8B07}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{E199258D-8DFB-47D6-965B-8B9EBEE6CAF6}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\subtle_is_the_lord__the_science_and_the_life_of_albert_einstein.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\subtle_is_the_lord__the_science_and_the_life_of_albert_einstein.exe |
"UDP Query User{E4902AB7-EFD5-400E-8A8A-4CE2FB9BE6AF}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\inodvdrip.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\inodvdrip.exe |
"UDP Query User{EE70FB04-A8A9-4ECD-80FC-341335904E3E}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2701334.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\2701334.exe |
"UDP Query User{F22408EF-A5A9-4BF9-B7BD-C0962E8B19E1}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\iceage2themeltdown.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\iceage2themeltdown.exe |
"UDP Query User{F595A2F8-2C21-4E73-B25F-8C26D1486249}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\a1.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\a1.exe |
"UDP Query User{FAE112A4-CEB4-4B47-B582-50CD7F43204D}C:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\1039523.exe" = protocol=17 | dir=in | app=c:\_otmoveit\movedfiles\04102009_122709\users\gd\downloads\1039523.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03855E1B-960A-4C0D-AF76-3A615F2D014E}" = eBook Library by Sony
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.4402
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0709B06B-82BC-6073-0E43-DE107DF1389C}" = Catalyst Control Center Localization Spanish
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0D80391C-0A72-43BB-9BC2-143F63CC111D}" = Nokia PC Connectivity Solution
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{11D03BF4-A66F-325E-7762-4F64586C673F}" = Catalyst Control Center Graphics Full New
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15EB6A85-A28D-2ED8-C344-DEBC592F2E12}" = Catalyst Control Center Localization German
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{28C3CD30-2DF4-FEFA-3F4E-D6C1C3257FCE}" = ccc-core-static
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32C2CBBB-4540-E526-206D-B7BC7932D82F}" = CCC Help Danish
"{34A08914-7A33-4040-A959-1577BF5AFF8A}" = Microsoft Works
"{36EEFD4F-E34C-4491-B04A-DB8F85C3A021}" = Install
"{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = MetaTrader 4.00
"{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Mobile Connect
"{425819E1-D68E-8CE1-85D5-CDBA64E82DDE}" = CCC Help Japanese
"{4392E2AF-1643-29DA-E873-C94D547467D7}" = Catalyst Control Center Localization Swedish
"{43B6667D-7520-4186-B05B-F5C0494C495D}" = UltraEdit-32
"{44FDDB51-0E97-DD4A-9FB2-8D394DBEE47F}" = CCC Help Dutch
"{48C86A94-A6C0-D2D0-1649-ECB00D2DF4DE}" = Catalyst Control Center Localization Norwegian
"{48CC1AD8-2013-82B3-284F-E0253195664F}" = Catalyst Control Center Localization French
"{496C34BF-9DE5-9628-48CC-052DD6A8453E}" = Catalyst Control Center Core Implementation
"{4A4D109A-D9C4-E460-4F9A-0252F581D600}" = CCC Help Swedish
"{4CA09BF7-1CFC-44B8-80EA-7B4D15D12DC5}" = Catalyst Control Center - Branding
"{531317A5-586A-4E36-87C1-CA823447B375}" = Nokia PC Suite
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{55CA4086-0D2C-30E3-A7B5-C76BA737CECE}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ita
"{57847CB0-95DA-D785-B170-1F00FC79B860}" = Catalyst Control Center Localization Chinese Traditional
"{5A72A2C4-9D4A-0718-DA28-95B73C2270DA}" = Catalyst Control Center Localization Danish
"{60379D61-4F60-4C0D-ADB0-7670BD513AE1}" = Pubs
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{682FED0E-738E-0048-F448-B3EE427978CC}" = Catalyst Control Center Localization Japanese
"{6882DD11-33B8-4DEA-8305-7E765BF74BD3}" = Nokia Connectivity Cable Driver
"{6B00208E-2844-7480-5F50-6515A5907F0B}" = CCC Help Norwegian
"{6B5D24D9-58D9-491C-AF7D-0FF20E79016B}" = Lizardtech Document Express Editor
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{76E12A66-1AEC-3816-E75A-330998F2D40C}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79FBDD2E-DD2B-141A-DCF0-B8C125B5A008}" = Catalyst Control Center Graphics Previews Vista
