Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Services.exe high CPU usage


  • Please log in to reply

#1
DaNeeLo

DaNeeLo

    Member

  • Member
  • PipPip
  • 28 posts
First of all i'd like to say sorry in advance if my english is not that perfect (i'm italian)..
I'm a newbie here and this is my first post, i hope i do everything in the right way....i try to explain my problem.
Some days ago i plugged an USB pendrive to my pc and i noticed that, at first, the system was not recognizing it and then it stopped working; then i rebooted and i noticed that my pc was very slow like a slug, even if i boot it into safe mode. If i open the task manager, the process named service.exe eat at least 80-90% CPU usage; i realized that it might be caused by a malware or something (i googled around and i found that maybe it was caused by a rootkit). So i downloaded MBRCheck that alerted me about a Whistler - Black Internet rootkit located into the other 2 physical HDD i have on my system (D: and E:, C: was ok). Then i shut off the system and disconnected the power cord of those 2 HDD, but the problem is still there: services.exe eat a lot of CPU. I tried to fix the issue by myself, i runned MalwareBytes (nothing unusual found), Combofix (it took about one hour to do the scan and deleted a couple of directories), Avast Antivirus (nothing found), Hitman Pro(nothing found), HiJackThis (i posted the report on the official board, but everything seemed to be ok). Another strange fact is that when i ran ComboFix it said that there was the Avast real-time scanner running, but in the Task Manager and in the Process Explorer there was no process related to Avast; before running Combofix i uninstalled Avast using CCleaner uninstaller first and then the Avast Remover Tools too.
I tried to search a fix for my problem in this forum too, but nothing worked, so i decided to start this topic; here's the OTL report:


OTL logfile created on: 02/12/2011 13.37.41 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\daneelo\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 82,63% Memory free
7,24 Gb Paging File | 6,94 Gb Available in Paging File | 95,91% Paging File free
Paging file location(s): C:\pagefile.sys 4500 9000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 149,04 Gb Total Space | 39,41 Gb Free Space | 26,44% Space Free | Partition Type: NTFS

Computer Name: PC-CASA | User Name: daneelo | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/02 13.36.50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\daneelo\Desktop\OTL.exe
PRC - [2011/11/08 20.17.22 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programmi\Mozilla Firefox\firefox.exe
PRC - [2007/06/13 14.22.28 | 001,035,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/08 20.17.21 | 001,989,592 | ---- | M] () -- C:\Programmi\Mozilla Firefox\mozjs.dll
MOD - [2011/10/08 05.50.00 | 000,355,432 | ---- | M] () -- C:\Programmi\NVIDIA Corporation\nView\nvShell.dll
MOD - [2011/05/26 19.25.51 | 006,271,136 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2009/02/27 18.42.50 | 000,311,296 | ---- | M] () -- C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\pdfshell.ITA
MOD - [2008/09/16 20.18.06 | 000,132,608 | ---- | M] () -- C:\Programmi\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/11/18 14.22.22 | 003,313,752 | ---- | M] () [Disabled | Stopped] -- c:\programmi\file comuni\akamai/netsession_win_d768ebc.dll -- (Akamai)
SRV - [2011/11/05 15.39.15 | 000,072,704 | ---- | M] (Adobe Systems) [Disabled | Stopped] -- C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2011/10/08 05.50.00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/07 11.24.26 | 000,074,752 | ---- | M] (Freemake) [Disabled | Stopped] -- C:\Documents and Settings\All Users\Dati applicazioni\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (FreemakeUtilsService)
SRV - [2011/08/31 17.00.48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/15 15.18.10 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Programmi\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/01/02 19.07.59 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/23 22.34.20 | 000,370,688 | ---- | M] (StarWind Software) [Disabled | Stopped] -- C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/02/05 10.11.18 | 000,075,320 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 10.11.16 | 000,112,184 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programmi\File comuni\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/12/14 02.21.20 | 000,045,056 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02.02.08 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01.46.16 | 000,057,344 | ---- | M] () [Disabled | Stopped] -- C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/11/23 07.58.04 | 000,765,952 | ---- | M] (Diskeeper Corporation) [Disabled | Stopped] -- C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2005/11/14 01.06.04 | 000,069,632 | ---- | M] (Macrovision Corporation) [Disabled | Stopped] -- C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/07/28 20.28.22 | 000,089,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17.00.50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/10/15 12.31.36 | 000,436,792 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/03/18 16.35.40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/07/25 13.09.24 | 000,845,184 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008/07/01 04.27.44 | 000,108,800 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/02/14 07.12.00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2006/06/14 12.44.30 | 000,012,288 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\EIO_XP.sys -- (EIO_XP)
DRV - [2005/05/27 09.31.28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/01/31 11.20.04 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2004/08/13 11.56.20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://getii.com/dvds
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Search-Results"
FF - prefs.js..browser.search.defaultenginename: "Search-Results"
FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search-Results"
FF - prefs.js..browser.search.selectedEngine: "Google Italia"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.it/"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: [email protected]:0.76
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {8be51513-0433-45c1-9203-7b45019df871}:1.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.3.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..extensions.enabledItems: {86FA6F53-95FE-7A69-D8C3-E1454281F8B6}:3.5.3
FF - prefs.js..extensions.enabledItems: {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.20100123
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.6.3
FF - prefs.js..extensions.enabledItems: [email protected]:3.6
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2653012&q="
FF - prefs.js..network.proxy.type: 0

FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port:
FF - user.js..network.proxy.no_proxies_on: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Programmi\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programmi\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programmi\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Programmi\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programmi\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Programmi\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Programmi\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll (Veoh)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmi\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Programmi\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011/10/10 11.36.57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2011/11/08 20.17.22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2011/06/20 10.44.49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Programmi\Mozilla Thunderbird\components [2011/08/26 16.39.18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Programmi\Mozilla Thunderbird\plugins [2011/06/20 10.44.50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Programmi\Veoh Networks\VeohWebPlayer\FFVideoFinder [2009/09/13 12.45.57 | 000,000,000 | ---D | M]

[2010/07/11 14.20.45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Extensions
[2010/07/11 14.20.45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/11/30 12.27.27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Firefox\Profiles\auw417bx.default\extensions
[2010/03/26 14.12.46 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Firefox\Profiles\auw417bx.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/02/03 16.07.10 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Firefox\Profiles\auw417bx.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
[2011/11/30 12.27.27 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Firefox\Profiles\auw417bx.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/11/13 18.56.55 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Firefox\Profiles\auw417bx.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/10/20 14.00.51 | 000,000,000 | ---D | M] (printpdf) -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Firefox\Profiles\auw417bx.default\extensions\[email protected]
[2011/04/08 13.26.34 | 000,000,000 | ---D | M] (QuickDrag) -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Firefox\Profiles\auw417bx.default\extensions\[email protected]
[2010/09/12 16.32.04 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Firefox\Profiles\auw417bx.default\searchplugins\conduit.xml
[2011/11/25 20.04.16 | 000,002,452 | ---- | M] () -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Firefox\Profiles\auw417bx.default\searchplugins\google-italia.xml
[2011/11/08 20.17.36 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DANEELO\DATI APPLICAZIONI\MOZILLA\FIREFOX\PROFILES\AUW417BX.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DANEELO\DATI APPLICAZIONI\MOZILLA\FIREFOX\PROFILES\AUW417BX.DEFAULT\EXTENSIONS\{75CEEE46-9B64-46F8-94BF-54012DE155F0}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DANEELO\DATI APPLICAZIONI\MOZILLA\FIREFOX\PROFILES\AUW417BX.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DANEELO\DATI APPLICAZIONI\MOZILLA\FIREFOX\PROFILES\AUW417BX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DANEELO\DATI APPLICAZIONI\MOZILLA\FIREFOX\PROFILES\AUW417BX.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DANEELO\DATI APPLICAZIONI\MOZILLA\FIREFOX\PROFILES\AUW417BX.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DANEELO\DATI APPLICAZIONI\MOZILLA\FIREFOX\PROFILES\AUW417BX.DEFAULT\EXTENSIONS\[email protected]
[2011/11/08 20.17.22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programmi\mozilla firefox\components\browsercomps.dll
[2010/11/12 18.53.06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/02 12.29.23 | 000,002,252 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\bing.xml
[2009/11/03 03.26.39 | 000,001,412 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\demauro.xml
[2011/10/02 12.29.23 | 000,000,744 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\eBay-it.xml
[2011/10/02 12.29.23 | 000,000,825 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\hoepli.xml
[2011/10/02 12.29.23 | 000,001,182 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\wikipedia-it.xml
[2011/10/02 12.29.23 | 000,000,953 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2011/11/28 14.30.33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programmi\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programmi\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Scarica con Free Download Manager - C:\Programmi\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Scarica i video con Free Download Manager - C:\Programmi\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - C:\Programmi\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Scarica tutto con Free Download Manager - C:\Programmi\Free Download Manager\dlall.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programmi\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programmi\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF34E6E9-CFCC-4318-B4FC-1D917AA6FB94}: NameServer = 212.216.112.222,212.216.172.162
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/19 21.02.28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/02 13.36.49 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\daneelo\Desktop\OTL.exe
[2011/12/01 22.00.37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/01 22.00.30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daneelo\Dati applicazioni\TrojanHunter
[2011/12/01 21.39.36 | 000,000,000 | ---D | C] -- C:\Programmi\TrojanHunter 5.5
[2011/12/01 21.17.34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/12/01 20.06.54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/01 20.06.54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/01 20.06.54 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/01 20.06.54 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/01 20.05.38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/01 20.02.47 | 004,324,789 | R--- | C] (Swearware) -- C:\Documents and Settings\daneelo\Desktop\ComboFix.exe
[2011/12/01 18.10.44 | 000,636,728 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\daneelo\Desktop\autoruns.exe
[2011/12/01 14.47.41 | 000,000,000 | ---D | C] -- C:\Programmi\Hitman Pro 3.5
[2011/12/01 14.46.59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Hitman Pro
[2011/11/30 13.08.48 | 003,022,624 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\daneelo\Desktop\Procmon.exe
[2011/11/30 12.27.33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daneelo\Dati applicazioni\QuickScan
[2011/11/29 19.44.43 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Documents and Settings\daneelo\Desktop\boot_cleaner.exe
[2011/11/28 21.01.39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daneelo\Menu Avvio\Programmi\HiJackThis
[2011/11/28 20.17.26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes' Anti-Malware
[2011/11/28 20.17.23 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/28 18.52.21 | 004,845,856 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\daneelo\Desktop\procexp.exe
[2011/11/28 14.22.49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/28 13.26.00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\daneelo\Recent
[2011/11/23 18.39.39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Google Earth
[2011/11/21 21.31.32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daneelo\Menu Avvio\Programmi\The Treasures of Montezuma 3
[2011/11/21 21.31.14 | 000,000,000 | ---D | C] -- C:\WINDOWS\The Treasures of Montezuma 3
[2011/11/21 21.31.14 | 000,000,000 | ---D | C] -- C:\Programmi\The Treasures of Montezuma 3
[2011/11/17 19.48.53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daneelo\Dati applicazioni\JewelMatch2
[2011/11/16 21.26.13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daneelo\Menu Avvio\Programmi\Alawar Games
[2011/11/14 18.22.56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daneelo\Dati applicazioni\BlamGames
[2011/11/10 12.41.26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daneelo\Impostazioni locali\Dati applicazioni\Akamai
[2011/11/10 12.29.20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daneelo\Documenti\Working Folder 0
[2011/11/06 12.11.24 | 000,000,000 | ---D | C] -- C:\Programmi\NeroPortable
[2011/11/05 15.50.07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\regid.1986-12.com.adobe
[2011/11/05 15.48.36 | 000,000,000 | ---D | C] -- C:\Programmi\PhotoshopPortable
[2011/11/05 15.39.15 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Adobe Systems Shared
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/02 13.36.50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\daneelo\Desktop\OTL.exe
[2011/12/02 13.32.41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/01 21.39.46 | 000,059,392 | R--- | M] () -- C:\WINDOWS\System32\streamhlp.dll
[2011/12/01 21.22.47 | 000,001,126 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/01 20.03.08 | 004,324,789 | R--- | M] (Swearware) -- C:\Documents and Settings\daneelo\Desktop\ComboFix.exe
[2011/12/01 18.59.59 | 000,002,885 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/12/01 14.47.42 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/12/01 14.47.42 | 000,001,641 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/11/30 21.10.07 | 000,000,307 | -HS- | M] () -- C:\boot.ini
[2011/11/30 20.36.02 | 000,001,130 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/29 21.40.34 | 000,002,429 | ---- | M] () -- C:\Documents and Settings\daneelo\Desktop\HiJackThis.lnk
[2011/11/29 14.13.13 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\daneelo\Desktop\lol.exe
[2011/11/28 20.17.27 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/28 14.30.33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/28 13.59.20 | 000,000,050 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/11/27 21.46.58 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/27 21.44.07 | 000,001,148 | -H-- | M] () -- C:\Documents and Settings\daneelo\Documenti\Default.rdp
[2011/11/27 20.08.15 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\daneelo\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/23 13.14.01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/21 21.31.32 | 000,001,783 | ---- | M] () -- C:\Documents and Settings\daneelo\Desktop\The Treasures of Montezuma 3.lnk
[2011/11/09 13.15.34 | 000,636,728 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\daneelo\Desktop\autoruns.exe
[2011/11/08 13.48.58 | 000,004,190 | ---- | M] () -- C:\Documents and Settings\daneelo\Desktop\A Mano Armata.html
[2011/11/06 12.15.12 | 000,000,677 | ---- | M] () -- C:\Documents and Settings\daneelo\Desktop\Nero Express.lnk
[2011/11/06 12.05.11 | 002,588,232 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/05 15.55.45 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\daneelo\Desktop\PhotoshopCS5.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/01 21.39.36 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2011/12/01 20.06.54 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/01 20.06.54 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/01 20.06.54 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/01 20.06.54 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/01 20.06.54 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/01 14.47.42 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/12/01 14.47.42 | 000,001,641 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2011/11/29 14.13.03 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\daneelo\Desktop\lol.exe
[2011/11/28 21.01.40 | 000,002,429 | ---- | C] () -- C:\Documents and Settings\daneelo\Desktop\HiJackThis.lnk
[2011/11/28 20.17.27 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/28 13.59.20 | 000,000,050 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/11/21 21.31.32 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\daneelo\Desktop\The Treasures of Montezuma 3.lnk
[2011/11/06 12.15.12 | 000,000,677 | ---- | C] () -- C:\Documents and Settings\daneelo\Desktop\Nero Express.lnk
[2011/11/05 15.55.45 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\daneelo\Desktop\PhotoshopCS5.lnk
[2011/11/05 15.41.26 | 000,001,706 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Adobe Bridge.lnk
[2011/10/30 12.10.04 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/10/13 11.53.25 | 001,689,402 | ---- | C] () -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\WPFFontCache_v0400-S-1-5-21-1482476501-1390067357-839522115-1003-0.dat
[2011/10/13 11.53.24 | 000,530,162 | ---- | C] () -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\WPFFontCache_v0400-System.dat
[2011/06/20 11.35.19 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/01/22 12.30.36 | 000,000,350 | ---- | C] () -- C:\WINDOWS\Vx4SLPlayer.INI
[2010/12/02 01.21.55 | 000,020,682 | ---- | C] () -- C:\Documents and Settings\daneelo\Dati applicazioni\com.koingosw.AlarmClockPro.xml
[2010/10/03 17.52.33 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/03 17.52.27 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/03 17.52.27 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/08/11 19.55.13 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/07/10 04.38.00 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/03/21 20.32.27 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2010/03/21 20.32.04 | 000,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2010/03/01 20.09.29 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\RfT_R.DAT
[2009/11/14 18.19.50 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\daneelo\Impostazioni locali\Dati applicazioni\fusioncache.dat
[2009/07/13 14.08.09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/12 19.02.49 | 000,000,669 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2009/05/05 19.22.10 | 000,003,246 | ---- | C] () -- C:\WINDOWS\jsgkxz32.ini
[2009/04/10 16.05.47 | 000,064,000 | ---- | C] () -- C:\WINDOWS\System32\esfw41.bin
[2009/03/13 13.24.18 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/24 13.31.06 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2009/02/23 15.13.12 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2009/02/23 15.13.03 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/02/20 00.53.16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/02/20 00.41.12 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\daneelo\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/19 21.54.09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/02/19 21.50.52 | 002,588,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/19 21.19.23 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/02/19 21.19.16 | 000,027,739 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/02/19 21.19.16 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/02/19 21.04.42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/02/19 20.58.49 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/27 15.18.20 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\lwel-manifest.dll
[2008/05/03 04.16.00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/03/01 22.10.20 | 000,000,144 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2008/02/08 17.03.43 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\RegisterDialog.dll
[2004/08/19 14.52.50 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/02 13.20.40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/10/15 23.54.04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/08/31 12.00.00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/31 12.00.00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/31 12.00.00 | 000,552,180 | ---- | C] () -- C:\WINDOWS\System32\perfh010.dat
[2001/08/31 12.00.00 | 000,501,382 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/31 12.00.00 | 000,300,212 | ---- | C] () -- C:\WINDOWS\System32\perfi010.dat
[2001/08/31 12.00.00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/31 12.00.00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/31 12.00.00 | 000,103,538 | ---- | C] () -- C:\WINDOWS\System32\perfc010.dat
[2001/08/31 12.00.00 | 000,087,288 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/31 12.00.00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/31 12.00.00 | 000,034,004 | ---- | C] () -- C:\WINDOWS\System32\perfd010.dat
[2001/08/31 12.00.00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/31 12.00.00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/31 12.00.00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/08/21 11.43.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Alawar Stargaze
[2009/12/13 18.03.47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AlawarWrapper
[2010/09/19 18.45.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Alwil Software
[2009/02/20 19.08.40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Azureus
[2011/09/13 12.55.32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonBJ
[2011/09/13 13.10.29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonEPP
[2011/09/13 13.10.29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonIJEPPEX2
[2011/09/13 13.06.21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonIJMSetup
[2011/09/13 12.57.33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonIJSetup000
[2011/09/13 13.05.43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonIJWSpt
[2011/05/25 13.04.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Elephant Games
[2009/02/20 01.33.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\FreeDownloadManager.ORG
[2011/10/10 11.36.57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Freemake
[2009/11/16 20.53.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Hagel Technologies
[2011/12/01 14.47.01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Hitman Pro
[2010/09/19 12.50.14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\MAGIX
[2009/10/30 17.40.51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
[2011/03/10 17.48.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\MumboJumbo
[2009/05/10 23.38.48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\PaperlessPrinter Data
[2011/06/09 12.48.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\PlayPond
[2011/11/05 15.50.07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\regid.1986-12.com.adobe
[2010/05/28 13.58.33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\SafeNet Sentinel
[2011/08/16 18.41.02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Screentime
[2011/02/11 20.50.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\SmartSound Software Inc
[2009/03/10 14.47.50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Syncrosoft
[2011/06/08 13.37.44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Top Evidence
[2009/08/12 12.19.25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/09/13 14.04.59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Acoustica
[2011/08/17 11.12.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Alawar Entertainment
[2011/08/21 11.43.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Alawar Stargaze
[2011/09/08 19.57.40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Artifex Mundi
[2009/04/24 23.18.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Artisteer
[2011/06/05 12.27.12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Artogon
[2011/10/10 12.57.12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\avidemux
[2011/03/07 13.40.31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Azureus
[2011/01/08 19.52.35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Big Fish Games
[2011/12/01 18.57.01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\BitTorrent
[2011/11/14 18.22.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\BlamGames
[2009/10/27 20.51.42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Blender Foundation
[2011/08/21 12.43.14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Blue Tea Games
[2011/07/13 15.12.22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Boolat Games
[2011/09/13 13.39.49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Canon
[2011/09/13 13.19.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\CD-LabelPrint
[2009/05/03 18.12.24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\CoSoSys
[2011/03/17 13.00.10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\CursedOnboard
[2011/05/18 18.22.31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\DailyMagic
[2011/10/30 11.57.32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\DieselPuppet
[2011/06/02 12.09.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\EleFun Games
[2011/02/20 17.22.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Elephant Games
[2009/04/10 16.18.00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\EPSON
[2011/04/09 16.29.42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\ERS G-Studio
[2011/10/14 18.36.13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\ERS Game Studios
[2011/11/09 22.06.21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\FileZilla
[2010/09/11 14.47.42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\fltk.org
[2011/04/10 13.55.13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Free Download Manager
[2011/11/16 21.27.05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Friday's games
[2011/08/21 16.42.58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\GameInvest
[2011/06/20 11.35.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Ghost Ship Studios
[2011/09/19 12.00.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\gtk-2.0
[2010/12/18 21.21.57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\HdO Adventure
[2011/01/25 20.25.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\ICQ
[2010/10/18 10.36.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Icu2
[2011/11/21 21.30.32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\JewelMatch2
[2010/01/11 17.21.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Leadertech
[2011/06/30 19.09.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\LestaStudio
[2010/09/19 12.51.20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\MAGIX
[2011/01/12 13.34.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Namco
[2009/03/23 19.20.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Opera
[2010/01/30 20.45.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Orbit
[2011/03/07 13.56.45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Phantasmat_bf_ce1
[2009/12/13 18.05.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Playrix Entertainment
[2011/11/30 12.27.33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\QuickScan
[2009/03/09 20.28.42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Steinberg
[2010/05/28 18.33.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\SynthEyes
[2010/07/17 19.50.20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\TeamViewer
[2010/07/11 14.20.41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Thunderbird
[2011/06/08 13.37.44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Top Evidence
[2011/12/01 22.00.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\TrojanHunter
[2011/07/09 13.14.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\VampireSagaHL
[2011/09/16 19.38.00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Vast Studios
[2011/07/21 11.55.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Vogat Interactive
[2010/11/07 15.33.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\VoipCheapCom

========== Purity Check ==========



< End of report >



OTL generated this other report labeled "Extras":


OTL Extras logfile created on: 02/12/2011 13.37.41 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\daneelo\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 82,63% Memory free
7,24 Gb Paging File | 6,94 Gb Available in Paging File | 95,91% Paging File free
Paging file location(s): C:\pagefile.sys 4500 9000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 149,04 Gb Total Space | 39,41 Gb Free Space | 26,44% Space Free | Partition Type: NTFS

Computer Name: PC-CASA | User Name: daneelo | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Programmi\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"5900:TCP" = 5900:TCP:*:Enabled:vnc5900
"5800:TCP" = 5800:TCP:*:Enabled:vnc5800

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programmi\ICQ7.2\ICQ.exe" = C:\Programmi\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programmi\ICQ7.2\aolload.exe" = C:\Programmi\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programmi\eMule\emule.exe" = C:\Programmi\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Programmi\Free Download Manager\fdm.exe" = C:\Programmi\Free Download Manager\fdm.exe:*:Enabled:Free Download Manager -- (FreeDownloadManager.ORG)
"C:\Programmi\Mozilla Firefox\firefox.exe" = C:\Programmi\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:Condivis. App. RTC -- (Microsoft Corporation)
"C:\Programmi\NetMeeting\conf.exe" = C:\Programmi\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Programmi\Yahoo!\Messenger\YServer.exe" = C:\Programmi\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Programmi\Java\jre6\bin\java.exe" = C:\Programmi\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programmi\ICQ7.2\ICQ.exe" = C:\Programmi\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programmi\ICQ7.2\aolload.exe" = C:\Programmi\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Documents and Settings\daneelo\Desktop\TeamViewer.Full.5.0.7418\TeamViewer Full 5.0.7418\TeamViewer.exe" = C:\Documents and Settings\daneelo\Desktop\TeamViewer.Full.5.0.7418\TeamViewer Full 5.0.7418\TeamViewer.exe:*:Enabled:TeamViewer -- (TeamViewer GmbH)
"C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Programmi\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\Programmi\BitTorrent\BitTorrent.exe" = C:\Programmi\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Programmi\Google\Google Earth\client\googleearth.exe" = C:\Programmi\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programmi\EasyPHP5.3.0\apache\bin\apache.exe" = C:\Programmi\EasyPHP5.3.0\apache\bin\apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Programmi\Java\jre6\bin\javaw.exe" = C:\Programmi\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programmi\UltraVNC\winvnc.exe" = C:\Programmi\UltraVNC\winvnc.exe:*:Enabled:winvnc.exe -- (UltraVNC)
"C:\Programmi\UltraVNC\vncviewer.exe" = C:\Programmi\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"C:\Programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Documents and Settings\daneelo\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe" = C:\Documents and Settings\daneelo\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface -- (Akamai Technologies, Inc)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series" = Canon iP4800 series Printer Driver
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20E5F823-61A4-4BCE-9DF4-5DB43F302B69}" = Diskeeper Professional Premier Edition
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 23
"{2DD388FF-6422-43C9-86A1-C7A99C83E946}" = ASUS nVidia Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32714140-CBC5-3FAF-BFC2-3A7376C3EECF}" = Microsoft .NET Framework 4 Client Profile ITA Language Pack
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39AE27EE-A148-48A3-B98D-35498C4D9719}" = Windows Live Messenger
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3d9ac095-e115-4e94-bdef-7f7edf17697d}" = Python 2.6.3
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{4344E211-F621-3870-9A08-2F56C71BA0A7}" = Microsoft .NET Framework 4 Extended ITA Language Pack
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F695BCF-9BDC-48AB-8D46-D57CFAD7A248}" = Assistente per l'accesso a Windows Live
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBB5E4C-3F5E-4C07-BFBE-33B34600783A}" = LogMeIn Hamachi
"{90160410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel 2003
"{90180410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003
"{901B0410-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word 2003
"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS
"{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1)
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CEB017E-CC16-4C89-B9E4-AAB5A1DD12F9}" = Windows Live Essentials
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1040-7B44-A94000000001}" = Adobe Reader 9.4.6 - Italiano
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Pannello di controllo NVIDIA 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Driver grafico 285.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.95
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aggiornamenti NVIDIA 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3C640B8-95B6-40AE-A058-BE4896CD3010}" = Windows Live Call
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Software Logitech QuickCam
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCA96B5D-02D1-40B2-ABAF-E8ED39754AD3}" = SynthEyes
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Akamai" = Akamai NetSession Interface Service
"ASIO4ALL" = ASIO4ALL
"BitTorrent" = BitTorrent
"Blender" = Blender
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"Cool FLAC To MP3 Converter_is1" = Cool FLAC To MP3 Converter 1.0
"DivX Setup.divx.com" = DivX Setup
"dumeter3_is1" = DU Meter
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDStyler_is1" = DVDStyler v1.8.3 rc 2
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"eMule" = eMule
"EPSON Scanner" = EPSON Scan
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.02
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"Fass" = Pawsoft Fass
"FileZilla Client" = FileZilla Client 3.2.4
"Firebird SQL Server UK" = Firebird SQL Server - MAGIX Edition
"Free Download Manager_is1" = Free Download Manager 3.0
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Freemake Video Converter_is1" = Freemake Video Converter versione 2.4.0
"FreePOPs" = NSIS FreePOPs (remove only)
"GlaceVerb_is1" = GlaceVerb 1.01
"HitmanPro35" = Hitman Pro 3.5
"HyperCam 2" = HyperCam 2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Image Grabber II" = Image Grabber II
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Manager Piattaforma
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Intelligent Shutdown_is1" = Intelligent Shutdown 1.25
"LameACM" = Lame ACM MP3 Codec
"LogMeIn Hamachi" = LogMeIn Hamachi
"MAGIX 3D Maker UK" = MAGIX 3D Maker (embeded)
"MAGIX Movie Edit Pro 16 Plus Download Version UK" = MAGIX Movie Edit Pro 16 Plus Download Version 9.0.1.60 (UK)
"MAGIX Screenshare UK" = MAGIX Screenshare
"MAGIX Speed burnR UK" = MAGIX Speed burnR
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware versione 1.51.2.1300
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ITA Language Pack" = Microsoft .NET Framework 4 Client Profile - Language Pack (ITA)
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended ITA Language Pack" = Microsoft .NET Framework 4 Extended - Language Pack (ITA)
"Mozilla Firefox 8.0 (x86 it)" = Mozilla Firefox 8.0 (x86 it)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OJOsoft Total Video Converter_is1" = OJOsoft Total Video Converter
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"PaperlessPrinter_is1" = PaperlessPrinter version 3.0
"PSPad editor_is1" = PSPad editor
"QcDrv" = Driver di Logitech® Camera
"Redemption Cemetery - Ferris Wheel" = Redemption Cemetery - Ferris Wheel Screen Saver
"Registrazione utente Canon iP4800 series" = Registrazione utente Canon iP4800 series
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"Steinberg Cubase SX 1.01" = Steinberg Cubase SX 1.01
"The Treasures of Montezuma 3Final" = The Treasures of Montezuma 3
"Trapcode Particular" = Trapcode Particular
"Ultravnc2_is1" = UltraVnc
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.1.5
"VobSub" = VobSub v2.23 (Remove Only)
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/11/2011 16.08.55 | Computer Name = PC-CASA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo HiJackThis.exe, versione 2.0.0.4, modulo in
stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 28/11/2011 16.47.32 | Computer Name = PC-CASA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo HiJackThis.exe, versione 2.0.0.4, modulo in
stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 29/11/2011 16.44.21 | Computer Name = PC-CASA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo HiJackThis.exe, versione 2.0.0.4, modulo in
stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 29/11/2011 16.49.56 | Computer Name = PC-CASA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo wmplayer.exe, versione 11.0.5721.5145, modulo
in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 30/11/2011 8.49.16 | Computer Name = PC-CASA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore procmon.exe, versione 2.96.0.0,
modulo che ha provocato l'errore procmon.exe, versione 2.96.0.0, indirizzo errore
0x0008d231.

Error - 30/11/2011 8.50.36 | Computer Name = PC-CASA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo Procmon.exe, versione 2.96.0.0, modulo in stallo
hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 30/11/2011 8.52.29 | Computer Name = PC-CASA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore procmon.exe, versione 2.96.0.0,
modulo che ha provocato l'errore procmon.exe, versione 2.96.0.0, indirizzo errore
0x0008d231.

Error - 30/11/2011 9.04.31 | Computer Name = PC-CASA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo mmc.exe, versione 5.1.2600.2180, modulo in
stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 30/11/2011 15.09.51 | Computer Name = PC-CASA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore procmon.exe, versione 2.96.0.0,
modulo che ha provocato l'errore procmon.exe, versione 2.96.0.0, indirizzo errore
0x0008d231.

Error - 30/11/2011 15.10.57 | Computer Name = PC-CASA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo Procmon.exe, versione 2.96.0.0, modulo in stallo
hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

[ Application Events ]
Error - 28/11/2011 16.08.55 | Computer Name = PC-CASA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo HiJackThis.exe, versione 2.0.0.4, modulo in
stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 28/11/2011 16.47.32 | Computer Name = PC-CASA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo HiJackThis.exe, versione 2.0.0.4, modulo in
stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 29/11/2011 16.44.21 | Computer Name = PC-CASA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo HiJackThis.exe, versione 2.0.0.4, modulo in
stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 29/11/2011 16.49.56 | Computer Name = PC-CASA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo wmplayer.exe, versione 11.0.5721.5145, modulo
in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 30/11/2011 8.49.16 | Computer Name = PC-CASA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore procmon.exe, versione 2.96.0.0,
modulo che ha provocato l'errore procmon.exe, versione 2.96.0.0, indirizzo errore
0x0008d231.

Error - 30/11/2011 8.50.36 | Computer Name = PC-CASA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo Procmon.exe, versione 2.96.0.0, modulo in stallo
hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 30/11/2011 8.52.29 | Computer Name = PC-CASA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore procmon.exe, versione 2.96.0.0,
modulo che ha provocato l'errore procmon.exe, versione 2.96.0.0, indirizzo errore
0x0008d231.

Error - 30/11/2011 9.04.31 | Computer Name = PC-CASA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo mmc.exe, versione 5.1.2600.2180, modulo in
stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 30/11/2011 15.09.51 | Computer Name = PC-CASA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore procmon.exe, versione 2.96.0.0,
modulo che ha provocato l'errore procmon.exe, versione 2.96.0.0, indirizzo errore
0x0008d231.

Error - 30/11/2011 15.10.57 | Computer Name = PC-CASA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo Procmon.exe, versione 2.96.0.0, modulo in stallo
hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

[ System Events ]
Error - 01/12/2011 16.32.11 | Computer Name = PC-CASA | Source = Service Control Manager | ID = 7026
Description = All'avvio non è stato possibile caricare i seguenti driver: EIO_XP
Fips
intelppm
Lbd
sptd

Error - 01/12/2011 16.40.19 | Computer Name = PC-CASA | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio StiSvc con gli argomenti "" per eseguire il server {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 01/12/2011 17.01.01 | Computer Name = PC-CASA | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio StiSvc con gli argomenti "" per eseguire il server {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 01/12/2011 17.01.02 | Computer Name = PC-CASA | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio StiSvc con gli argomenti "" per eseguire il server {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 01/12/2011 17.05.17 | Computer Name = PC-CASA | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio EventSystem con gli argomenti "" per eseguire il server {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 02/12/2011 8.32.53 | Computer Name = PC-CASA | Source = sptd | ID = 262148
Description = Il driver ha rilevato un errore interno nelle strutture dati per .

Error - 02/12/2011 8.33.02 | Computer Name = PC-CASA | Source = SRService | ID = 104
Description = Processo di inizializzazione di Ripristino configurazione di sistema
non riuscito.

Error - 02/12/2011 8.33.20 | Computer Name = PC-CASA | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio EventSystem con gli argomenti "" per eseguire il server {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 02/12/2011 8.34.21 | Computer Name = PC-CASA | Source = Service Control Manager | ID = 7023
Description = Servizio Servizio Ripristino configurazione di sistema terminato con
l'errore: %%2

Error - 02/12/2011 8.34.21 | Computer Name = PC-CASA | Source = Service Control Manager | ID = 7026
Description = All'avvio non è stato possibile caricare i seguenti driver: EIO_XP
Fips
intelppm
Lbd
sptd


< End of report >
I sincerely hope i explained my problem clearly, and i want to thank in advance who will give me help....
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,700 posts
  • MVP
ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Do the following:
Start -> Run
type diskmgmt.msc
Click "OK"

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.


Run OTL, Quickscan and post the log.

Ron
  • 0

#3
DaNeeLo

DaNeeLo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Thanks Ron for giving me help! I followed all the steps and here are all the reports you needed:

ComboFix log


ComboFix 11-12-06.02 - daneelo 08/12/2011 13.56.23.8.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.3071.2734 [GMT 1:00]
Eseguito da: c:\documents and settings\daneelo\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\CSC\d6
.
.
((((((((((((((((((((((((( Files Creati Da 2011-11-08 al 2011-12-08 )))))))))))))))))))))))))))))))))))
.
.
2011-12-06 18:14 . 2004-08-03 22:08 17024 -c--a-w- c:\windows\system32\dllcache\usbohci.sys
2011-12-06 18:13 . 2001-08-30 22:07 386560 -c--a-w- c:\windows\system32\dllcache\sgiul50.dll
2011-12-06 18:12 . 2004-08-03 22:10 61056 -c--a-w- c:\windows\system32\dllcache\ohci1394.sys
2011-12-06 18:11 . 2004-08-03 22:10 15360 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2011-12-06 18:10 . 2001-08-30 22:07 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2011-12-06 18:09 . 2001-08-17 19:10 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2011-12-06 18:08 . 2001-08-30 22:07 170880 -c--a-w- c:\windows\system32\dllcache\cl546x.dll
2011-12-06 18:07 . 2004-08-03 21:29 56623 -c--a-w- c:\windows\system32\dllcache\ati1btxx.sys
2011-12-05 18:09 . 2011-12-05 18:09 -------- d-----w- c:\documents and settings\Prova
2011-12-05 13:06 . 2011-12-05 13:06 -------- d-----w- c:\documents and settings\daneelo\Dati applicazioni\Wise Registry Cleaner
2011-12-05 13:06 . 2011-12-05 13:06 -------- d-----w- c:\programmi\Wise Registry Cleaner
2011-12-04 17:17 . 2011-12-04 17:19 -------- d-----w- C:\494ec3e27223592feab5
2011-12-04 16:53 . 2011-12-04 17:14 -------- d-----w- C:\c24e2d462548d1c6bd8eca
2011-12-03 19:26 . 2011-12-03 21:18 475736 ----a-w- c:\windows\system32\drivers\7728380drv.sys
2011-12-03 19:26 . 2011-12-03 21:18 133208 ----a-w- c:\windows\system32\drivers\70436846.sys
2011-12-01 13:47 . 2011-12-01 13:47 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-11-28 20:01 . 2011-11-28 20:01 388096 ----a-r- c:\documents and settings\daneelo\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-28 19:17 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-21 20:31 . 2011-11-21 20:31 -------- d-----w- c:\programmi\The Treasures of Montezuma 3
2011-11-21 20:31 . 2011-11-21 20:31 -------- d-----w- c:\windows\The Treasures of Montezuma 3
2011-11-17 18:48 . 2011-11-21 20:30 -------- d-----w- c:\documents and settings\daneelo\Dati applicazioni\JewelMatch2
2011-11-14 17:22 . 2011-11-14 17:22 -------- d-----w- c:\documents and settings\daneelo\Dati applicazioni\BlamGames
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-08 04:50 . 2011-10-30 11:11 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-10-08 04:50 . 2011-10-30 11:10 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-10-08 04:50 . 2011-10-30 11:10 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-10-08 04:50 . 2010-07-10 03:38 65536 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-08 04:50 . 2010-07-10 03:38 2398016 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-08 04:50 . 2010-07-10 03:38 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-08 04:50 . 2010-07-10 03:38 17240064 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-08 04:50 . 2010-07-09 14:24 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-10-08 04:50 . 2010-07-09 14:24 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-08 04:50 . 2010-07-09 14:24 298304 ----a-w- c:\windows\system32\nvsvc32.exe
2011-10-08 04:50 . 2010-07-09 14:24 220992 ----a-w- c:\windows\system32\nvcolor.exe
2011-10-08 04:50 . 2010-07-09 14:24 16744256 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-08 04:50 . 2008-05-03 03:16 5595136 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-08 04:50 . 2008-05-03 03:16 4226688 ----a-w- c:\windows\system32\nv4_disp.dll
2011-10-08 04:50 . 2008-05-03 03:16 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-10-08 04:50 . 2008-05-03 03:16 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-10-08 04:50 . 2008-05-03 03:16 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-10-08 04:50 . 2008-05-03 03:16 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-10-08 04:50 . 2008-05-03 03:16 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-10-08 04:50 . 2008-05-03 03:16 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-10-08 04:50 . 2008-05-03 03:16 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-10-08 04:50 . 2008-05-03 03:16 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-10-08 04:50 . 2008-05-03 03:16 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-10-08 04:50 . 2008-05-03 03:16 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-10-08 04:50 . 2008-05-03 03:16 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-10-08 04:50 . 2008-05-03 03:16 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-10-08 04:50 . 2008-05-03 03:16 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-10-08 04:50 . 2008-05-03 03:16 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-10-08 04:50 . 2008-05-03 03:16 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-10-08 04:50 . 2008-05-03 03:16 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-10-08 04:50 . 2008-05-03 03:16 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-10-08 04:50 . 2008-05-03 03:16 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-10-08 04:50 . 2008-05-03 03:16 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-10-08 04:50 . 2008-05-03 03:16 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-10-08 04:50 . 2008-05-03 03:16 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-10-08 04:50 . 2008-05-03 03:16 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-10-08 04:50 . 2008-05-03 03:16 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-10-08 04:50 . 2008-05-03 03:16 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-10-08 04:50 . 2008-05-03 03:16 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-10-08 04:50 . 2008-05-03 03:16 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-10-08 04:50 . 2008-05-03 03:16 2449408 ----a-w- c:\windows\system32\nvapi.dll
2011-10-08 04:50 . 2008-05-03 03:16 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-10-08 04:50 . 2008-05-03 03:16 17956864 ----a-w- c:\windows\system32\nvoglnt.dll
2011-10-08 04:50 . 2008-05-03 03:16 12791488 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-10-08 04:50 . 2008-05-03 03:16 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-11-08 19:17 . 2011-04-10 15:55 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^daneelo^Menu Avvio^Programmi^Esecuzione automatica^_uninst_70436846.lnk]
path=c:\documents and settings\daneelo\Menu Avvio\Programmi\Esecuzione automatica\_uninst_70436846.lnk
backup=c:\windows\pss\_uninst_70436846.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ6setup]
rmdir [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-r- c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\programmi\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2010-08-20 11:03 33120 ----a-w- c:\programmi\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-03-25 02:50 2516296 ----a-w- c:\programmi\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2010-04-02 08:18 1185112 ----a-w- c:\programmi\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-19 13:39 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2005-11-22 16:38 221184 ----a-w- c:\programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\programmi\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]
2004-08-25 09:26 1465856 ----a-w- c:\programmi\DU Meter\DUMeter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2008-08-15 03:13 30003200 ----a-r- c:\programmi\VIA\VIAudioi\HDADeck\HDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
2005-06-08 13:44 196608 ----a-w- c:\programmi\Logitech\Video\ManifestEngine.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2005-06-08 14:24 458752 ----a-w- c:\programmi\Logitech\Video\ISStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-06-08 14:14 217088 ----a-w- c:\programmi\Logitech\Video\LogiTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-08-15 14:18 1955208 ----a-w- c:\programmi\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2005-07-19 16:32 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 16:00 449608 ----a-w- c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-10-08 04:50 16744256 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-10-08 04:50 203072 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2011-10-08 04:50 1632360 ----a-w- c:\programmi\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 03:15 421888 ----a-w- c:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 07:27 17351304 ----a-r- c:\programmi\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
2008-11-13 09:52 90112 ----a-w- c:\programmi\MAGIX\Movie_Edit_Pro_16_Plus_Download_Version\Trayserver.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Lavasoft Ad-Aware Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9b90393db5e3c"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Diskeeper"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"FirebirdServerMAGIXInstance"=3 (0x3)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"Dnscache"=3 (0x3)
"Akamai"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"StarWindServiceAE"=2 (0x2)
"SSScsiSV"=3 (0x3)
"SPTISRV"=3 (0x3)
"SonicStage Back-End Service"=3 (0x3)
"PACSPTISVR"=3 (0x3)
"ose"=3 (0x3)
"MSCSPTISRV"=3 (0x3)
"Hamachi2Svc"=2 (0x2)
"gupdatem"=3 (0x3)
"FreemakeUtilsService"=2 (0x2)
"MBAMService"=2 (0x2)
"nvUpdatusService"=3 (0x3)
"NVSvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\Free Download Manager\\fdm.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\ICQ7.2\\ICQ.exe"=
"c:\\Programmi\\ICQ7.2\\aolload.exe"=
"c:\\Documents and Settings\\daneelo\\Desktop\\TeamViewer.Full.5.0.7418\\TeamViewer Full 5.0.7418\\TeamViewer.exe"=
"c:\\Programmi\\BitTorrent\\BitTorrent.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\EasyPHP5.3.0\\apache\\bin\\apache.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\UltraVNC\\winvnc.exe"=
"c:\\Programmi\\UltraVNC\\vncviewer.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
.
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [15/10/2010 12.22.23 436792]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [28/11/2011 20.17.23 22216]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [19/02/2009 21.22.48 845184]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13.16.28 753504]
S4 gupdate1c9b90393db5e3c;Servizio di Google Update (gupdate1c9b90393db5e3c);c:\programmi\Google\Update\GoogleUpdate.exe [09/04/2009 12.08.56 133104]
S4 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [09/04/2009 12.08.56 133104]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\programmi\LogMeIn Hamachi\hamachi-2.exe [15/08/2011 15.18.10 1361288]
S4 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [28/11/2011 20.17.26 366152]
S4 nvUpdatusService;NVIDIA Update Service Daemon;c:\programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [30/10/2011 12.12.18 2253120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-11-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-09 11:08]
.
2011-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-09 11:08]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://getii.com/dvds
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Scarica con Free Download Manager - file://c:\programmi\Free Download Manager\dllink.htm
IE: Scarica i video con Free Download Manager - file://c:\programmi\Free Download Manager\dlfvideo.htm
IE: Scarica selezionati con Free Download Manager - file://c:\programmi\Free Download Manager\dlselected.htm
IE: Scarica tutto con Free Download Manager - file://c:\programmi\Free Download Manager\dlall.htm
TCP: Interfaces\{CF34E6E9-CFCC-4318-B4FC-1D917AA6FB94}: NameServer = 212.216.112.222,212.216.172.162
FF - ProfilePath - c:\documents and settings\daneelo\Dati applicazioni\Mozilla\Firefox\Profiles\auw417bx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google Italia
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - hxxp://127.0.0.1/, http://serpiredandblue.altervista.org/
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-08 14:06
Windows 5.1.2600 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|₫»Ñw*]
"0140810900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140B10900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140610900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(428)
c:\windows\system32\WININET.dll
.
Ora fine scansione: 2011-12-08 14:10:14
ComboFix-quarantined-files.txt 2011-12-08 13:10
.
Pre-Run: 43.387.142.144 byte disponibili
Post-Run: 43.373.625.344 byte disponibili
.
- - End Of File - - E90866F0B02EA35FC504B445546F24D0