"{7C63DFEB-6176-C3F1-AA83-F997E32B44EA}" = Catalyst Control Center Localization Portuguese
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{84557D91-D8C7-D7A4-1393-3AB3A16106C7}" = CCC Help Chinese Traditional
"{85F0337D-33AC-43B4-A003-DF35061F1D8D}" = OpenOffice.org 3.0
"{90120000-0020-0410-0000-0000000FF1CE}" = Pacchetto di compatibilità per Office System 2007
"{9266D931-C05C-86F5-B74A-B1A382249916}" = Catalyst Control Center Localization Italian
"{94333A1C-DC4A-E70F-FA92-16AB6F2443D6}" = Catalyst Control Center Graphics Full Existing
"{95120000-00AF-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Italian)
"{974BBAF1-048D-4230-2254-62FEA00B18E9}" = Skins
"{998D91BE-65FE-8B9D-5C6E-1D52401EAAA1}" = CCC Help English
"{9AB377EE-454D-374C-C309-D2DFA9AB535B}" = CCC Help Italian
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A4874CD2-6942-E7A7-3690-277B9CB56DF5}" = Catalyst Control Center Graphics Light
"{AC76BA86-7AD7-1040-7B44-A90000000001}" = Adobe Reader 9 - Italiano
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B578DD15-CB17-CBB8-611E-D1AE7D5568AC}" = Catalyst Control Center Graphics Previews Common
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BC5C42B3-CE50-8D5E-A495-6C48C0FF6336}" = CCC Help Portuguese
"{BEFFB92B-8238-E6B7-E9D4-494BA407E593}" = Catalyst Control Center Localization Korean
"{BFC19AEE-8C4D-65BF-3BAE-729D1252E86C}" = Catalyst Control Center InstallProxy
"{C177F7FD-C061-003B-47F6-41483424517B}" = Catalyst Control Center Localization Chinese Standard
"{C3F9AC0D-3A6D-42F7-8A44-80335A366233}" = Install
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3171626-2269-7CF9-82AC-7BFC534A0E6A}" = ccc-utility
"{D86C72D4-57DB-D59E-1FE3-9ED8819B28C4}" = Catalyst Control Center Localization Russian
"{DAD207CE-44D2-0C73-198B-8DD3B4F27426}" = CCC Help Spanish
"{E1ED3247-902C-9B94-31AB-81572A6D77AA}" = Catalyst Control Center Localization Dutch
"{E374F278-E64E-D574-332F-AE9241580749}" = CCC Help Chinese Standard
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Software di supporto)
"{E60E58A1-6093-3DFC-C382-3702EFB40F0E}" = CCC Help French
"{E87A027B-8051-4323-1B8D-34CB90A9EEBE}" = CCC Help German
"{EAD1C99F-6325-E477-C94C-58B2DB656959}" = Catalyst Control Center Localization Finnish
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EF949584-D843-4F7F-A4B4-070CC9E48B45}" = UltraCompare Professional
"{F4953044-0533-4F01-B0FC-1D271AB998D8}" = Inkjet Toolbox
"{F688B66F-AC95-809B-0056-154AF871D5EF}" = CCC Help Finnish
"{F6BB6248-C507-46FE-8A35-1B16F35E0441}" = ITECIR
"{F9000000-0001-0000-0000-074957833700}" = ABBYY FineReader 9.0 Professional Edition
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FC41BB0E-F005-F0B8-9040-18E935D752E7}" = CCC Help Russian
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"ABC Amber LIT Converter" = ABC Amber LIT Converter
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"All Media Fixer_is1" = All Media Fixer 9.11
"Audacity_is1" = Audacity 1.2.6
"avast!" = avast! Antivirus
"BriscolaChiamata_is1" = Briscola Chiamata
"Broadcom 802.11b Network Adapter" = Utilità della scheda WLAN wireless Dell
"Celestia_is1" = Celestia 1.5.1
"Creative OA001" = Integrated Webcam Driver (1.03.02.0919)
"CutePDF Professional (Evaluation)_is1" = CutePDF Professional 3.6 (Evaluation)
"Dell V105" = Dell V105
"Dell Video Chat" = Dell Video Chat (remove only)
"Dell Webcam Central" = Dell Webcam Central
"EA5B0AA7-D6AE-0996-E42A-F9BBBE08F74F" = calibre
"ERUNT_is1" = ERUNT 1.1j
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - ita" = Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Modello 730 2009" = Modello 730 2009
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"Navilog1_is1" = Navilog1 3.7.6
"RDM+" = RDM+ 3.7
"RealPlayer 12.0" = RealPlayer
"Teleport Pro" = Teleport Pro
"Universal Document Converter_is1" = Universal Document Converter
"Veetle TV" = Veetle TV 0.9.14
"VLC media player" = VLC media player 0.9.9
"WinRAR archiver" = WinRAR archiver
"WordWeb" = WordWeb
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ISS Transit Prediction" = ISS Transit Prediction
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 18/04/2009 12.22.41 | Computer Name = PC-gd | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.