TDSSKiller log



14:31:40.0468 0956 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
14:31:41.0031 0956 ============================================================
14:31:41.0031 0956 Current date / time: 2011/12/08 14:31:41.0031
14:31:41.0031 0956 SystemInfo:
14:31:41.0031 0956
14:31:41.0031 0956 OS Version: 5.1.2600 ServicePack: 2.0
14:31:41.0031 0956 Product type: Workstation
14:31:41.0031 0956 ComputerName: PC-CASA
14:31:41.0031 0956 UserName: daneelo
14:31:41.0031 0956 Windows directory: C:\WINDOWS
14:31:41.0031 0956 System windows directory: C:\WINDOWS
14:31:41.0031 0956 Processor architecture: Intel x86
14:31:41.0031 0956 Number of processors: 2
14:31:41.0031 0956 Page size: 0x1000
14:31:41.0031 0956 Boot type: Safe boot with network
14:31:41.0031 0956 ============================================================
14:31:42.0343 0956 Initialize success
14:31:47.0140 0732 ============================================================
14:31:47.0140 0732 Scan started
14:31:47.0140 0732 Mode: Manual;
14:31:47.0140 0732 ============================================================
14:31:48.0296 0732 Abiosdsk - ok
14:31:48.0406 0732 abp480n5 - ok
14:31:48.0609 0732 ACPI (ad825cb3397c837d1fb91d566d78de04) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:31:48.0609 0732 ACPI - ok
14:31:48.0781 0732 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:31:48.0781 0732 ACPIEC - ok
14:31:49.0015 0732 adpu160m - ok
14:31:49.0187 0732 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
14:31:49.0203 0732 aec - ok
14:31:49.0343 0732 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
14:31:49.0359 0732 AFD - ok
14:31:49.0468 0732 Aha154x - ok
14:31:49.0593 0732 aic78u2 - ok
14:31:49.0718 0732 aic78xx - ok
14:31:49.0843 0732 AliIde - ok
14:31:49.0937 0732 amsint - ok
14:31:50.0093 0732 asc - ok
14:31:50.0218 0732 asc3350p - ok
14:31:50.0359 0732 asc3550 - ok
14:31:50.0687 0732 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:31:50.0703 0732 AsyncMac - ok
14:31:50.0890 0732 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:31:50.0906 0732 atapi - ok
14:31:51.0046 0732 Atdisk - ok
14:31:51.0171 0732 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:31:51.0187 0732 Atmarpc - ok
14:31:51.0375 0732 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:31:51.0375 0732 audstub - ok
14:31:51.0562 0732 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:31:51.0562 0732 Beep - ok
14:31:51.0828 0732 catchme - ok
14:31:51.0984 0732 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:31:52.0015 0732 cbidf2k - ok
14:31:52.0187 0732 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:31:52.0203 0732 CCDECODE - ok
14:31:52.0343 0732 cd20xrnt - ok
14:31:52.0453 0732 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:31:52.0453 0732 Cdaudio - ok
14:31:52.0609 0732 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
14:31:52.0609 0732 Cdfs - ok
14:31:52.0796 0732 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:31:52.0812 0732 Cdrom - ok
14:31:52.0953 0732 Changer - ok
14:31:53.0156 0732 CmdIde - ok
14:31:53.0390 0732 Cpqarray - ok
14:31:53.0703 0732 dac2w2k - ok
14:31:53.0812 0732 dac960nt - ok
14:31:54.0218 0732 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
14:31:54.0218 0732 Disk - ok
14:31:54.0421 0732 dmboot (6570b4c952f0d8fee4c6ef2ff5e10c08) C:\WINDOWS\system32\drivers\dmboot.sys
14:31:54.0484 0732 dmboot - ok
14:31:54.0656 0732 dmio (c57d35621782c7f40770f3e5ca20a182) C:\WINDOWS\system32\drivers\dmio.sys
14:31:54.0671 0732 dmio - ok
14:31:54.0812 0732 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:31:54.0812 0732 dmload - ok
14:31:55.0000 0732 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
14:31:55.0000 0732 DMusic - ok
14:31:55.0140 0732 dpti2o - ok
14:31:55.0281 0732 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
14:31:55.0296 0732 drmkaud - ok
14:31:55.0453 0732 EIO_XP (0daf3544804650526751c478aeccce63) C:\WINDOWS\system32\drivers\EIO_XP.sys
14:31:55.0468 0732 EIO_XP - ok
14:31:55.0765 0732 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
14:31:55.0781 0732 Fastfat - ok
14:31:55.0937 0732 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:31:55.0953 0732 Fdc - ok
14:31:56.0078 0732 Fips (333fbbc71bdcbb46c58a3b51b3d51184) C:\WINDOWS\system32\drivers\Fips.sys
14:31:56.0078 0732 Fips - ok
14:31:56.0250 0732 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:31:56.0265 0732 Flpydisk - ok
14:31:56.0421 0732 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:31:56.0453 0732 FltMgr - ok
14:31:56.0593 0732 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:31:56.0593 0732 Fs_Rec - ok
14:31:56.0781 0732 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:31:56.0781 0732 Ftdisk - ok
14:31:56.0953 0732 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:31:56.0953 0732 Gpc - ok
14:31:57.0156 0732 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
14:31:57.0156 0732 hamachi - ok
14:31:57.0453 0732 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:31:57.0453 0732 HDAudBus - ok
14:31:57.0640 0732 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:31:57.0656 0732 hidusb - ok
14:31:57.0781 0732 hpn - ok
14:31:57.0953 0732 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
14:31:57.0984 0732 HTTP - ok
14:31:58.0125 0732 i2omgmt - ok
14:31:58.0234 0732 i2omp - ok
14:31:58.0359 0732 i8042prt (30e64dfa4efaacc8142ea07766181fb4) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:31:58.0375 0732 i8042prt - ok
14:31:58.0515 0732 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:31:58.0531 0732 Imapi - ok
14:31:58.0671 0732 ini910u - ok
14:31:58.0843 0732 IntelIde - ok
14:31:59.0015 0732 intelppm (ebc07787034bbe312020d30198a9f362) C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:31:59.0015 0732 intelppm - ok
14:31:59.0140 0732 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:31:59.0140 0732 Ip6Fw - ok
14:31:59.0328 0732 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:31:59.0359 0732 IpFilterDriver - ok
14:31:59.0531 0732 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:31:59.0531 0732 IpInIp - ok
14:31:59.0703 0732 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:31:59.0718 0732 IpNat - ok
14:31:59.0875 0732 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:31:59.0875 0732 IPSec - ok
14:32:00.0062 0732 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:32:00.0062 0732 IRENUM - ok
14:32:00.0250 0732 isapnp (ea3245a8e8758d6b84de189a5caaa75e) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:32:00.0265 0732 isapnp - ok
14:32:00.0421 0732 Kbdclass (e883ae6ea0b313e659225aa32e449ce9) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:32:00.0437 0732 Kbdclass - ok
14:32:00.0640 0732 kbdhid (24f4d51e89822c349044c28be255c8a5) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:32:00.0640 0732 kbdhid - ok
14:32:00.0812 0732 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
14:32:00.0859 0732 kmixer - ok
14:32:01.0015 0732 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
14:32:01.0031 0732 KSecDD - ok
14:32:01.0171 0732 lbrtfdc - ok
14:32:01.0375 0732 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
14:32:01.0390 0732 LVUSBSta - ok
14:32:01.0546 0732 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
14:32:01.0546 0732 MBAMProtector - ok
14:32:01.0828 0732 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:32:01.0828 0732 mnmdd - ok
14:32:02.0031 0732 Modem (b30d2db351e3191bd71232036cfe711a) C:\WINDOWS\system32\drivers\Modem.sys
14:32:02.0031 0732 Modem - ok
14:32:02.0218 0732 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
14:32:02.0328 0732 monfilt - ok
14:32:02.0500 0732 Mouclass (c458e314b8722253897c94a714c2e0c0) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:32:02.0500 0732 Mouclass - ok
14:32:02.0640 0732 mouhid (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:32:02.0656 0732 mouhid - ok
14:32:02.0828 0732 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
14:32:02.0843 0732 MountMgr - ok
14:32:02.0953 0732 mraid35x - ok
14:32:03.0125 0732 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:32:03.0140 0732 MRxDAV - ok
14:32:03.0328 0732 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:32:03.0375 0732 MRxSmb - ok
14:32:03.0687 0732 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
14:32:03.0687 0732 Msfs - ok
14:32:03.0875 0732 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:32:03.0890 0732 MSKSSRV - ok
14:32:04.0062 0732 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:32:04.0062 0732 MSPCLOCK - ok
14:32:04.0234 0732 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
14:32:04.0234 0732 MSPQM - ok
14:32:04.0406 0732 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:32:04.0406 0732 mssmbios - ok
14:32:04.0578 0732 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
14:32:04.0609 0732 MSTEE - ok
14:32:04.0781 0732 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
14:32:04.0781 0732 MTsensor - ok
14:32:04.0937 0732 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
14:32:04.0953 0732 Mup - ok
14:32:05.0109 0732 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:32:05.0140 0732 NABTSFEC - ok
14:32:05.0312 0732 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
14:32:05.0312 0732 NDIS - ok
14:32:05.0437 0732 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:32:05.0437 0732 NdisIP - ok
14:32:05.0562 0732 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:32:05.0562 0732 NdisTapi - ok
14:32:05.0718 0732 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:32:05.0718 0732 Ndisuio - ok
14:32:05.0875 0732 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:32:05.0890 0732 NdisWan - ok
14:32:06.0046 0732 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
14:32:06.0062 0732 NDProxy - ok
14:32:06.0187 0732 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:32:06.0187 0732 NetBIOS - ok
14:32:06.0359 0732 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:32:06.0375 0732 NetBT - ok
14:32:07.0046 0732 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
14:32:07.0046 0732 Npfs - ok
14:32:07.0218 0732 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
14:32:07.0250 0732 Ntfs - ok
14:32:07.0546 0732 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:32:07.0562 0732 Null - ok
14:32:08.0062 0732 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:32:08.0593 0732 nv - ok
14:32:08.0796 0732 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:32:08.0828 0732 NwlnkFlt - ok
14:32:09.0171 0732 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:32:09.0187 0732 NwlnkFwd - ok
14:32:09.0375 0732 Parport (3490ead0612bfd0e7c1b864ee24e6a4a) C:\WINDOWS\system32\drivers\Parport.sys
14:32:09.0375 0732 Parport - ok
14:32:09.0609 0732 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
14:32:09.0609 0732 PartMgr - ok
14:32:09.0875 0732 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
14:32:09.0890 0732 ParVdm - ok
14:32:10.0062 0732 PCI (91fc1d483d900b1c0600a08b871c39d5) C:\WINDOWS\system32\DRIVERS\pci.sys
14:32:10.0078 0732 PCI - ok
14:32:10.0218 0732 PCIDump - ok
14:32:10.0375 0732 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:32:10.0406 0732 PCIIde - ok
14:32:10.0578 0732 Pcmcia (28f3538a2091993a03506311a05053e8) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:32:10.0609 0732 Pcmcia - ok
14:32:10.0750 0732 PDCOMP - ok
14:32:10.0875 0732 PDFRAME - ok
14:32:11.0000 0732 PDRELI - ok
14:32:11.0125 0732 PDRFRAME - ok
14:32:11.0234 0732 perc2 - ok
14:32:11.0375 0732 perc2hib - ok
14:32:11.0812 0732 PID_0928 (5bd2c6d982481d548107c602e7ccfbbc) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
14:32:11.0859 0732 PID_0928 - ok
14:32:12.0281 0732 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:32:12.0281 0732 PptpMiniport - ok
14:32:12.0468 0732 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
14:32:12.0468 0732 PSched - ok
14:32:12.0609 0732 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:32:12.0625 0732 Ptilink - ok
14:32:12.0750 0732 ql1080 - ok
14:32:12.0890 0732 Ql10wnt - ok
14:32:13.0015 0732 ql12160 - ok
14:32:13.0281 0732 ql1240 - ok
14:32:13.0546 0732 ql1280 - ok
14:32:13.0750 0732 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:32:13.0750 0732 RasAcd - ok
14:32:13.0937 0732 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:32:13.0953 0732 Rasl2tp - ok
14:32:14.0140 0732 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:32:14.0140 0732 RasPppoe - ok
14:32:14.0296 0732 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:32:14.0296 0732 Raspti - ok
14:32:14.0468 0732 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:32:14.0484 0732 Rdbss - ok
14:32:14.0656 0732 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:32:14.0656 0732 RDPCDD - ok
14:32:14.0828 0732 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:32:14.0843 0732 rdpdr - ok
14:32:15.0031 0732 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
14:32:15.0031 0732 RDPWD - ok
14:32:15.0218 0732 redbook (a8eee004a16af1d583d9de9f6de250e0) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:32:15.0234 0732 redbook - ok
14:32:15.0546 0732 RTLE8023xp (b52b25f41bf3511071a0e7d10d659c56) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
14:32:15.0562 0732 RTLE8023xp - ok
14:32:16.0109 0732 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:32:16.0140 0732 Secdrv - ok
14:32:16.0468 0732 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:32:16.0468 0732 serenum - ok
14:32:16.0640 0732 Serial (dbab3260e7eb3398cb87267d1410fad4) C:\WINDOWS\system32\DRIVERS\serial.sys
14:32:16.0656 0732 Serial - ok
14:32:16.0984 0732 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:32:16.0984 0732 Sfloppy - ok
14:32:17.0156 0732 Simbad - ok
14:32:17.0312 0732 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:32:17.0312 0732 SLIP - ok
14:32:17.0515 0732 Sparrow - ok
14:32:17.0687 0732 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
14:32:17.0703 0732 splitter - ok
14:32:17.0937 0732 sptd (a199171385be17973fd800fa91f8f78a) C:\WINDOWS\system32\Drivers\sptd.sys
14:32:18.0015 0732 sptd - ok
14:32:18.0187 0732 sr (896f566afc498077172eae8a50e8baf8) C:\WINDOWS\system32\DRIVERS\sr.sys
14:32:18.0187 0732 sr - ok
14:32:18.0359 0732 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
14:32:18.0375 0732 Srv - ok
14:32:18.0671 0732 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:32:18.0671 0732 streamip - ok
14:32:18.0859 0732 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:32:18.0875 0732 swenum - ok
14:32:19.0156 0732 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
14:32:19.0156 0732 swmidi - ok
14:32:19.0281 0732 symc810 - ok
14:32:19.0406 0732 symc8xx - ok
14:32:19.0531 0732 sym_hi - ok
14:32:19.0625 0732 sym_u3 - ok
14:32:19.0750 0732 SynasUSB - ok
14:32:19.0921 0732 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
14:32:19.0937 0732 sysaudio - ok
14:32:20.0140 0732 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:32:20.0171 0732 Tcpip - ok
14:32:20.0359 0732 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:32:20.0375 0732 TDPIPE - ok
14:32:20.0531 0732 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
14:32:20.0531 0732 TDTCP - ok
14:32:20.0687 0732 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:32:20.0687 0732 TermDD - ok
14:32:21.0156 0732 TosIde - ok
14:32:21.0421 0732 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
14:32:21.0421 0732 Udfs - ok
14:32:21.0562 0732 ultra - ok
14:32:21.0734 0732 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
14:32:21.0734 0732 Update - ok
14:32:22.0062 0732 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:32:22.0062 0732 usbccgp - ok
14:32:22.0218 0732 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:32:22.0218 0732 usbehci - ok
14:32:22.0390 0732 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:32:22.0390 0732 usbhub - ok
14:32:22.0546 0732 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:32:22.0546 0732 usbprint - ok
14:32:22.0734 0732 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:32:22.0781 0732 usbscan - ok
14:32:22.0968 0732 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:32:22.0984 0732 USBSTOR - ok
14:32:23.0125 0732 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:32:23.0125 0732 usbuhci - ok
14:32:23.0296 0732 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
14:32:23.0296 0732 VgaSave - ok
14:32:23.0531 0732 VIAHdAudAddService (51b24990850076f659d1d1daefbed6f1) C:\WINDOWS\system32\drivers\viahduaa.sys
14:32:23.0562 0732 VIAHdAudAddService - ok
14:32:23.0687 0732 ViaIde - ok
14:32:23.0812 0732 VolSnap (698869e82c57169f2140c04a272bf12b) C:\WINDOWS\system32\drivers\VolSnap.sys
14:32:23.0812 0732 VolSnap - ok
14:32:24.0281 0732 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:32:24.0281 0732 Wanarp - ok
14:32:24.0421 0732 WDICA - ok
14:32:24.0562 0732 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
14:32:24.0578 0732 wdmaud - ok
14:32:25.0484 0732 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:32:25.0500 0732 WSTCODEC - ok
14:32:25.0671 0732 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:32:25.0687 0732 WudfPf - ok
14:32:25.0843 0732 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:32:25.0843 0732 WudfRd - ok
14:32:26.0171 0732 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
14:32:26.0312 0732 \Device\Harddisk0\DR0 - ok
14:32:26.0359 0732 Boot (0x1200) (5ef55b954e8a0acb00309d817c1bdd58) \Device\Harddisk0\DR0\Partition0
14:32:26.0375 0732 \Device\Harddisk0\DR0\Partition0 - ok
14:32:26.0390 0732 ============================================================
14:32:26.0390 0732 Scan finished
14:32:26.0390 0732 ============================================================
14:32:26.0406 0664 Detected object count: 0
14:32:26.0406 0664 Actual detected object count: 0
14:32:40.0359 2016 Deinitialize success


aswMBR log

Fix button was disabled


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-08 14:35:55
-----------------------------
14:35:55.781 OS Version: Windows 5.1.2600 Service Pack 2
14:35:55.781 Number of processors: 2 586 0x170A
14:35:55.781 ComputerName: PC-CASA UserName: daneelo
14:35:57.750 Initialize success
14:36:36.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-16
14:36:36.812 Disk 0 Vendor: MAXTOR_STM3160215AS 3.AAD Size: 152627MB BusType: 3
14:36:38.906 Disk 0 MBR read successfully
14:36:38.921 Disk 0 MBR scan
14:36:38.921 Disk 0 Windows XP default MBR code
14:36:38.937 Disk 0 scanning sectors +312560640
14:36:39.031 Disk 0 scanning C:\WINDOWS\system32\drivers
14:36:47.234 Service scanning
14:36:50.703 Modules scanning
14:37:02.515 Scan finished successfully
14:37:13.718 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\daneelo\Desktop\MBR.dat"
14:37:13.718 The log file has been saved successfully to "C:\Documents and Settings\daneelo\Desktop\aswMBR.txt"


Malwarebytes' Anti-Malware log

the first time the program was tryin to update after installation, somehing related to this software crashed and system alerted me; then the program opened and i updated it with no problems


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Versione database: 8333

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

08/12/2011 15.18.08
mbam-log-2011-12-08 (15-18-08).txt

Tipo di scansione: Scansione veloce
Elementi esaminati: 217990
Tempo impiegato: 4 minuti, 41 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 0

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
(Non sono stati rilevati elementi nocivi)


OTL log

OTL logfile created on: 08/12/2011 15.42.39 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\daneelo\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 83,50% Memory free
7,24 Gb Paging File | 6,95 Gb Available in Paging File | 96,10% Paging File free
Paging file location(s): C:\pagefile.sys 4500 9000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 149,04 Gb Total Space | 40,40 Gb Free Space | 27,11% Space Free | Partition Type: NTFS

Computer Name: PC-CASA | User Name: daneelo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\daneelo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Programmi\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\pdfshell.ITA ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\QWrite.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service) -- C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (nvUpdatusService) -- C:\Programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (MBAMService) -- C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Hamachi2Svc) -- C:\Programmi\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (StarWindServiceAE) -- C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (SSScsiSV) -- C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Programmi\File comuni\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (Diskeeper) -- C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (IDriverT) -- C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (EIO_XP) -- C:\WINDOWS\system32\drivers\EIO_XP.sys (ASUSTeK Computer Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://getii.com/dvds
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Search-Results"
FF - prefs.js..browser.search.defaultenginename: "Search-Results"
FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search-Results"
FF - prefs.js..browser.search.selectedEngine: "Google Italia"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.it/"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: [email protected]:0.76
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {8be51513-0433-45c1-9203-7b45019df871}:1.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.3.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..extensions.enabledItems: {86FA6F53-95FE-7A69-D8C3-E1454281F8B6}:3.5.3
FF - prefs.js..extensions.enabledItems: {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.20100123
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.6.3
FF - prefs.js..extensions.enabledItems: [email protected]:3.6
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2653012&q="
FF - prefs.js..network.proxy.type: 0

FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port:
FF - user.js..network.proxy.no_proxies_on: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Programmi\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programmi\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programmi\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Programmi\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programmi\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Programmi\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Programmi\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmi\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Programmi\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011/10/10 11.36.57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2011/11/08 20.17.22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2011/06/20 10.44.49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Programmi\Mozilla Thunderbird\components [2011/08/26 16.39.18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Programmi\Mozilla Thunderbird\plugins [2011/06/20 10.44.50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Programmi\Veoh Networks\VeohWebPlayer\FFVideoFinder

[2010/07/11 14.20.45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Extensions
[2010/07/11 14.20.45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/11/30 12.27.27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Firefox\Profiles\auw417bx.default\extensions
[2010/03/26 14.12.46 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Firefox\Profiles\auw417bx.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/02/03 16.07.10 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Firefox\Profiles\auw417bx.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
[2011/11/30 12.27.27 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Firefox\Profiles\auw417bx.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/11/13 18.56.55 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Firefox\Profiles\auw417bx.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/10/20 14.00.51 | 000,000,000 | ---D | M] (printpdf) -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Firefox\Profiles\auw417bx.default\extensions\[email protected]
[2011/04/08 13.26.34 | 000,000,000 | ---D | M] (QuickDrag) -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Firefox\Profiles\auw417bx.default\extensions\[email protected]
[2010/09/12 16.32.04 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Firefox\Profiles\auw417bx.default\searchplugins\conduit.xml
[2011/12/03 13.14.20 | 000,002,452 | ---- | M] () -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Firefox\Profiles\auw417bx.default\searchplugins\google-italia.xml
[2011/11/08 20.17.36 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DANEELO\DATI APPLICAZIONI\MOZILLA\FIREFOX\PROFILES\AUW417BX.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DANEELO\DATI APPLICAZIONI\MOZILLA\FIREFOX\PROFILES\AUW417BX.DEFAULT\EXTENSIONS\{75CEEE46-9B64-46F8-94BF-54012DE155F0}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DANEELO\DATI APPLICAZIONI\MOZILLA\FIREFOX\PROFILES\AUW417BX.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DANEELO\DATI APPLICAZIONI\MOZILLA\FIREFOX\PROFILES\AUW417BX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DANEELO\DATI APPLICAZIONI\MOZILLA\FIREFOX\PROFILES\AUW417BX.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DANEELO\DATI APPLICAZIONI\MOZILLA\FIREFOX\PROFILES\AUW417BX.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DANEELO\DATI APPLICAZIONI\MOZILLA\FIREFOX\PROFILES\AUW417BX.DEFAULT\EXTENSIONS\[email protected]
[2011/11/08 20.17.22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programmi\mozilla firefox\components\browsercomps.dll
[2010/11/12 18.53.06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/02 12.29.23 | 000,002,252 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\bing.xml
[2009/11/03 03.26.39 | 000,001,412 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\demauro.xml
[2011/10/02 12.29.23 | 000,000,744 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\eBay-it.xml
[2011/10/02 12.29.23 | 000,000,825 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\hoepli.xml
[2011/10/02 12.29.23 | 000,001,182 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\wikipedia-it.xml
[2011/10/02 12.29.23 | 000,000,953 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2011/12/08 12.05.27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programmi\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programmi\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Scarica con Free Download Manager - C:\Programmi\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Scarica i video con Free Download Manager - C:\Programmi\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - C:\Programmi\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Scarica tutto con Free Download Manager - C:\Programmi\Free Download Manager\dlall.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programmi\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programmi\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll File not found
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF34E6E9-CFCC-4318-B4FC-1D917AA6FB94}: NameServer = 212.216.112.222,212.216.172.162
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/19 21.02.28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/08 14.43.28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes' Anti-Malware
[2011/12/08 14.43.23 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/08 14.12.59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/08 14.10.18 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/12/08 13.54.40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/08 13.54.40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/08 13.54.40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/08 13.54.27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/08 13.53.21 | 004,331,784 | R--- | C] (Swearware) -- C:\Documents and Settings\daneelo\Desktop\ComboFix.exe
[2011/12/08 11.35.02 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/06 19.15.48 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2011/12/06 19.15.48 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2011/12/06 19.15.46 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2011/12/06 19.15.45 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2011/12/06 19.15.27 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2011/12/06 19.15.27 | 000,035,402 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2011/12/06 19.15.23 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2011/12/06 19.15.18 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2011/12/06 19.15.10 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2011/12/06 19.15.10 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2011/12/06 19.15.10 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2011/12/06 19.15.08 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2011/12/06 19.15.07 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2011/12/06 19.15.07 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2011/12/06 19.15.06 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2011/12/06 19.15.03 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2011/12/06 19.15.02 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2011/12/06 19.15.01 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2011/12/06 19.15.01 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2011/12/06 19.14.57 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2011/12/06 19.14.54 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2011/12/06 19.14.53 | 000,216,576 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2011/12/06 19.14.53 | 000,212,480 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2011/12/06 19.14.48 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2011/12/06 19.14.48 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2011/12/06 19.14.48 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2011/12/06 19.14.48 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2011/12/06 19.14.48 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2011/12/06 19.14.47 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2011/12/06 19.14.43 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2011/12/06 19.14.42 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2011/12/06 19.14.42 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2011/12/06 19.14.41 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2011/12/06 19.14.40 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2011/12/06 19.14.40 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2011/12/06 19.14.37 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2011/12/06 19.14.36 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2011/12/06 19.14.32 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2011/12/06 19.14.31 | 000,286,816 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2011/12/06 19.14.31 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2011/12/06 19.14.31 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2011/12/06 19.14.28 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2011/12/06 19.14.23 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2011/12/06 19.14.16 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2011/12/06 19.14.16 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2011/12/06 19.14.15 | 000,036,937 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2011/12/06 19.14.15 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2011/12/06 19.14.15 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2011/12/06 19.14.07 | 000,095,050 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2011/12/06 19.14.07 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2011/12/06 19.14.07 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2011/12/06 19.14.06 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2011/12/06 19.13.59 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2011/12/06 19.13.59 | 000,161,792 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2011/12/06 19.13.59 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2011/12/06 19.13.59 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2011/12/06 19.13.53 | 000,017,536 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2011/12/06 19.13.51 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2011/12/06 19.13.51 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2011/12/06 19.13.49 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2011/12/06 19.13.49 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2011/12/06 19.13.49 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2011/12/06 19.13.49 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2011/12/06 19.13.48 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2011/12/06 19.13.48 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2011/12/06 19.13.48 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2011/12/06 19.13.48 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2011/12/06 19.13.48 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2011/12/06 19.13.46 | 000,083,456 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2011/12/06 19.13.46 | 000,080,896 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2011/12/06 19.13.45 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2011/12/06 19.13.45 | 000,025,088 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2011/12/06 19.13.42 | 000,010,752 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2011/12/06 19.13.40 | 000,079,360 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2011/12/06 19.13.39 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2011/12/06 19.13.38 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2011/12/06 19.13.28 | 000,899,754 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2011/12/06 19.13.28 | 000,715,338 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2011/12/06 19.13.23 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2011/12/06 19.13.23 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2011/12/06 19.13.23 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2011/12/06 19.13.21 | 000,016,384 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2011/12/06 19.13.10 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2011/12/06 19.13.09 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2011/12/06 19.13.08 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2011/12/06 19.13.08 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2011/12/06 19.13.02 | 000,054,826 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2011/12/06 19.13.02 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2011/12/06 19.13.01 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2011/12/06 19.12.48 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2011/12/06 19.12.39 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2011/12/06 19.12.39 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2011/12/06 19.12.37 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2011/12/06 19.12.33 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2011/12/06 19.12.33 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2011/12/06 19.12.31 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2011/12/06 19.12.31 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2011/12/06 19.12.31 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2011/12/06 19.12.30 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2011/12/06 19.12.30 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2011/12/06 19.12.30 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2011/12/06 19.12.29 | 000,076,544 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2011/12/06 19.12.29 | 000,022,144 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2011/12/06 19.12.29 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2011/12/06 19.12.29 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2011/12/06 19.12.29 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2011/12/06 19.12.02 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2011/12/06 19.11.44 | 000,165,034 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2011/12/06 19.11.38 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2011/12/06 19.11.38 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2011/12/06 19.11.37 | 000,728,394 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2011/12/06 19.11.37 | 000,607,292 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2011/12/06 19.11.37 | 000,577,322 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2011/12/06 19.11.37 | 000,422,272 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2011/12/06 19.11.34 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2011/12/06 19.11.34 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2011/12/06 19.11.34 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2011/12/06 19.11.33 | 000,015,872 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2011/12/06 19.11.32 | 000,026,986 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2011/12/06 19.11.31 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2011/12/06 19.11.10 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2011/12/06 19.10.50 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2011/12/06 19.10.24 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2011/12/06 19.10.23 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2011/12/06 19.10.17 | 000,082,688 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2011/12/06 19.10.17 | 000,028,416 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2011/12/06 19.10.16 | 000,017,536 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2011/12/06 19.10.13 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2011/12/06 19.10.07 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2011/12/06 19.10.07 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2011/12/06 19.10.05 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2011/12/06 19.10.04 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2011/12/06 19.10.04 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2011/12/06 19.10.02 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2011/12/06 19.09.57 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2011/12/06 19.09.56 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2011/12/06 19.09.56 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2011/12/06 19.09.36 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2011/12/06 19.09.33 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2011/12/06 19.09.30 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2011/12/06 19.09.29 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2011/12/06 19.09.29 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2011/12/06 19.09.28 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2011/12/06 19.09.28 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2011/12/06 19.09.28 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2011/12/06 19.09.26 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2011/12/06 19.09.22 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2011/12/06 19.09.21 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2011/12/06 19.09.20 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2011/12/06 19.09.13 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011/12/06 19.09.12 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2011/12/06 19.09.12 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011/12/06 19.09.12 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011/12/06 19.09.12 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011/12/06 19.09.12 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011/12/06 19.09.12 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2011/12/06 19.09.11 | 000,251,392 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011/12/06 19.09.08 | 000,216,576 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2011/12/06 19.09.00 | 000,020,992 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011/12/06 19.08.56 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2011/12/06 19.08.51 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2011/12/06 19.08.50 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2011/12/06 19.08.50 | 000,022,556 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2011/12/06 19.08.50 | 000,022,556 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2011/12/06 19.08.50 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2011/12/06 19.08.49 | 000,715,338 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2011/12/06 19.08.48 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2011/12/06 19.08.48 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2011/12/06 19.08.48 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2011/12/06 19.08.47 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2011/12/06 19.08.47 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2011/12/06 19.08.28 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011/12/06 19.08.28 | 000,039,680 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/12/06 19.08.28 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011/12/06 19.08.28 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011/12/06 19.08.28 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011/12/06 19.08.28 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011/12/06 19.08.28 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011/12/06 19.08.27 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011/12/06 19.08.26 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011/12/06 19.08.26 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011/12/06 19.08.26 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011/12/06 19.08.26 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011/12/06 19.08.25 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011/12/06 19.08.25 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011/12/06 19.08.25 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011/12/06 19.08.25 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011/12/06 19.08.24 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011/12/06 19.08.24 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011/12/06 19.08.22 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/12/06 19.08.20 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011/12/06 19.08.20 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/12/06 19.08.20 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011/12/06 19.08.20 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/12/06 19.08.20 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011/12/06 19.08.19 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011/12/06 19.08.19 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/12/06 19.07.58 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/12/06 19.07.53 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011/12/06 19.07.40 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/12/06 19.07.39 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011/12/06 19.07.37 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011/12/06 19.07.37 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011/12/06 19.07.37 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011/12/06 19.07.36 | 000,061,952 | ---- | C] (Scanner piano a colori) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011/12/06 19.07.30 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/12/06 19.07.29 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011/12/06 19.07.28 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/12/06 19.07.28 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/12/06 19.07.28 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/12/05 14.06.30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daneelo\Dati applicazioni\Wise Registry Cleaner
[2011/12/05 14.06.21 | 000,000,000 | ---D | C] -- C:\Programmi\Wise Registry Cleaner
[2011/12/05 14.06.21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Wise Registry Cleaner
[2011/12/04 18.17.46 | 000,000,000 | ---D | C] -- C:\494ec3e27223592feab5
[2011/12/04 17.53.45 | 000,000,000 | ---D | C] -- C:\c24e2d462548d1c6bd8eca
[2011/12/02 13.36.49 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\daneelo\Desktop\OTL.exe
[2011/12/01 18.10.44 | 000,636,728 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\daneelo\Desktop\autoruns.exe
[2011/11/30 13.08.48 | 003,022,624 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\daneelo\Desktop\Procmon.exe
[2011/11/28 21.01.39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daneelo\Menu Avvio\Programmi\HiJackThis
[2011/11/28 18.52.21 | 004,845,856 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\daneelo\Desktop\procexp.exe
[2011/11/28 14.22.49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/28 13.26.00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\daneelo\Recent
[2011/11/23 18.39.39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Google Earth
[2011/11/21 21.31.32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daneelo\Menu Avvio\Programmi\The Treasures of Montezuma 3
[2011/11/21 21.31.14 | 000,000,000 | ---D | C] -- C:\WINDOWS\The Treasures of Montezuma 3
[2011/11/21 21.31.14 | 000,000,000 | ---D | C] -- C:\Programmi\The Treasures of Montezuma 3
[2011/11/17 19.48.53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daneelo\Dati applicazioni\JewelMatch2
[2011/11/16 21.26.13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daneelo\Menu Avvio\Programmi\Alawar Games
[2011/11/14 18.22.56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daneelo\Dati applicazioni\BlamGames
[2011/11/10 12.29.20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daneelo\Documenti\Working Folder 0
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/08 15.39.44 | 000,085,955 | ---- | M] () -- C:\Documents and Settings\daneelo\Desktop\diskmgmt.JPG
[2011/12/08 15.36.20 | 000,001,130 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/08 15.03.07 | 000,001,126 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/08 15.02.45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/08 14.43.28 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/08 14.37.13 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\daneelo\Desktop\MBR.dat
[2011/12/08 13.53.40 | 004,331,784 | R--- | M] (Swearware) -- C:\Documents and Settings\daneelo\Desktop\ComboFix.exe
[2011/12/08 13.46.35 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\daneelo\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/08 12.05.27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/05 14.06.21 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
[2011/12/04 15.15.28 | 000,000,307 | -HS- | M] () -- C:\boot.ini
[2011/12/02 20.39.43 | 000,756,952 | ---- | M] () -- C:\Documents and Settings\daneelo\Desktop\sys97652.exe
[2011/12/02 20.35.08 | 000,002,429 | ---- | M] () -- C:\Documents and Settings\daneelo\Desktop\HiJackThis.lnk
[2011/12/02 13.36.50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\daneelo\Desktop\OTL.exe
[2011/12/01 21.39.46 | 000,059,392 | R--- | M] () -- C:\WINDOWS\System32\streamhlp.dll
[2011/12/01 18.59.59 | 000,002,885 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/11/28 13.59.20 | 000,000,050 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/11/27 21.46.58 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/27 21.44.07 | 000,001,148 | -H-- | M] () -- C:\Documents and Settings\daneelo\Documenti\Default.rdp
[2011/11/23 13.14.01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/21 21.31.32 | 000,001,783 | ---- | M] () -- C:\Documents and Settings\daneelo\Desktop\The Treasures of Montezuma 3.lnk
[2011/11/09 13.15.34 | 000,636,728 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\daneelo\Desktop\autoruns.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/08 15.39.44 | 000,085,955 | ---- | C] () -- C:\Documents and Settings\daneelo\Desktop\diskmgmt.JPG
[2011/12/08 14.43.28 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/08 14.37.13 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\daneelo\Desktop\MBR.dat
[2011/12/08 13.54.40 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/08 13.54.40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/08 13.54.40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/08 13.54.40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/08 13.54.40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/06 19.15.48 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2011/12/06 19.15.47 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2011/12/06 19.13.22 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2011/12/06 19.13.21 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2011/12/06 19.13.02 | 000,044,361 | ---- | C] () -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2011/12/06 19.12.07 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2011/12/06 19.10.24 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2011/12/06 19.10.24 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2011/12/06 19.10.23 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2011/12/06 19.10.23 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2011/12/06 19.10.23 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2011/12/06 19.09.29 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2011/12/06 19.09.29 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2011/12/06 19.09.28 | 000,031,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2011/12/06 19.09.28 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2011/12/06 19.08.13 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/12/06 19.08.13 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011/12/06 19.08.12 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/12/06 19.08.11 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/12/06 19.08.10 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/12/06 19.08.10 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/12/06 19.08.10 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/12/06 19.08.10 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011/12/06 19.08.10 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/12/06 19.08.05 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011/12/05 14.06.21 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
[2011/12/02 20.39.32 | 000,756,952 | ---- | C] () -- C:\Documents and Settings\daneelo\Desktop\sys97652.exe
[2011/12/01 21.39.36 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2011/11/28 21.01.40 | 000,002,429 | ---- | C] () -- C:\Documents and Settings\daneelo\Desktop\HiJackThis.lnk
[2011/11/28 13.59.20 | 000,000,050 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/11/21 21.31.32 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\daneelo\Desktop\The Treasures of Montezuma 3.lnk
[2011/10/30 12.10.04 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/10/13 11.53.25 | 001,689,402 | ---- | C] () -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\WPFFontCache_v0400-S-1-5-21-1482476501-1390067357-839522115-1003-0.dat
[2011/10/13 11.53.24 | 000,530,162 | ---- | C] () -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\WPFFontCache_v0400-System.dat
[2011/06/20 11.35.19 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/01/22 12.30.36 | 000,000,350 | ---- | C] () -- C:\WINDOWS\Vx4SLPlayer.INI
[2010/12/02 01.21.55 | 000,020,682 | ---- | C] () -- C:\Documents and Settings\daneelo\Dati applicazioni\com.koingosw.AlarmClockPro.xml
[2010/10/03 17.52.33 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/03 17.52.27 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/03 17.52.27 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/08/11 19.55.13 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/07/10 04.38.00 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/03/21 20.32.27 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2010/03/21 20.32.04 | 000,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2010/03/01 20.09.29 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\RfT_R.DAT
[2009/11/14 18.19.50 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\daneelo\Impostazioni locali\Dati applicazioni\fusioncache.dat
[2009/07/13 14.08.09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/12 19.02.49 | 000,000,669 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2009/05/05 19.22.10 | 000,003,246 | ---- | C] () -- C:\WINDOWS\jsgkxz32.ini
[2009/04/10 16.05.47 | 000,064,000 | ---- | C] () -- C:\WINDOWS\System32\esfw41.bin
[2009/03/13 13.24.18 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/24 13.31.06 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2009/02/23 15.13.12 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2009/02/23 15.13.03 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/02/20 00.53.16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/02/20 00.41.12 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\daneelo\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/19 21.54.09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/02/19 21.50.52 | 002,588,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/19 21.19.23 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/02/19 21.19.16 | 000,027,739 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/02/19 21.19.16 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/02/19 21.04.42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/02/19 20.58.49 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/27 15.18.20 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\lwel-manifest.dll
[2008/05/03 04.16.00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/03/01 22.10.20 | 000,000,144 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2008/02/08 17.03.43 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\RegisterDialog.dll
[2004/08/19 14.52.50 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/02 13.20.40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/10/15 23.54.04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/08/31 12.00.00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/31 12.00.00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/31 12.00.00 | 000,552,180 | ---- | C] () -- C:\WINDOWS\System32\perfh010.dat
[2001/08/31 12.00.00 | 000,501,382 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/31 12.00.00 | 000,300,212 | ---- | C] () -- C:\WINDOWS\System32\perfi010.dat
[2001/08/31 12.00.00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/31 12.00.00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/31 12.00.00 | 000,103,538 | ---- | C] () -- C:\WINDOWS\System32\perfc010.dat
[2001/08/31 12.00.00 | 000,087,288 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/31 12.00.00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/31 12.00.00 | 000,034,004 | ---- | C] () -- C:\WINDOWS\System32\perfd010.dat
[2001/08/31 12.00.00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/31 12.00.00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/31 12.00.00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/08/21 11.43.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Alawar Stargaze
[2009/12/13 18.03.47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AlawarWrapper
[2009/02/20 19.08.40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Azureus
[2011/09/13 12.55.32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonBJ
[2011/09/13 13.10.29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonEPP
[2011/09/13 13.10.29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonIJEPPEX2
[2011/09/13 13.06.21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonIJMSetup
[2011/09/13 12.57.33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonIJSetup000
[2011/09/13 13.05.43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonIJWSpt
[2011/05/25 13.04.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Elephant Games
[2009/02/20 01.33.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\FreeDownloadManager.ORG
[2011/10/10 11.36.57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Freemake
[2009/11/16 20.53.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Hagel Technologies
[2010/09/19 12.50.14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\MAGIX
[2009/10/30 17.40.51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
[2011/03/10 17.48.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\MumboJumbo
[2009/05/10 23.38.48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\PaperlessPrinter Data
[2011/06/09 12.48.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\PlayPond
[2011/11/05 15.50.07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\regid.1986-12.com.adobe
[2010/05/28 13.58.33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\SafeNet Sentinel
[2011/12/04 15.00.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Screentime
[2011/02/11 20.50.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\SmartSound Software Inc
[2009/03/10 14.47.50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Syncrosoft
[2011/06/08 13.37.44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Top Evidence
[2009/08/12 12.19.25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/09/13 14.04.59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Acoustica
[2011/08/17 11.12.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Alawar Entertainment
[2011/08/21 11.43.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Alawar Stargaze
[2011/09/08 19.57.40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Artifex Mundi
[2009/04/24 23.18.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Artisteer
[2011/06/05 12.27.12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Artogon
[2011/10/10 12.57.12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\avidemux
[2011/03/07 13.40.31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Azureus
[2011/01/08 19.52.35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Big Fish Games
[2011/12/01 18.57.01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\BitTorrent
[2011/11/14 18.22.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\BlamGames
[2009/10/27 20.51.42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Blender Foundation
[2011/08/21 12.43.14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Blue Tea Games
[2011/07/13 15.12.22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Boolat Games
[2011/09/13 13.39.49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Canon
[2011/09/13 13.19.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\CD-LabelPrint
[2009/05/03 18.12.24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\CoSoSys
[2011/03/17 13.00.10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\CursedOnboard
[2011/05/18 18.22.31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\DailyMagic
[2011/10/30 11.57.32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\DieselPuppet
[2011/06/02 12.09.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\EleFun Games
[2011/02/20 17.22.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Elephant Games
[2009/04/10 16.18.00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\EPSON
[2011/04/09 16.29.42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\ERS G-Studio
[2011/10/14 18.36.13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\ERS Game Studios
[2011/11/09 22.06.21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\FileZilla
[2010/09/11 14.47.42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\fltk.org
[2011/04/10 13.55.13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Free Download Manager
[2011/11/16 21.27.05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Friday's games
[2011/08/21 16.42.58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\GameInvest
[2011/06/20 11.35.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Ghost Ship Studios
[2011/09/19 12.00.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\gtk-2.0
[2010/12/18 21.21.57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\HdO Adventure
[2011/01/25 20.25.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\ICQ
[2010/10/18 10.36.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Icu2
[2011/11/21 21.30.32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\JewelMatch2
[2010/01/11 17.21.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Leadertech
[2011/06/30 19.09.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\LestaStudio
[2010/09/19 12.51.20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\MAGIX
[2011/01/12 13.34.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Namco
[2009/03/23 19.20.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Opera
[2010/01/30 20.45.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Orbit
[2011/03/07 13.56.45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Phantasmat_bf_ce1
[2009/12/13 18.05.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Playrix Entertainment
[2009/03/09 20.28.42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Steinberg
[2010/05/28 18.33.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\SynthEyes
[2010/07/17 19.50.20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\TeamViewer
[2010/07/11 14.20.41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Thunderbird
[2011/06/08 13.37.44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Top Evidence
[2011/07/09 13.14.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\VampireSagaHL
[2011/09/16 19.38.00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Vast Studios
[2011/07/21 11.55.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Vogat Interactive
[2010/11/07 15.33.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\VoipCheapCom
[2011/12/05 14.06.48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Wise Registry Cleaner