Error - 18/04/2009 12.22.41 | Computer Name = PC-gd | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.
Error - 18/04/2009 12.22.48 | Computer Name = PC-gd | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().
[ Application Events ]
Error - 28/08/2009 12.17.38 | Computer Name = PC-gd | Source = WinMgmt | ID = 10
Description =
Error - 28/08/2009 13.36.36 | Computer Name = PC-gd | Source = Swapdrive Backup | ID = 0
Description = Swapdrive Backup: Web Service Error: System.Net.WebException: Impossibile
risolvere il nome remoto.: 'wsvcdell.backup.com' in System.Net.HttpWebRequest.GetRequestStream()
in System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName,
Object[] parameters) in Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest
req) in Swapdrive.Shared.ActivationWsvcs.GetInfo()
Error - 28/08/2009 13.36.48 | Computer Name = PC-gd | Source = WinMgmt | ID = 10
Description =
Error - 30/08/2009 4.03.38 | Computer Name = PC-gd | Source = Swapdrive Backup | ID = 0
Description = Swapdrive Backup: Web Service Error: System.Net.WebException: Impossibile
risolvere il nome remoto.: 'wsvcdell.backup.com' in System.Net.HttpWebRequest.GetRequestStream()
in System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName,
Object[] parameters) in Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest
req) in Swapdrive.Shared.ActivationWsvcs.GetInfo()
Error - 30/08/2009 4.04.41 | Computer Name = PC-gd | Source = WinMgmt | ID = 10
Description =
Error - 01/09/2009 13.00.17 | Computer Name = PC-gd | Source = Swapdrive Backup | ID = 0
Description = Swapdrive Backup: Web Service Error: System.Net.WebException: Impossibile
risolvere il nome remoto.: 'wsvcdell.backup.com' in System.Net.HttpWebRequest.GetRequestStream()
in System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName,
Object[] parameters) in Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest
req) in Swapdrive.Shared.ActivationWsvcs.GetInfo()
Error - 01/09/2009 13.01.16 | Computer Name = PC-gd | Source = WinMgmt | ID = 10
Description =
Error - 01/09/2009 13.26.59 | Computer Name = PC-gd | Source = Swapdrive Backup | ID = 0
Description = Swapdrive Backup: Web Service Error: System.Net.WebException: Impossibile
risolvere il nome remoto.: 'wsvcdell.backup.com' in System.Net.HttpWebRequest.GetRequestStream()
in System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName,
Object[] parameters) in Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest
req) in Swapdrive.Shared.ActivationWsvcs.GetInfo()
Error - 01/09/2009 13.28.03 | Computer Name = PC-gd | Source = WinMgmt | ID = 10
Description =
Error - 02/09/2009 14.29.12 | Computer Name = PC-gd | Source = Swapdrive Backup | ID = 0
Description = Swapdrive Backup: Web Service Error: System.Net.WebException: Impossibile
risolvere il nome remoto.: 'wsvcdell.backup.com' in System.Net.HttpWebRequest.GetRequestStream()
in System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName,
Object[] parameters) in Swapdrive.Shared.com.backup.uswsvcdell.Service.GetInfo(GetInfoRequest