========== Purity Check ==========



< End of report >


In the attachment there is the screengrab of the disk management.
I hope i've done everything in the right way...

Attached Thumbnails

  • diskmgmt.JPG

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,700 posts
  • MVP
Uninstall:
Java™ 6 Update 23 -obsolete get latest at java.com
Adobe Flash Player 10 Plugin -obsolete get latest at adobe.com
Adobe Reader 9.4.6 - Italiano -obsolete get latest at adobe.com

BitTorrent -P2P dangerous
Free Download Manager 3.0 -not needed
Messenger Plus! 5 -untrustworthy
eMule -P2P dangerous
JDownloader 0.9 -not needed

First time I've ever seen sptd not raise a flag on both TDSSKiller and aswMBR so I don't trust it.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\system32\drivers\sptd.sys

Driver::
sptd


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.

Run aswMBR.exe again
DO NOT uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Download

http://ad13.geekstogo.com/MBRCheck.exe

Save it and run it. It will produce a log MBRCheck(date).txt on your desktop. Copy and paste it into a reply.

Run OTL Quickscan and post the log.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe (This may not work in Italian. If it tells you it doesn't like Italian then go back into the event logs, System and right click and Clear All Events but this time answer Yes and save the log to your desktop as systemlog. Repeat for Applications but call it Applog. Zip up both files into one archive and attach them to the next post. Hopefully they aren't too big. Then skip down to Process Explorer.)

3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.


Ron
  • 0

#5
DaNeeLo

DaNeeLo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Hi Ron!...and sorry for my late reply, but i'm havin sone issue with some steps...
I've done everything you asked me to do, except sigverifand the scan with speccy, i explain the details:

I've runned sigverif both in normal than in safe boot, it started but got stuck during the "Creation of the file list" (i translated it from italian): it stands in that mode for a long time, and even if i click to stop it, it doesnt respond (i have to kill it via task manager).

In normal mode, i've downloaded Speccy and started the installation, but it got stuck, so i couldnt complete the installation; i rebooted in safe mode and this time the installation was ok but, naturally, if i start the program it cant give me any information about the system, since not all the drivers has been loaded; so i rebooted in normal mode and started Speccy, the program read all my system specifications, but now it's stucked in the reading of the graphic card. Now i'm typin from another pc, but in the Speccy windows (still tryin to finish the analysis), i see that the CPU temperature is 74C°, and the mainboard temperature is 76C° (i dont know if you use Celsius or Fahreneit scale, mine is Celsius).
Now i have to go back to work, but once i'm back i'll post the logs you asked me to do...
Thanx again for your help!
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,700 posts
  • MVP
Don't worry about sigverif then.

76 is too high. We normally look for about 50 or below on a laptop. 40 or below on a desktop.
The CPU knows when it is getting too hot and will slow down to a crawl in order to run cooler.

If a desktop: Turn it off but leave it plugged up to the wall outlet. Open the case and vacuum out all of the dust. A soft brush is helpful. Pay special attention to the heatsink over the CPU. You may need to remove the fan (usually four screws) and set it aside without disconnecting it. (Put the fan back when done.) With the case still open, turn on the PC. The fan for the CPU should start quickly and run strongly and quietly. If not then time for a new fan.

If it's a laptop:

Vacuum around the vents. Make sure the laptop is on a hard service and the vents are not blocked. Place a book under the back edge to tilt the laptop but make sure it doesn't block the vents. Consider investing in a laptop cooler tray. Sometimes that's not enough and you have to take them apart to clean the heatsink or replace the fan. Sometimes they are manufactured with a thermal pad between the CPU and the heatsink and that dries out over time. In that case you remove the heatsink and the thermal pad (discard the pad), clean the surfaces with a little alcohol then put a thin coat of Arctic Silver thermal paste or equivalent on the CPU and reinstall the heatsink.

With a laptop: See if you can get Speedfan to work:

http://www.almico.com/sfdownload.php

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.

It will tell you your temps. If they seem hot (over 50) then check Automatic Fan Speed.
Leave it running and see if the temps drop. What it does on a laptop if it works is turn the fan on full which seems to help.

You can uninstall speccy.
  • 0

#7
DaNeeLo

DaNeeLo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Thanx for your suggestions Ron! I opened my desktop and, in fact, the heatssink of the CPU was full of dust; so i had to remove it completely and blow air through it to clean the dust. I noticed the thermal paste...do i need to wipe it away and put a new one?
However, i turned on the pc, the fan is running good but the CPU consumption is still there. Here are the logs you asked me:

Combofix

ComboFix 11-12-08.01 - daneelo 08/12/2011 20.49.36.9.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.3071.2758 [GMT 1:00]
Eseguito da: c:\documents and settings\daneelo\Desktop\ComboFix.exe
Opzioni usate :: c:\documents and settings\daneelo\Desktop\CFScript.txt
.
FILE ::
"c:\windows\system32\drivers\sptd.sys"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\CSC\d6
c:\windows\system32\drivers\sptd.sys
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SPTD
-------\Service_sptd
.
.
((((((((((((((((((((((((( Files Creati Da 2011-11-08 al 2011-12-08 )))))))))))))))))))))))))))))))))))
.
.
2011-12-08 13:43 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-06 18:09 . 2001-08-17 19:10 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2011-12-06 18:08 . 2001-08-30 22:07 170880 -c--a-w- c:\windows\system32\dllcache\cl546x.dll
2011-12-06 18:07 . 2004-08-03 21:29 56623 -c--a-w- c:\windows\system32\dllcache\ati1btxx.sys
2011-12-05 18:09 . 2011-12-05 18:09 -------- d-----w- c:\documents and settings\Prova
2011-12-05 13:06 . 2011-12-05 13:06 -------- d-----w- c:\documents and settings\daneelo\Dati applicazioni\Wise Registry Cleaner
2011-12-05 13:06 . 2011-12-05 13:06 -------- d-----w- c:\programmi\Wise Registry Cleaner
2011-12-04 17:17 . 2011-12-04 17:19 -------- d-----w- C:\494ec3e27223592feab5
2011-12-04 16:53 . 2011-12-04 17:14 -------- d-----w- C:\c24e2d462548d1c6bd8eca
2011-11-28 20:01 . 2011-11-28 20:01 388096 ----a-r- c:\documents and settings\daneelo\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-21 20:31 . 2011-11-21 20:31 -------- d-----w- c:\programmi\The Treasures of Montezuma 3
2011-11-21 20:31 . 2011-11-21 20:31 -------- d-----w- c:\windows\The Treasures of Montezuma 3
2011-11-17 18:48 . 2011-11-21 20:30 -------- d-----w- c:\documents and settings\daneelo\Dati applicazioni\JewelMatch2
2011-11-14 17:22 . 2011-11-14 17:22 -------- d-----w- c:\documents and settings\daneelo\Dati applicazioni\BlamGames
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-08 04:50 . 2011-10-30 11:11 602432 ----a-w- c:\windows\system32\easyupdatusapiu.dll
2011-10-08 04:50 . 2011-10-30 11:10 919872 ----a-w- c:\windows\system32\nvdispco32.dll
2011-10-08 04:50 . 2011-10-30 11:10 877376 ----a-w- c:\windows\system32\nvgenco32.dll
2011-10-08 04:50 . 2010-07-10 03:38 65536 ----a-w- c:\windows\system32\OpenCL.dll
2011-10-08 04:50 . 2010-07-10 03:38 2398016 ----a-w- c:\windows\system32\nvcuvid.dll
2011-10-08 04:50 . 2010-07-10 03:38 2099520 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-10-08 04:50 . 2010-07-10 03:38 17240064 ----a-w- c:\windows\system32\nvcompiler.dll
2011-10-08 04:50 . 2010-07-09 14:24 54272 ----a-w- c:\windows\system32\nvwddi.dll
2011-10-08 04:50 . 2010-07-09 14:24 203072 ----a-w- c:\windows\system32\nvmctray.dll
2011-10-08 04:50 . 2010-07-09 14:24 298304 ----a-w- c:\windows\system32\nvsvc32.exe
2011-10-08 04:50 . 2010-07-09 14:24 220992 ----a-w- c:\windows\system32\nvcolor.exe
2011-10-08 04:50 . 2010-07-09 14:24 16744256 ----a-w- c:\windows\system32\nvcpl.dll
2011-10-08 04:50 . 2008-05-03 03:16 5595136 ----a-w- c:\windows\system32\nvcuda.dll
2011-10-08 04:50 . 2008-05-03 03:16 4226688 ----a-w- c:\windows\system32\nv4_disp.dll
2011-10-08 04:50 . 2008-05-03 03:16 335872 ----a-w- c:\windows\system32\nvrsar.dll
2011-10-08 04:50 . 2008-05-03 03:16 331776 ----a-w- c:\windows\system32\nvrshe.dll
2011-10-08 04:50 . 2008-05-03 03:16 286720 ----a-w- c:\windows\system32\nvrsfr.dll
2011-10-08 04:50 . 2008-05-03 03:16 282624 ----a-w- c:\windows\system32\nvrsit.dll
2011-10-08 04:50 . 2008-05-03 03:16 282624 ----a-w- c:\windows\system32\nvrses.dll
2011-10-08 04:50 . 2008-05-03 03:16 282624 ----a-w- c:\windows\system32\nvrsel.dll
2011-10-08 04:50 . 2008-05-03 03:16 278528 ----a-w- c:\windows\system32\nvrsde.dll
2011-10-08 04:50 . 2008-05-03 03:16 274432 ----a-w- c:\windows\system32\nvrspt.dll
2011-10-08 04:50 . 2008-05-03 03:16 274432 ----a-w- c:\windows\system32\nvrsnl.dll
2011-10-08 04:50 . 2008-05-03 03:16 274432 ----a-w- c:\windows\system32\nvrsesm.dll
2011-10-08 04:50 . 2008-05-03 03:16 270336 ----a-w- c:\windows\system32\nvrsru.dll
2011-10-08 04:50 . 2008-05-03 03:16 270336 ----a-w- c:\windows\system32\nvrsptb.dll
2011-10-08 04:50 . 2008-05-03 03:16 270336 ----a-w- c:\windows\system32\nvrsja.dll
2011-10-08 04:50 . 2008-05-03 03:16 266240 ----a-w- c:\windows\system32\nvrsko.dll
2011-10-08 04:50 . 2008-05-03 03:16 262144 ----a-w- c:\windows\system32\nvrshu.dll
2011-10-08 04:50 . 2008-05-03 03:16 258048 ----a-w- c:\windows\system32\nvrstr.dll
2011-10-08 04:50 . 2008-05-03 03:16 258048 ----a-w- c:\windows\system32\nvrssl.dll
2011-10-08 04:50 . 2008-05-03 03:16 258048 ----a-w- c:\windows\system32\nvrssk.dll
2011-10-08 04:50 . 2008-05-03 03:16 258048 ----a-w- c:\windows\system32\nvrspl.dll
2011-10-08 04:50 . 2008-05-03 03:16 253952 ----a-w- c:\windows\system32\nvrsth.dll
2011-10-08 04:50 . 2008-05-03 03:16 253952 ----a-w- c:\windows\system32\nvrssv.dll
2011-10-08 04:50 . 2008-05-03 03:16 253952 ----a-w- c:\windows\system32\nvrsno.dll
2011-10-08 04:50 . 2008-05-03 03:16 253952 ----a-w- c:\windows\system32\nvrsda.dll
2011-10-08 04:50 . 2008-05-03 03:16 249856 ----a-w- c:\windows\system32\nvrsfi.dll
2011-10-08 04:50 . 2008-05-03 03:16 249856 ----a-w- c:\windows\system32\nvrseng.dll
2011-10-08 04:50 . 2008-05-03 03:16 249856 ----a-w- c:\windows\system32\nvrscs.dll
2011-10-08 04:50 . 2008-05-03 03:16 2449408 ----a-w- c:\windows\system32\nvapi.dll
2011-10-08 04:50 . 2008-05-03 03:16 229376 ----a-w- c:\windows\system32\nvrszhc.dll
2011-10-08 04:50 . 2008-05-03 03:16 17956864 ----a-w- c:\windows\system32\nvoglnt.dll
2011-10-08 04:50 . 2008-05-03 03:16 12791488 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-10-08 04:50 . 2008-05-03 03:16 126976 ----a-w- c:\windows\system32\nvrszht.dll
2011-11-08 19:17 . 2011-04-10 15:55 134104 ----a-w- c:\programmi\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^daneelo^Menu Avvio^Programmi^Esecuzione automatica^_uninst_70436846.lnk]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ6setup]
rmdir [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2010-08-20 11:03 33120 ----a-w- c:\programmi\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-03-25 02:50 2516296 ----a-w- c:\programmi\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
2010-04-02 08:18 1185112 ----a-w- c:\programmi\Canon\Solution Menu EX\CNSEMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-19 13:39 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
2005-11-22 16:38 221184 ----a-w- c:\programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\programmi\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]
2004-08-25 09:26 1465856 ----a-w- c:\programmi\DU Meter\DUMeter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2008-08-15 03:13 30003200 ----a-r- c:\programmi\VIA\VIAudioi\HDADeck\HDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
2005-06-08 13:44 196608 ----a-w- c:\programmi\Logitech\Video\ManifestEngine.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2005-06-08 14:24 458752 ----a-w- c:\programmi\Logitech\Video\ISStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2005-06-08 14:14 217088 ----a-w- c:\programmi\Logitech\Video\LogiTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-08-15 14:18 1955208 ----a-w- c:\programmi\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2005-07-19 16:32 221184 ----a-w- c:\windows\system32\LVCOMSX.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-08-31 16:00 449608 ----a-w- c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-10-08 04:50 16744256 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-10-08 04:50 203072 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2011-10-08 04:50 1632360 ----a-w- c:\programmi\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 03:15 421888 ----a-w- c:\programmi\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 07:27 17351304 ----a-r- c:\programmi\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\programmi\File comuni\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
2008-11-13 09:52 90112 ----a-w- c:\programmi\MAGIX\Movie_Edit_Pro_16_Plus_Download_Version\Trayserver.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Lavasoft Ad-Aware Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9b90393db5e3c"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Diskeeper"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"FirebirdServerMAGIXInstance"=3 (0x3)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"Dnscache"=3 (0x3)
"Akamai"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"StarWindServiceAE"=2 (0x2)
"SSScsiSV"=3 (0x3)
"SPTISRV"=3 (0x3)
"SonicStage Back-End Service"=3 (0x3)
"PACSPTISVR"=3 (0x3)
"ose"=3 (0x3)
"MSCSPTISRV"=3 (0x3)
"Hamachi2Svc"=2 (0x2)
"gupdatem"=3 (0x3)
"FreemakeUtilsService"=2 (0x2)
"MBAMService"=2 (0x2)
"nvUpdatusService"=3 (0x3)
"NVSvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Programmi\\ICQ7.2\\ICQ.exe"=
"c:\\Programmi\\ICQ7.2\\aolload.exe"=
"c:\\Documents and Settings\\daneelo\\Desktop\\TeamViewer.Full.5.0.7418\\TeamViewer Full 5.0.7418\\TeamViewer.exe"=
"c:\\Programmi\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\EasyPHP5.3.0\\apache\\bin\\apache.exe"=
"c:\\Programmi\\UltraVNC\\winvnc.exe"=
"c:\\Programmi\\UltraVNC\\vncviewer.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
.
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13.16.28 130384]
S2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [08/12/2011 14.43.28 366152]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [08/12/2011 14.43.23 22216]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\SynasUSB.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [19/02/2009 21.22.48 845184]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13.16.28 753504]
S4 gupdate1c9b90393db5e3c;Servizio di Google Update (gupdate1c9b90393db5e3c);c:\programmi\Google\Update\GoogleUpdate.exe [09/04/2009 12.08.56 133104]
S4 gupdatem;Servizio Google Update (gupdatem);c:\programmi\Google\Update\GoogleUpdate.exe [09/04/2009 12.08.56 133104]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\programmi\LogMeIn Hamachi\hamachi-2.exe [15/08/2011 15.18.10 1361288]
S4 nvUpdatusService;NVIDIA Update Service Daemon;c:\programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [30/10/2011 12.12.18 2253120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-11-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2011-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-09 11:08]
.
2011-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-04-09 11:08]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://getii.com/dvds
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{CF34E6E9-CFCC-4318-B4FC-1D917AA6FB94}: NameServer = 212.216.112.222,212.216.172.162
FF - ProfilePath - c:\documents and settings\daneelo\Dati applicazioni\Mozilla\Firefox\Profiles\auw417bx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google Italia
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2653012&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - hxxp://127.0.0.1/, http://serpiredandblue.altervista.org/
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccess
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM-RunOnce-MessengerPlusLiveUninstall - c:\docume~1\daneelo\IMPOST~1\Temp\MsgPlusUninstall.exe
MSConfigStartUp-Adobe ARM - c:\programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-08 20:59
Windows 5.1.2600 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\•€|ÿÿÿÿ"•€|þ»Ñw*]
"0140810900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140B10900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
"0140610900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(1996)
c:\windows\system32\WININET.dll
.
Ora fine scansione: 2011-12-08 21:05:05 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2011-12-08 20:05
.
Pre-Run: 43.560.255.488 byte disponibili
Post-Run: 43.476.242.432 byte disponibili
.
- - End Of File - - AD5CD1724C40CDDD1245A6C7D6E422DA

TDSSKiller

21:07:55.0796 1488 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
21:07:56.0296 1488 ============================================================
21:07:56.0296 1488 Current date / time: 2011/12/08 21:07:56.0296
21:07:56.0296 1488 SystemInfo:
21:07:56.0296 1488
21:07:56.0296 1488 OS Version: 5.1.2600 ServicePack: 2.0
21:07:56.0296 1488 Product type: Workstation
21:07:56.0296 1488 ComputerName: PC-CASA
21:07:56.0296 1488 UserName: daneelo
21:07:56.0312 1488 Windows directory: C:\WINDOWS
21:07:56.0312 1488 System windows directory: C:\WINDOWS
21:07:56.0312 1488 Processor architecture: Intel x86
21:07:56.0312 1488 Number of processors: 2
21:07:56.0312 1488 Page size: 0x1000
21:07:56.0312 1488 Boot type: Safe boot with network
21:07:56.0312 1488 ============================================================
21:07:57.0062 1488 Initialize success
21:08:25.0828 1264 ============================================================
21:08:25.0828 1264 Scan started
21:08:25.0828 1264 Mode: Manual; SigCheck; TDLFS;
21:08:25.0828 1264 ============================================================
21:08:27.0218 1264 Abiosdsk - ok
21:08:27.0328 1264 abp480n5 - ok
21:08:27.0500 1264 ACPI (ad825cb3397c837d1fb91d566d78de04) C:\WINDOWS\system32\DRIVERS\ACPI.sys
21:08:29.0578 1264 ACPI - ok
21:08:29.0734 1264 ACPIEC (49ac5cd87fbdda62f3e25190019e7627) C:\WINDOWS\system32\drivers\ACPIEC.sys
21:08:29.0859 1264 ACPIEC - ok
21:08:30.0000 1264 adpu160m - ok
21:08:30.0125 1264 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
21:08:30.0359 1264 aec - ok
21:08:30.0515 1264 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
21:08:30.0562 1264 AFD - ok
21:08:30.0671 1264 Aha154x - ok
21:08:30.0781 1264 aic78u2 - ok
21:08:30.0906 1264 aic78xx - ok
21:08:31.0031 1264 AliIde - ok
21:08:31.0156 1264 amsint - ok
21:08:31.0281 1264 asc - ok
21:08:31.0390 1264 asc3350p - ok
21:08:31.0484 1264 asc3550 - ok
21:08:31.0703 1264 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
21:08:31.0796 1264 AsyncMac - ok
21:08:31.0937 1264 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
21:08:32.0031 1264 atapi - ok
21:08:32.0140 1264 Atdisk - ok
21:08:32.0281 1264 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
21:08:32.0406 1264 Atmarpc - ok
21:08:32.0546 1264 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
21:08:32.0609 1264 audstub - ok
21:08:32.0750 1264 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
21:08:32.0890 1264 Beep - ok
21:08:32.0921 1264 catchme - ok
21:08:33.0062 1264 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
21:08:33.0187 1264 cbidf2k - ok
21:08:33.0343 1264 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
21:08:33.0421 1264 CCDECODE - ok
21:08:33.0546 1264 cd20xrnt - ok
21:08:33.0687 1264 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
21:08:33.0796 1264 Cdaudio - ok
21:08:33.0921 1264 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
21:08:34.0078 1264 Cdfs - ok
21:08:34.0234 1264 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
21:08:34.0328 1264 Cdrom - ok
21:08:34.0453 1264 Changer - ok
21:08:34.0625 1264 CmdIde - ok
21:08:34.0765 1264 Cpqarray - ok
21:08:34.0890 1264 dac2w2k - ok
21:08:35.0015 1264 dac960nt - ok
21:08:35.0187 1264 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
21:08:35.0265 1264 Disk - ok
21:08:35.0453 1264 dmboot (6570b4c952f0d8fee4c6ef2ff5e10c08) C:\WINDOWS\system32\drivers\dmboot.sys
21:08:35.0609 1264 dmboot - ok
21:08:35.0750 1264 dmio (c57d35621782c7f40770f3e5ca20a182) C:\WINDOWS\system32\drivers\dmio.sys
21:08:35.0875 1264 dmio - ok
21:08:36.0015 1264 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
21:08:36.0125 1264 dmload - ok
21:08:36.0281 1264 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
21:08:36.0406 1264 DMusic - ok
21:08:36.0546 1264 dpti2o - ok
21:08:36.0671 1264 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
21:08:36.0781 1264 drmkaud - ok
21:08:36.0953 1264 EIO_XP (0daf3544804650526751c478aeccce63) C:\WINDOWS\system32\drivers\EIO_XP.sys
21:08:36.0968 1264 EIO_XP ( UnsignedFile.Multi.Generic ) - warning
21:08:36.0968 1264 EIO_XP - detected UnsignedFile.Multi.Generic (1)
21:08:37.0140 1264 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
21:08:37.0281 1264 Fastfat - ok
21:08:37.0437 1264 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
21:08:37.0531 1264 Fdc - ok
21:08:37.0703 1264 Fips (333fbbc71bdcbb46c58a3b51b3d51184) C:\WINDOWS\system32\drivers\Fips.sys
21:08:37.0859 1264 Fips - ok
21:08:38.0015 1264 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
21:08:38.0125 1264 Flpydisk - ok
21:08:38.0281 1264 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
21:08:38.0515 1264 FltMgr - ok
21:08:38.0671 1264 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
21:08:38.0796 1264 Fs_Rec - ok
21:08:38.0953 1264 Ftdisk (f3269a6ee547ea87b949a1cea4816b38) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
21:08:39.0062 1264 Ftdisk - ok
21:08:39.0234 1264 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
21:08:39.0312 1264 Gpc - ok
21:08:39.0515 1264 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
21:08:39.0562 1264 hamachi - ok
21:08:39.0750 1264 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
21:08:39.0796 1264 HDAudBus - ok
21:08:39.0984 1264 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
21:08:40.0062 1264 hidusb - ok
21:08:40.0187 1264 hpn - ok
21:08:40.0328 1264 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
21:08:40.0406 1264 HTTP - ok
21:08:40.0531 1264 i2omgmt - ok
21:08:40.0640 1264 i2omp - ok
21:08:40.0765 1264 i8042prt (30e64dfa4efaacc8142ea07766181fb4) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
21:08:40.0890 1264 i8042prt - ok
21:08:41.0062 1264 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
21:08:41.0171 1264 Imapi - ok
21:08:41.0312 1264 ini910u - ok
21:08:41.0453 1264 IntelIde - ok
21:08:41.0609 1264 intelppm (ebc07787034bbe312020d30198a9f362) C:\WINDOWS\system32\DRIVERS\intelppm.sys
21:08:41.0703 1264 intelppm - ok
21:08:41.0890 1264 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
21:08:41.0968 1264 Ip6Fw - ok
21:08:42.0140 1264 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
21:08:42.0250 1264 IpFilterDriver - ok
21:08:42.0421 1264 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
21:08:42.0718 1264 IpInIp - ok
21:08:42.0906 1264 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
21:08:43.0562 1264 IpNat - ok
21:08:43.0718 1264 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
21:08:44.0078 1264 IPSec - ok
21:08:44.0265 1264 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
21:08:44.0406 1264 IRENUM - ok
21:08:44.0593 1264 isapnp (ea3245a8e8758d6b84de189a5caaa75e) C:\WINDOWS\system32\DRIVERS\isapnp.sys
21:08:44.0734 1264 isapnp - ok
21:08:44.0890 1264 Kbdclass (e883ae6ea0b313e659225aa32e449ce9) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
21:08:45.0125 1264 Kbdclass - ok
21:08:45.0281 1264 kbdhid (24f4d51e89822c349044c28be255c8a5) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
21:08:45.0437 1264 kbdhid - ok
21:08:45.0609 1264 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
21:08:46.0312 1264 kmixer - ok
21:08:46.0484 1264 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
21:08:46.0578 1264 KSecDD - ok
21:08:46.0812 1264 lbrtfdc - ok
21:08:47.0390 1264 LVUSBSta (c5efbd05a5195402121711a6ebbb271f) C:\WINDOWS\system32\drivers\lvusbsta.sys
21:08:47.0531 1264 LVUSBSta - ok
21:08:47.0656 1264 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\WINDOWS\system32\drivers\mbam.sys
21:08:47.0750 1264 MBAMProtector - ok
21:08:47.0937 1264 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
21:08:48.0109 1264 mnmdd - ok
21:08:48.0281 1264 Modem (b30d2db351e3191bd71232036cfe711a) C:\WINDOWS\system32\drivers\Modem.sys
21:08:48.0671 1264 Modem - ok
21:08:48.0859 1264 monfilt (9fa7207d1b1adead88ae8eed9cdbbaa5) C:\WINDOWS\system32\drivers\monfilt.sys
21:08:49.0265 1264 monfilt - ok
21:08:49.0421 1264 Mouclass (c458e314b8722253897c94a714c2e0c0) C:\WINDOWS\system32\DRIVERS\mouclass.sys
21:08:49.0656 1264 Mouclass - ok
21:08:49.0828 1264 mouhid (d7662f0cf5b77bbbe3202716f5bd5318) C:\WINDOWS\system32\DRIVERS\mouhid.sys
21:08:50.0171 1264 mouhid - ok
21:08:50.0343 1264 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
21:08:50.0656 1264 MountMgr - ok
21:08:50.0796 1264 mraid35x - ok
21:08:50.0968 1264 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
21:08:51.0718 1264 MRxDAV - ok
21:08:51.0906 1264 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
21:08:52.0031 1264 MRxSmb - ok
21:08:52.0250 1264 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
21:08:52.0531 1264 Msfs - ok
21:08:52.0718 1264 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
21:08:52.0968 1264 MSKSSRV - ok
21:08:53.0109 1264 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
21:08:53.0546 1264 MSPCLOCK - ok
21:08:53.0703 1264 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
21:08:53.0890 1264 MSPQM - ok
21:08:54.0046 1264 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
21:08:54.0203 1264 mssmbios - ok
21:08:54.0375 1264 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
21:08:54.0718 1264 MSTEE - ok
21:08:54.0890 1264 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
21:08:54.0968 1264 MTsensor - ok
21:08:55.0125 1264 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
21:08:55.0343 1264 Mup - ok
21:08:55.0515 1264 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
21:08:55.0687 1264 NABTSFEC - ok
21:08:55.0859 1264 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
21:08:56.0343 1264 NDIS - ok
21:08:56.0515 1264 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
21:08:56.0734 1264 NdisIP - ok
21:08:56.0921 1264 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
21:08:57.0140 1264 NdisTapi - ok
21:08:57.0296 1264 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
21:08:57.0468 1264 Ndisuio - ok
21:08:57.0625 1264 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
21:08:57.0968 1264 NdisWan - ok
21:08:58.0125 1264 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
21:08:58.0437 1264 NDProxy - ok
21:08:58.0578 1264 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
21:08:58.0953 1264 NetBIOS - ok
21:08:59.0109 1264 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
21:08:59.0531 1264 NetBT - ok
21:08:59.0921 1264 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
21:09:00.0265 1264 Npfs - ok
21:09:00.0421 1264 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
21:09:00.0921 1264 Ntfs - ok
21:09:01.0078 1264 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
21:09:01.0281 1264 Null - ok
21:09:01.0671 1264 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
21:09:02.0500 1264 nv - ok
21:09:02.0812 1264 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
21:09:03.0312 1264 NwlnkFlt - ok
21:09:03.0484 1264 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
21:09:03.0609 1264 NwlnkFwd - ok
21:09:03.0859 1264 Parport (3490ead0612bfd0e7c1b864ee24e6a4a) C:\WINDOWS\system32\drivers\Parport.sys
21:09:04.0015 1264 Parport - ok
21:09:04.0171 1264 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
21:09:04.0359 1264 PartMgr - ok
21:09:04.0578 1264 ParVdm (0dabef655a444cb1e193626fb1d24b9f) C:\WINDOWS\system32\drivers\ParVdm.sys
21:09:04.0890 1264 ParVdm - ok
21:09:05.0062 1264 PCI (91fc1d483d900b1c0600a08b871c39d5) C:\WINDOWS\system32\DRIVERS\pci.sys
21:09:05.0250 1264 PCI - ok
21:09:05.0390 1264 PCIDump - ok
21:09:05.0546 1264 PCIIde (b2df00d650fd6c4ee781740ed3c8e67f) C:\WINDOWS\system32\DRIVERS\pciide.sys
21:09:05.0671 1264 PCIIde - ok
21:09:05.0828 1264 Pcmcia (28f3538a2091993a03506311a05053e8) C:\WINDOWS\system32\drivers\Pcmcia.sys
21:09:05.0984 1264 Pcmcia - ok
21:09:06.0093 1264 PDCOMP - ok
21:09:06.0234 1264 PDFRAME - ok
21:09:06.0359 1264 PDRELI - ok
21:09:06.0484 1264 PDRFRAME - ok
21:09:06.0625 1264 perc2 - ok
21:09:06.0750 1264 perc2hib - ok
21:09:07.0046 1264 PID_0928 (5bd2c6d982481d548107c602e7ccfbbc) C:\WINDOWS\system32\DRIVERS\LV561AV.SYS
21:09:07.0265 1264 PID_0928 - ok
21:09:07.0468 1264 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
21:09:07.0656 1264 PptpMiniport - ok
21:09:07.0843 1264 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
21:09:08.0046 1264 PSched - ok
21:09:08.0203 1264 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
21:09:08.0578 1264 Ptilink - ok
21:09:08.0734 1264 ql1080 - ok
21:09:08.0984 1264 Ql10wnt - ok
21:09:09.0109 1264 ql12160 - ok
21:09:09.0250 1264 ql1240 - ok
21:09:09.0359 1264 ql1280 - ok
21:09:09.0578 1264 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
21:09:09.0859 1264 RasAcd - ok
21:09:10.0250 1264 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
21:09:10.0546 1264 Rasl2tp - ok
21:09:10.0718 1264 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
21:09:11.0093 1264 RasPppoe - ok
21:09:11.0234 1264 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
21:09:11.0500 1264 Raspti - ok
21:09:11.0671 1264 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
21:09:12.0375 1264 Rdbss - ok
21:09:12.0515 1264 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
21:09:12.0765 1264 RDPCDD - ok
21:09:12.0937 1264 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
21:09:13.0109 1264 rdpdr - ok
21:09:13.0296 1264 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
21:09:13.0953 1264 RDPWD - ok
21:09:14.0171 1264 redbook (a8eee004a16af1d583d9de9f6de250e0) C:\WINDOWS\system32\DRIVERS\redbook.sys
21:09:14.0406 1264 redbook - ok
21:09:14.0875 1264 RTLE8023xp (b52b25f41bf3511071a0e7d10d659c56) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
21:09:14.0984 1264 RTLE8023xp - ok
21:09:15.0296 1264 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
21:09:15.0531 1264 Secdrv - ok
21:09:15.0734 1264 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
21:09:16.0015 1264 serenum - ok
21:09:16.0187 1264 Serial (dbab3260e7eb3398cb87267d1410fad4) C:\WINDOWS\system32\DRIVERS\serial.sys
21:09:16.0687 1264 Serial - ok
21:09:16.0921 1264 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
21:09:17.0078 1264 Sfloppy - ok
21:09:17.0421 1264 Simbad - ok
21:09:17.0578 1264 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
21:09:18.0343 1264 SLIP - ok
21:09:18.0515 1264 Sparrow - ok
21:09:18.0687 1264 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
21:09:19.0171 1264 splitter - ok
21:09:19.0343 1264 sr (896f566afc498077172eae8a50e8baf8) C:\WINDOWS\system32\DRIVERS\sr.sys
21:09:19.0484 1264 sr - ok
21:09:19.0671 1264 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
21:09:19.0859 1264 Srv - ok
21:09:20.0078 1264 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
21:09:20.0390 1264 streamip - ok
21:09:20.0546 1264 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
21:09:20.0984 1264 swenum - ok
21:09:21.0140 1264 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
21:09:21.0250 1264 swmidi - ok
21:09:21.0453 1264 symc810 - ok
21:09:21.0578 1264 symc8xx - ok
21:09:21.0718 1264 sym_hi - ok
21:09:21.0859 1264 sym_u3 - ok
21:09:21.0968 1264 SynasUSB - ok
21:09:22.0140 1264 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
21:09:22.0375 1264 sysaudio - ok
21:09:22.0593 1264 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
21:09:22.0750 1264 Tcpip - ok
21:09:22.0906 1264 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
21:09:23.0078 1264 TDPIPE - ok
21:09:23.0218 1264 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
21:09:23.0687 1264 TDTCP - ok
21:09:23.0843 1264 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
21:09:24.0343 1264 TermDD - ok
21:09:24.0531 1264 TosIde - ok
21:09:24.0703 1264 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
21:09:25.0015 1264 Udfs - ok
21:09:25.0125 1264 ultra - ok
21:09:25.0296 1264 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
21:09:25.0890 1264 Update - ok
21:09:26.0046 1264 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
21:09:26.0296 1264 usbccgp - ok
21:09:26.0437 1264 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
21:09:26.0593 1264 usbehci - ok
21:09:26.0718 1264 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
21:09:26.0937 1264 usbhub - ok
21:09:27.0078 1264 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
21:09:27.0296 1264 usbprint - ok
21:09:27.0453 1264 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
21:09:27.0562 1264 usbscan - ok
21:09:27.0734 1264 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
21:09:27.0890 1264 USBSTOR - ok
21:09:28.0093 1264 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
21:09:28.0562 1264 usbuhci - ok
21:09:28.0734 1264 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
21:09:29.0031 1264 VgaSave - ok
21:09:29.0218 1264 VIAHdAudAddService (51b24990850076f659d1d1daefbed6f1) C:\WINDOWS\system32\drivers\viahduaa.sys
21:09:29.0328 1264 VIAHdAudAddService - ok
21:09:29.0453 1264 ViaIde - ok
21:09:29.0625 1264 VolSnap (698869e82c57169f2140c04a272bf12b) C:\WINDOWS\system32\drivers\VolSnap.sys
21:09:29.0781 1264 VolSnap - ok
21:09:30.0093 1264 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
21:09:30.0312 1264 Wanarp - ok
21:09:30.0421 1264 WDICA - ok
21:09:30.0593 1264 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
21:09:31.0328 1264 wdmaud - ok
21:09:32.0437 1264 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
21:09:32.0671 1264 WSTCODEC - ok
21:09:32.0859 1264 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
21:09:32.0953 1264 WudfPf - ok
21:09:33.0109 1264 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
21:09:33.0218 1264 WudfRd - ok
21:09:33.0656 1264 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
21:09:33.0875 1264 \Device\Harddisk0\DR0 - ok
21:09:33.0921 1264 Boot (0x1200) (5ef55b954e8a0acb00309d817c1bdd58) \Device\Harddisk0\DR0\Partition0
21:09:33.0921 1264 \Device\Harddisk0\DR0\Partition0 - ok
21:09:33.0921 1264 ============================================================
21:09:33.0921 1264 Scan finished
21:09:33.0921 1264 ============================================================
21:09:34.0062 1292 Detected object count: 1
21:09:34.0062 1292 Actual detected object count: 1
21:10:09.0078 1292 EIO_XP ( UnsignedFile.Multi.Generic ) - skipped by user
21:10:09.0078 1292 EIO_XP ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:10:37.0140 1548 Deinitialize success