req) in Swapdrive.Shared.ActivationWsvcs.GetInfo()
[ Broadcom Wireless LAN Events ]
Error - 17/08/2009 9.39.27 | Computer Name = PC-gd | Source = WLAN-Tray | ID = 0
Description = 15:39:27, Mon, Aug 17, 09 Error - User "" does not have administrative
privileges on this system
Error - 19/08/2009 18.18.11 | Computer Name = PC-gd | Source = WLAN-Tray | ID = 0
Description = 00:18:11, Thu, Aug 20, 09 Error - User "" does not have administrative
privileges on this system
Error - 21/08/2009 16.57.53 | Computer Name = PC-gd | Source = WLAN-Tray | ID = 0
Description = 22:57:53, Fri, Aug 21, 09 Error - User "" does not have administrative
privileges on this system
Error - 22/08/2009 13.33.27 | Computer Name = PC-gd | Source = WLAN-Tray | ID = 0
Description = 19:33:27, Sat, Aug 22, 09 Error - User "" does not have administrative
privileges on this system
Error - 23/08/2009 20.20.35 | Computer Name = PC-gd | Source = WLAN-Tray | ID = 0
Description = 02:20:35, Mon, Aug 24, 09 Error - User "" does not have administrative
privileges on this system
Error - 24/08/2009 5.23.50 | Computer Name = PC-gd | Source = WLAN-Tray | ID = 0
Description = 11:23:50, Mon, Aug 24, 09 Error - User "" does not have administrative
privileges on this system
Error - 24/08/2009 16.15.51 | Computer Name = PC-gd | Source = WLAN-Tray | ID = 0
Description = 22:15:51, Mon, Aug 24, 09 Error - User "" does not have administrative
privileges on this system
Error - 25/08/2009 18.28.18 | Computer Name = PC-gd | Source = WLAN-Tray | ID = 0
Description = 00:28:18, Wed, Aug 26, 09 Error - User "" does not have administrative
privileges on this system
Error - 26/08/2009 17.09.30 | Computer Name = PC-gd | Source = WLAN-Tray | ID = 0
Description = 23:09:30, Wed, Aug 26, 09 Error - User "" does not have administrative
privileges on this system
Error - 27/08/2009 15.58.22 | Computer Name = PC-gd | Source = WLAN-Tray | ID = 0
Description = 21:58:22, Thu, Aug 27, 09 Error - User "" does not have administrative
privileges on this system
[ System Events ]
Error - 15/06/2009 7.46.17 | Computer Name = PC-gd | Source = HTTP | ID = 15016
Description =
Error - 15/06/2009 10.14.38 | Computer Name = PC-gd | Source = HTTP | ID = 15016
Description =
Error - 15/06/2009 12.15.25 | Computer Name = PC-gd | Source = HTTP | ID = 15016
Description =
Error - 16/06/2009 15.01.26 | Computer Name = PC-gd | Source = HTTP | ID = 15016
Description =
Error - 17/06/2009 12.36.35 | Computer Name = PC-gd | Source = HTTP | ID = 15016
Description =
Error - 18/06/2009 17.09.16 | Computer Name = PC-gd | Source = HTTP | ID = 15016
Description =
Error - 19/06/2009 14.25.59 | Computer Name = PC-gd | Source = HTTP | ID = 15016
Description =
Error - 20/06/2009 4.09.46 | Computer Name = PC-gd | Source = HTTP | ID = 15016
Description =
Error - 20/06/2009 8.49.09 | Computer Name = PC-gd | Source = HTTP | ID = 15016
Description =
Error - 20/06/2009 10.45.43 | Computer Name = PC-gd | Source = HTTP | ID = 15016
Description =
< End of report >
Edited by mackx, 18 September 2009 - 04:00 AM.
Sign In
Create Account