aswMBR

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-08 21:12:42
-----------------------------
21:12:42.828 OS Version: Windows 5.1.2600 Service Pack 2
21:12:42.828 Number of processors: 2 586 0x170A
21:12:42.828 ComputerName: PC-CASA UserName: daneelo
21:12:44.875 Initialize success
21:13:02.828 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-16
21:13:02.828 Disk 0 Vendor: MAXTOR_STM3160215AS 3.AAD Size: 152627MB BusType: 3
21:13:04.859 Disk 0 MBR read successfully
21:13:04.859 Disk 0 MBR scan
21:13:04.875 Disk 0 Windows XP default MBR code
21:13:04.890 Disk 0 scanning sectors +312560640
21:13:04.968 Disk 0 scanning C:\WINDOWS\system32\drivers
21:13:12.515 Service scanning
21:13:15.546 Modules scanning
21:13:24.000 Disk 0 trace - called modules:
21:13:24.031 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:13:24.031 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8af92ab8]
21:13:24.046 3 CLASSPNP.SYS[b80e905b] -> nt!IofCallDriver -> \Device\00000067[0x8afa5990]
21:13:24.062 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-16[0x8af94940]
21:13:24.062 Scan finished successfully
21:13:43.093 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\daneelo\Desktop\Nuova cartella\MBR.dat"
21:13:43.140 The log file has been saved successfully to "C:\Documents and Settings\daneelo\Desktop\Nuova cartella\aswMBR.txt"


MBRCheck

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x00000025

Kernel Drivers (total 98):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E3000 \WINDOWS\system32\hal.dll
0xB85A8000 \WINDOWS\system32\KDCOM.DLL
0xB84B8000 \WINDOWS\system32\BOOTVID.dll
0xB7F79000 ACPI.sys
0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB80A8000 isapnp.sys
0xB7F68000 pci.sys
0xB8670000 pciide.sys
0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xB80B8000 MountMgr.sys
0xB7F49000 ftdisk.sys
0xB85AC000 dmload.sys
0xB7F23000 dmio.sys
0xB8330000 PartMgr.sys
0xB80C8000 VolSnap.sys
0xB7F0B000 atapi.sys
0xB80D8000 disk.sys
0xB80E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB7EEB000 fltMgr.sys
0xB7ED9000 sr.sys
0xB7EC2000 KSecDD.sys
0xB7E35000 Ntfs.sys
0xB7E08000 NDIS.sys
0xB80F8000 Combo-Fix.sys
0xB7DED000 Mup.sys
0xB8380000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB7D82000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xB8388000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB7D5D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8148000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB8158000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB8168000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB7D3A000 \SystemRoot\system32\DRIVERS\ks.sys
0xB7D1F000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xB83A8000 \SystemRoot\system32\DRIVERS\fdc.sys
0xB85B0000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0xB8178000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB854C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB7D08000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB8188000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB8198000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB83C8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB7CF7000 \SystemRoot\system32\DRIVERS\psched.sys
0xB81A8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB83D8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB83E8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB83F8000 \SystemRoot\system32\DRIVERS\hamachi.sys
0xB7CC6000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB81B8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB8400000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB8408000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB85B6000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB7C6D000 \SystemRoot\system32\DRIVERS\update.sys
0xB8570000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB81C8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB85BA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB81D8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB8418000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xB85C2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB8778000 \SystemRoot\System32\Drivers\Null.SYS
0xB85C6000 \SystemRoot\System32\Drivers\Beep.SYS
0xB8430000 \SystemRoot\System32\drivers\vga.sys
0xB7B69000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xB85CA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xB8440000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB8450000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB7DBD000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB7B36000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB7ADE000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB7ABD000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB7A95000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB7A73000 \SystemRoot\System32\drivers\afd.sys
0xB81F8000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB7A48000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB79D9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB8470000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB7C65000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB8218000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB8480000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xB7C61000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB7C59000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xB8228000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB7999000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xB85D4000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB7C3D000 \SystemRoot\System32\drivers\Dxapi.sys
0xB84A0000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB86DC000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF70000 \SystemRoot\System32\framebuf.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB767D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB73FA000 \SystemRoot\system32\DRIVERS\srv.sys
0xB7297000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB83F0000 \??\C:\ComboFix\catchme.sys
0xB71F7000 \??\C:\DOCUME~1\daneelo\IMPOST~1\Temp\aswMBR.sys
0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 13):
0 System Idle Process
4 System
636 C:\WINDOWS\system32\smss.exe
692 csrss.exe
756 C:\WINDOWS\system32\winlogon.exe
808 C:\WINDOWS\system32\services.exe
820 C:\WINDOWS\system32\lsass.exe
972 C:\WINDOWS\system32\svchost.exe
1068 svchost.exe
1428 C:\WINDOWS\system32\svchost.exe
1576 svchost.exe
1996 C:\WINDOWS\explorer.exe
1964 C:\Documents and Settings\daneelo\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: MAXTORSTM3160215AS, Rev: 3.AAD

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

OTL

OTL logfile created on: 08/12/2011 21.16.13 - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\daneelo\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 88,70% Memory free
7,24 Gb Paging File | 7,14 Gb Available in Paging File | 98,65% Paging File free
Paging file location(s): C:\pagefile.sys 4500 9000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 149,04 Gb Total Space | 40,51 Gb Free Space | 27,18% Space Free | Partition Type: NTFS

Computer Name: PC-CASA | User Name: daneelo | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\daneelo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Programmi\NVIDIA Corporation\nView\nvShell.dll ()
MOD - C:\Programmi\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service) -- C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (nvUpdatusService) -- C:\Programmi\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (MBAMService) -- C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Hamachi2Svc) -- C:\Programmi\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (StarWindServiceAE) -- C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (SSScsiSV) -- C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Programmi\File comuni\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe ()
SRV - (Diskeeper) -- C:\Programmi\Diskeeper Corporation\Diskeeper\DkService.exe (Diskeeper Corporation)
SRV - (IDriverT) -- C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (EIO_XP) -- C:\WINDOWS\system32\drivers\EIO_XP.sys (ASUSTeK Computer Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Logitech Inc.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://getii.com/dvds
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Search-Results"
FF - prefs.js..browser.search.defaultenginename: "Search-Results"
FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search-Results"
FF - prefs.js..browser.search.selectedEngine: "Google Italia"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.it/"
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.4
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.45.6.20100202.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: [email protected]:0.76
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {8be51513-0433-45c1-9203-7b45019df871}:1.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.3.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..extensions.enabledItems: {86FA6F53-95FE-7A69-D8C3-E1454281F8B6}:3.5.3
FF - prefs.js..extensions.enabledItems: {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.20100123
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.6.3
FF - prefs.js..extensions.enabledItems: [email protected]:3.6
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2653012&q="
FF - prefs.js..network.proxy.type: 0

FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port:
FF - user.js..network.proxy.no_proxies_on: ""

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Programmi\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programmi\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Programmi\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programmi\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohTVPlugin: C:\Programmi\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohWebPlayer: C:\Programmi\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Programmi\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011/10/10 11.36.57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2011/11/08 20.17.22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2011/06/20 10.44.49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Programmi\Mozilla Thunderbird\components [2011/08/26 16.39.18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Programmi\Mozilla Thunderbird\plugins [2011/06/20 10.44.50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Programmi\Veoh Networks\VeohWebPlayer\FFVideoFinder

[2010/07/11 14.20.45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Extensions
[2010/07/11 14.20.45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/11/30 12.27.27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Firefox\Profiles\auw417bx.default\extensions
[2010/03/26 14.12.46 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Firefox\Profiles\auw417bx.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/02/03 16.07.10 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Firefox\Profiles\auw417bx.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
[2011/11/30 12.27.27 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Firefox\Profiles\auw417bx.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011/11/13 18.56.55 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Firefox\Profiles\auw417bx.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/10/20 14.00.51 | 000,000,000 | ---D | M] (printpdf) -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Firefox\Profiles\auw417bx.default\extensions\[email protected]
[2011/04/08 13.26.34 | 000,000,000 | ---D | M] (QuickDrag) -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Firefox\Profiles\auw417bx.default\extensions\[email protected]
[2010/09/12 16.32.04 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Firefox\Profiles\auw417bx.default\searchplugins\conduit.xml
[2011/12/03 13.14.20 | 000,002,452 | ---- | M] () -- C:\Documents and Settings\daneelo\Dati applicazioni\Mozilla\Firefox\Profiles\auw417bx.default\searchplugins\google-italia.xml
[2011/11/08 20.17.36 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DANEELO\DATI APPLICAZIONI\MOZILLA\FIREFOX\PROFILES\AUW417BX.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DANEELO\DATI APPLICAZIONI\MOZILLA\FIREFOX\PROFILES\AUW417BX.DEFAULT\EXTENSIONS\{75CEEE46-9B64-46F8-94BF-54012DE155F0}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DANEELO\DATI APPLICAZIONI\MOZILLA\FIREFOX\PROFILES\AUW417BX.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DANEELO\DATI APPLICAZIONI\MOZILLA\FIREFOX\PROFILES\AUW417BX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DANEELO\DATI APPLICAZIONI\MOZILLA\FIREFOX\PROFILES\AUW417BX.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DANEELO\DATI APPLICAZIONI\MOZILLA\FIREFOX\PROFILES\AUW417BX.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DANEELO\DATI APPLICAZIONI\MOZILLA\FIREFOX\PROFILES\AUW417BX.DEFAULT\EXTENSIONS\[email protected]
[2011/11/08 20.17.22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programmi\mozilla firefox\components\browsercomps.dll
[2010/11/12 18.53.06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/02 12.29.23 | 000,002,252 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\bing.xml
[2009/11/03 03.26.39 | 000,001,412 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\demauro.xml
[2011/10/02 12.29.23 | 000,000,744 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\eBay-it.xml
[2011/10/02 12.29.23 | 000,000,825 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\hoepli.xml
[2011/10/02 12.29.23 | 000,001,182 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\wikipedia-it.xml
[2011/10/02 12.29.23 | 000,000,953 | ---- | M] () -- C:\Programmi\mozilla firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2011/12/08 20.59.01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programmi\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programmi\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programmi\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF34E6E9-CFCC-4318-B4FC-1D917AA6FB94}: NameServer = 212.216.112.222,212.216.172.162
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/19 21.02.28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/08 21.11.19 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/08 21.06.08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daneelo\Desktop\Nuova cartella
[2011/12/08 21.05.09 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/12/08 20.33.19 | 002,200,376 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\daneelo\Desktop\CCleaner.exe
[2011/12/08 14.43.28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes' Anti-Malware
[2011/12/08 14.43.23 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/08 13.54.40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/08 13.54.40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/08 13.54.40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/08 13.54.27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/08 13.53.21 | 004,331,207 | R--- | C] (Swearware) -- C:\Documents and Settings\daneelo\Desktop\ComboFix.exe
[2011/12/08 11.35.02 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/06 19.15.48 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2011/12/06 19.15.48 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2011/12/06 19.15.46 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2011/12/06 19.15.45 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2011/12/06 19.15.27 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2011/12/06 19.15.27 | 000,035,402 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2011/12/06 19.15.23 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2011/12/06 19.15.18 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2011/12/06 19.15.10 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2011/12/06 19.15.10 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2011/12/06 19.15.10 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2011/12/06 19.15.08 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2011/12/06 19.15.07 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2011/12/06 19.15.07 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2011/12/06 19.15.06 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2011/12/06 19.15.03 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2011/12/06 19.15.02 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2011/12/06 19.15.01 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2011/12/06 19.15.01 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2011/12/06 19.14.57 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2011/12/06 19.14.54 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2011/12/06 19.14.53 | 000,216,576 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2011/12/06 19.14.53 | 000,212,480 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2011/12/06 19.14.48 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2011/12/06 19.14.48 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2011/12/06 19.14.48 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2011/12/06 19.14.48 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2011/12/06 19.14.48 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2011/12/06 19.14.47 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2011/12/06 19.14.43 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2011/12/06 19.14.42 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2011/12/06 19.14.42 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2011/12/06 19.14.41 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2011/12/06 19.14.40 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2011/12/06 19.14.40 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2011/12/06 19.14.37 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2011/12/06 19.14.36 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2011/12/06 19.14.32 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2011/12/06 19.14.31 | 000,286,816 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2011/12/06 19.14.31 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2011/12/06 19.14.31 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2011/12/06 19.14.28 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2011/12/06 19.14.23 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2011/12/06 19.14.16 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2011/12/06 19.14.16 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2011/12/06 19.14.15 | 000,036,937 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2011/12/06 19.14.15 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2011/12/06 19.14.15 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2011/12/06 19.14.07 | 000,095,050 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2011/12/06 19.14.07 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2011/12/06 19.14.07 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2011/12/06 19.14.06 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2011/12/06 19.13.59 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2011/12/06 19.13.59 | 000,161,792 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2011/12/06 19.13.59 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2011/12/06 19.13.59 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2011/12/06 19.13.53 | 000,017,536 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2011/12/06 19.13.51 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2011/12/06 19.13.51 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2011/12/06 19.13.49 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2011/12/06 19.13.49 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2011/12/06 19.13.49 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2011/12/06 19.13.49 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2011/12/06 19.13.48 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2011/12/06 19.13.48 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2011/12/06 19.13.48 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2011/12/06 19.13.48 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2011/12/06 19.13.48 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2011/12/06 19.13.46 | 000,083,456 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2011/12/06 19.13.46 | 000,080,896 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2011/12/06 19.13.45 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2011/12/06 19.13.45 | 000,025,088 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2011/12/06 19.13.42 | 000,010,752 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2011/12/06 19.13.40 | 000,079,360 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2011/12/06 19.13.39 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2011/12/06 19.13.38 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2011/12/06 19.13.28 | 000,899,754 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2011/12/06 19.13.28 | 000,715,338 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2011/12/06 19.13.23 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2011/12/06 19.13.23 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2011/12/06 19.13.23 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2011/12/06 19.13.21 | 000,016,384 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2011/12/06 19.13.10 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2011/12/06 19.13.09 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2011/12/06 19.13.08 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2011/12/06 19.13.08 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2011/12/06 19.13.02 | 000,054,826 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2011/12/06 19.13.02 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2011/12/06 19.13.01 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2011/12/06 19.12.48 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2011/12/06 19.12.39 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2011/12/06 19.12.39 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2011/12/06 19.12.37 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2011/12/06 19.12.33 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2011/12/06 19.12.33 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2011/12/06 19.12.31 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2011/12/06 19.12.31 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2011/12/06 19.12.31 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2011/12/06 19.12.30 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2011/12/06 19.12.30 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2011/12/06 19.12.30 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2011/12/06 19.12.29 | 000,076,544 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2011/12/06 19.12.29 | 000,022,144 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2011/12/06 19.12.29 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2011/12/06 19.12.29 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2011/12/06 19.12.29 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2011/12/06 19.12.02 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2011/12/06 19.11.44 | 000,165,034 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2011/12/06 19.11.38 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2011/12/06 19.11.38 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2011/12/06 19.11.37 | 000,728,394 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2011/12/06 19.11.37 | 000,607,292 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2011/12/06 19.11.37 | 000,577,322 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2011/12/06 19.11.37 | 000,422,272 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2011/12/06 19.11.34 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2011/12/06 19.11.34 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2011/12/06 19.11.34 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2011/12/06 19.11.33 | 000,015,872 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2011/12/06 19.11.32 | 000,026,986 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2011/12/06 19.11.31 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2011/12/06 19.11.10 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2011/12/06 19.10.50 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2011/12/06 19.10.24 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2011/12/06 19.10.23 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2011/12/06 19.10.17 | 000,082,688 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2011/12/06 19.10.17 | 000,028,416 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2011/12/06 19.10.16 | 000,017,536 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2011/12/06 19.10.13 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2011/12/06 19.10.07 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2011/12/06 19.10.07 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2011/12/06 19.10.05 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2011/12/06 19.10.04 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2011/12/06 19.10.04 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2011/12/06 19.10.02 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2011/12/06 19.09.57 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2011/12/06 19.09.56 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2011/12/06 19.09.56 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2011/12/06 19.09.36 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2011/12/06 19.09.33 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2011/12/06 19.09.30 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2011/12/06 19.09.29 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2011/12/06 19.09.29 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2011/12/06 19.09.28 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2011/12/06 19.09.28 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2011/12/06 19.09.28 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2011/12/06 19.09.26 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2011/12/06 19.09.22 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2011/12/06 19.09.21 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2011/12/06 19.09.20 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2011/12/06 19.09.13 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011/12/06 19.09.12 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2011/12/06 19.09.12 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011/12/06 19.09.12 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011/12/06 19.09.12 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011/12/06 19.09.12 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011/12/06 19.09.12 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2011/12/06 19.09.11 | 000,251,392 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011/12/06 19.09.08 | 000,216,576 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2011/12/06 19.09.00 | 000,020,992 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011/12/06 19.08.56 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2011/12/06 19.08.51 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2011/12/06 19.08.50 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2011/12/06 19.08.50 | 000,022,556 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2011/12/06 19.08.50 | 000,022,556 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2011/12/06 19.08.50 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2011/12/06 19.08.49 | 000,715,338 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2011/12/06 19.08.48 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2011/12/06 19.08.48 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2011/12/06 19.08.48 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2011/12/06 19.08.47 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2011/12/06 19.08.47 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2011/12/06 19.08.28 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011/12/06 19.08.28 | 000,039,680 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/12/06 19.08.28 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011/12/06 19.08.28 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011/12/06 19.08.28 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011/12/06 19.08.28 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011/12/06 19.08.28 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011/12/06 19.08.27 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011/12/06 19.08.26 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011/12/06 19.08.26 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011/12/06 19.08.26 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011/12/06 19.08.26 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011/12/06 19.08.25 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011/12/06 19.08.25 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011/12/06 19.08.25 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011/12/06 19.08.25 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011/12/06 19.08.24 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011/12/06 19.08.24 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011/12/06 19.08.22 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/12/06 19.08.20 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011/12/06 19.08.20 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/12/06 19.08.20 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011/12/06 19.08.20 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/12/06 19.08.20 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011/12/06 19.08.19 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011/12/06 19.08.19 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/12/06 19.07.58 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/12/06 19.07.53 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011/12/06 19.07.40 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/12/06 19.07.39 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011/12/06 19.07.37 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011/12/06 19.07.37 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011/12/06 19.07.37 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011/12/06 19.07.36 | 000,061,952 | ---- | C] (Scanner piano a colori) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011/12/06 19.07.30 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/12/06 19.07.29 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011/12/06 19.07.28 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/12/06 19.07.28 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/12/06 19.07.28 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/12/05 14.06.30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daneelo\Dati applicazioni\Wise Registry Cleaner
[2011/12/05 14.06.21 | 000,000,000 | ---D | C] -- C:\Programmi\Wise Registry Cleaner
[2011/12/05 14.06.21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Wise Registry Cleaner
[2011/12/04 18.17.46 | 000,000,000 | ---D | C] -- C:\494ec3e27223592feab5
[2011/12/04 17.53.45 | 000,000,000 | ---D | C] -- C:\c24e2d462548d1c6bd8eca
[2011/12/02 13.36.49 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\daneelo\Desktop\OTL.exe
[2011/12/01 18.10.44 | 000,636,728 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\daneelo\Desktop\autoruns.exe
[2011/11/30 13.08.48 | 003,022,624 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\daneelo\Desktop\Procmon.exe
[2011/11/28 21.01.39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daneelo\Menu Avvio\Programmi\HiJackThis
[2011/11/28 18.52.21 | 004,845,856 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\daneelo\Desktop\procexp.exe
[2011/11/28 14.22.49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/28 13.26.00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\daneelo\Recent
[2011/11/23 18.39.39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Google Earth
[2011/11/21 21.31.32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daneelo\Menu Avvio\Programmi\The Treasures of Montezuma 3
[2011/11/21 21.31.14 | 000,000,000 | ---D | C] -- C:\WINDOWS\The Treasures of Montezuma 3
[2011/11/21 21.31.14 | 000,000,000 | ---D | C] -- C:\Programmi\The Treasures of Montezuma 3
[2011/11/17 19.48.53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daneelo\Dati applicazioni\JewelMatch2
[2011/11/16 21.26.13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daneelo\Menu Avvio\Programmi\Alawar Games
[2011/11/14 18.22.56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daneelo\Dati applicazioni\BlamGames
[2011/11/10 12.29.20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daneelo\Documenti\Working Folder 0
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/08 20.59.01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/08 20.58.38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/08 20.48.07 | 004,331,207 | R--- | M] (Swearware) -- C:\Documents and Settings\daneelo\Desktop\ComboFix.exe
[2011/12/08 20.36.17 | 000,001,130 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/08 20.33.20 | 002,200,376 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\daneelo\Desktop\CCleaner.exe
[2011/12/08 20.31.32 | 000,001,126 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/08 14.43.28 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/08 13.46.35 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\daneelo\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/05 14.06.21 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
[2011/12/04 15.15.28 | 000,000,307 | -HS- | M] () -- C:\boot.ini
[2011/12/02 20.39.43 | 000,756,952 | ---- | M] () -- C:\Documents and Settings\daneelo\Desktop\sys97652.exe
[2011/12/02 20.35.08 | 000,002,429 | ---- | M] () -- C:\Documents and Settings\daneelo\Desktop\HiJackThis.lnk
[2011/12/02 13.36.50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\daneelo\Desktop\OTL.exe
[2011/12/01 21.39.46 | 000,059,392 | R--- | M] () -- C:\WINDOWS\System32\streamhlp.dll
[2011/12/01 18.59.59 | 000,002,885 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/11/28 13.59.20 | 000,000,050 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/11/27 21.46.58 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/27 21.44.07 | 000,001,148 | -H-- | M] () -- C:\Documents and Settings\daneelo\Documenti\Default.rdp
[2011/11/23 13.14.01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/21 21.31.32 | 000,001,783 | ---- | M] () -- C:\Documents and Settings\daneelo\Desktop\The Treasures of Montezuma 3.lnk
[2011/11/09 13.15.34 | 000,636,728 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\daneelo\Desktop\autoruns.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/08 14.43.28 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/08 13.54.40 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/08 13.54.40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/08 13.54.40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/08 13.54.40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/08 13.54.40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/06 19.15.48 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2011/12/06 19.15.47 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2011/12/06 19.13.22 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2011/12/06 19.13.21 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2011/12/06 19.13.02 | 000,044,361 | ---- | C] () -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2011/12/06 19.12.07 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2011/12/06 19.10.24 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2011/12/06 19.10.24 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2011/12/06 19.10.23 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2011/12/06 19.10.23 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2011/12/06 19.10.23 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2011/12/06 19.09.29 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2011/12/06 19.09.29 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2011/12/06 19.09.28 | 000,031,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2011/12/06 19.09.28 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2011/12/06 19.08.13 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/12/06 19.08.13 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011/12/06 19.08.12 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/12/06 19.08.11 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/12/06 19.08.10 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/12/06 19.08.10 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/12/06 19.08.10 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/12/06 19.08.10 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011/12/06 19.08.10 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/12/06 19.08.05 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011/12/05 14.06.21 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wise Registry Cleaner.lnk
[2011/12/02 20.39.32 | 000,756,952 | ---- | C] () -- C:\Documents and Settings\daneelo\Desktop\sys97652.exe
[2011/12/01 21.39.36 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2011/11/28 21.01.40 | 000,002,429 | ---- | C] () -- C:\Documents and Settings\daneelo\Desktop\HiJackThis.lnk
[2011/11/28 13.59.20 | 000,000,050 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/11/21 21.31.32 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\daneelo\Desktop\The Treasures of Montezuma 3.lnk
[2011/10/30 12.10.04 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/10/13 11.53.25 | 001,689,402 | ---- | C] () -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\WPFFontCache_v0400-S-1-5-21-1482476501-1390067357-839522115-1003-0.dat
[2011/10/13 11.53.24 | 000,530,162 | ---- | C] () -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\WPFFontCache_v0400-System.dat
[2011/06/20 11.35.19 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/01/22 12.30.36 | 000,000,350 | ---- | C] () -- C:\WINDOWS\Vx4SLPlayer.INI
[2010/12/02 01.21.55 | 000,020,682 | ---- | C] () -- C:\Documents and Settings\daneelo\Dati applicazioni\com.koingosw.AlarmClockPro.xml
[2010/10/03 17.52.33 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/10/03 17.52.27 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/10/03 17.52.27 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/08/11 19.55.13 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/07/10 04.38.00 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/03/21 20.32.27 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2010/03/21 20.32.04 | 000,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2010/03/01 20.09.29 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\RfT_R.DAT
[2009/11/14 18.19.50 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\daneelo\Impostazioni locali\Dati applicazioni\fusioncache.dat
[2009/07/13 14.08.09 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/12 19.02.49 | 000,000,669 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2009/05/05 19.22.10 | 000,003,246 | ---- | C] () -- C:\WINDOWS\jsgkxz32.ini
[2009/04/10 16.05.47 | 000,064,000 | ---- | C] () -- C:\WINDOWS\System32\esfw41.bin
[2009/03/13 13.24.18 | 000,000,424 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/02/24 13.31.06 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2009/02/23 15.13.12 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2009/02/23 15.13.03 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/02/20 00.53.16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/02/20 00.41.12 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\daneelo\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/19 21.54.09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/02/19 21.50.52 | 002,588,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/02/19 21.19.23 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/02/19 21.19.16 | 000,027,739 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/02/19 21.19.16 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/02/19 21.04.42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/02/19 20.58.49 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/27 15.18.20 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\lwel-manifest.dll
[2008/05/03 04.16.00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/03/01 22.10.20 | 000,000,144 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2008/02/08 17.03.43 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\RegisterDialog.dll
[2004/08/19 14.52.50 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/02 13.20.40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2002/10/15 23.54.04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/08/31 12.00.00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/31 12.00.00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/31 12.00.00 | 000,552,180 | ---- | C] () -- C:\WINDOWS\System32\perfh010.dat
[2001/08/31 12.00.00 | 000,501,382 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/31 12.00.00 | 000,300,212 | ---- | C] () -- C:\WINDOWS\System32\perfi010.dat
[2001/08/31 12.00.00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/31 12.00.00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/31 12.00.00 | 000,103,538 | ---- | C] () -- C:\WINDOWS\System32\perfc010.dat
[2001/08/31 12.00.00 | 000,087,288 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/31 12.00.00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/31 12.00.00 | 000,034,004 | ---- | C] () -- C:\WINDOWS\System32\perfd010.dat
[2001/08/31 12.00.00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/31 12.00.00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/31 12.00.00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/08/21 11.43.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Alawar Stargaze
[2009/12/13 18.03.47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\AlawarWrapper
[2009/02/20 19.08.40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Azureus
[2011/09/13 12.55.32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonBJ
[2011/09/13 13.10.29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonEPP
[2011/09/13 13.10.29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonIJEPPEX2
[2011/09/13 13.06.21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonIJMSetup
[2011/09/13 12.57.33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonIJSetup000
[2011/09/13 13.05.43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\CanonIJWSpt
[2011/05/25 13.04.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Elephant Games
[2011/10/10 11.36.57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Freemake
[2009/11/16 20.53.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Hagel Technologies
[2010/09/19 12.50.14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\MAGIX
[2011/03/10 17.48.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\MumboJumbo
[2009/05/10 23.38.48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\PaperlessPrinter Data
[2011/06/09 12.48.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\PlayPond
[2011/11/05 15.50.07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\regid.1986-12.com.adobe
[2010/05/28 13.58.33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\SafeNet Sentinel
[2011/12/04 15.00.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Screentime
[2011/02/11 20.50.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\SmartSound Software Inc
[2009/03/10 14.47.50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Syncrosoft
[2011/06/08 13.37.44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Top Evidence
[2009/08/12 12.19.25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/09/13 14.04.59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Acoustica
[2011/08/17 11.12.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Alawar Entertainment
[2011/08/21 11.43.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Alawar Stargaze
[2011/09/08 19.57.40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Artifex Mundi
[2009/04/24 23.18.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Artisteer
[2011/06/05 12.27.12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Artogon
[2011/10/10 12.57.12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\avidemux
[2011/03/07 13.40.31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Azureus
[2011/01/08 19.52.35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Big Fish Games
[2011/12/08 20.38.53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\BitTorrent
[2011/11/14 18.22.56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\BlamGames
[2009/10/27 20.51.42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Blender Foundation
[2011/08/21 12.43.14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Blue Tea Games
[2011/07/13 15.12.22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Boolat Games
[2011/09/13 13.39.49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Canon
[2011/09/13 13.19.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\CD-LabelPrint
[2009/05/03 18.12.24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\CoSoSys
[2011/03/17 13.00.10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\CursedOnboard
[2011/05/18 18.22.31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\DailyMagic
[2011/10/30 11.57.32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\DieselPuppet
[2011/06/02 12.09.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\EleFun Games
[2011/02/20 17.22.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Elephant Games
[2009/04/10 16.18.00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\EPSON
[2011/04/09 16.29.42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\ERS G-Studio
[2011/10/14 18.36.13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\ERS Game Studios
[2011/11/09 22.06.21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\FileZilla
[2010/09/11 14.47.42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\fltk.org
[2011/11/16 21.27.05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Friday's games
[2011/08/21 16.42.58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\GameInvest
[2011/06/20 11.35.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Ghost Ship Studios
[2011/09/19 12.00.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\gtk-2.0
[2010/12/18 21.21.57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\HdO Adventure
[2011/01/25 20.25.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\ICQ
[2010/10/18 10.36.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Icu2
[2011/11/21 21.30.32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\JewelMatch2
[2010/01/11 17.21.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Leadertech
[2011/06/30 19.09.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\LestaStudio
[2010/09/19 12.51.20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\MAGIX
[2011/01/12 13.34.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Namco
[2009/03/23 19.20.38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Opera
[2010/01/30 20.45.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Orbit
[2011/03/07 13.56.45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Phantasmat_bf_ce1
[2009/12/13 18.05.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Playrix Entertainment
[2009/03/09 20.28.42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Steinberg
[2010/05/28 18.33.16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\SynthEyes
[2010/07/17 19.50.20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\TeamViewer
[2010/07/11 14.20.41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Thunderbird
[2011/06/08 13.37.44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Top Evidence
[2011/07/09 13.14.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\VampireSagaHL
[2011/09/16 19.38.00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Vast Studios
[2011/07/21 11.55.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Vogat Interactive
[2010/11/07 15.33.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\VoipCheapCom
[2011/12/05 14.06.48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daneelo\Dati applicazioni\Wise Registry Cleaner

========== Purity Check ==========



< End of report >

ProceXP

Process PID CPU Private Bytes Working Set Description Company Name Command Line Verified Signer
services.exe 860 84.38 3.088 K 4.904 K Applicazione Servizi e Controller Microsoft Corporation C:\WINDOWS\system32\services.exe (Unable to verify) Microsoft Corporation
System Idle Process 0 13.28 0 K 28 K
System 4 1.56 0 K 244 K
explorer.exe 188 0.78 21.740 K 28.788 K Esplora risorse Microsoft Corporation C:\WINDOWS\Explorer.EXE (Verified) Microsoft Windows Component Publisher
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
wscntfy.exe 1504 560 K 2.240 K Windows Security Center Notification App Microsoft Corporation C:\WINDOWS\system32\wscntfy.exe (Verified) Microsoft Windows Publisher
wmiprvse.exe 2100 2.000 K 5.080 K WMI Microsoft Corporation C:\WINDOWS\system32\wbem\wmiprvse.exe -Embedding (Verified) Microsoft Windows Component Publisher
wmiprvse.exe 948 1.916 K 5.248 K WMI Microsoft Corporation C:\WINDOWS\system32\wbem\wmiprvse.exe (Verified) Microsoft Windows Component Publisher
winlogon.exe 808 6.564 K 856 K Applicazione Accesso a Windows NT Microsoft Corporation winlogon.exe (Verified) Microsoft Windows Publisher
svchost.exe 1436 14.748 K 23.144 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k netsvcs (Verified) Microsoft Windows Publisher
svchost.exe 1044 3.072 K 4.852 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k DcomLaunch (Verified) Microsoft Windows Publisher
svchost.exe 1140 1.760 K 4.164 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k rpcss (Verified) Microsoft Windows Publisher
svchost.exe 1652 1.580 K 4.020 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService (Verified) Microsoft Windows Publisher
svchost.exe 456 1.252 K 3.440 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService (Verified) Microsoft Windows Publisher
svchost.exe 1296 1.228 K 3.548 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k imgsvc (Verified) Microsoft Windows Publisher
spoolsv.exe 1868 3.424 K 5.400 K Spooler SubSystem App Microsoft Corporation C:\WINDOWS\system32\spoolsv.exe (Verified) Microsoft Windows Component Publisher
smss.exe 684 172 K 416 K Windows NT Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe (Unable to verify) Microsoft Corporation
procexp.exe 1220 15.184 K 20.216 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Documents and Settings\daneelo\Desktop\procexp.exe" (Verified) Microsoft Corporation
mbamservice.exe 536 107.916 K 107.932 K Malwarebytes' Anti-Malware Malwarebytes Corporation "C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe" (Verified) Malwarebytes Corporation
mbamgui.exe 764 3.072 K 5.524 K Malwarebytes' Anti-Malware Malwarebytes Corporation "C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray (Verified) Malwarebytes Corporation
lsass.exe 872 3.944 K 1.260 K LSA Shell (Export Version) Microsoft Corporation C:\WINDOWS\system32\lsass.exe (Verified) Microsoft Windows Publisher
dwwin.exe 1812 1.312 K 3.900 K Microsoft Application Error Reporting Microsoft Corporation C:\WINDOWS\system32\dwwin.exe -d C:\DOCUME~1\daneelo\IMPOST~1\Temp\WER99ef.dir00\manifest.txt (Verified) Microsoft Windows Publisher
dwwin.exe 1888 1.172 K 3.400 K Microsoft Application Error Reporting Microsoft Corporation C:\WINDOWS\system32\dwwin.exe -d C:\DOCUME~1\daneelo\IMPOST~1\Temp\WERa98d.dir00\manifest.txt (Verified) Microsoft Windows Publisher
dumprep.exe 1376 1.012 K 3.296 K Windows Error Reporting Dump Reporting Tool Microsoft Corporation "C:\WINDOWS\system32\dumprep.exe" 1380 -H 1384 "Global\01a9934b0e82e8330" (Verified) Microsoft Windows Publisher
dumprep.exe 1620 1.012 K 3.296 K Windows Error Reporting Dump Reporting Tool Microsoft Corporation "C:\WINDOWS\system32\dumprep.exe" 1380 -H 1384 "Global\01aabe1b0e82e8320" (Verified) Microsoft Windows Publisher
csrss.exe 744 1.480 K 3.528 K Client Server Runtime Process Microsoft Corporation C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 (Verified) Microsoft Windows Publisher
alg.exe 1772 1.200 K 3.572 K Application Layer Gateway Service Microsoft Corporation C:\WINDOWS\System32\alg.exe (Verified) Microsoft Windows Publisher

Vino Event Viewer

Vino's Event Viewer v01c run on Windows XP in Italian
Report run at 09/12/2011 14.47.25

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Errore Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/12/2011 14.20.11
Type: Errore Category: 0
Event: 7022 Source: Service Control Manager
Servizio Acquisizione di immagini di Windows (WIA) bloccato in partenza.

Log: 'System' Date/Time: 09/12/2011 14.13.48
Type: Errore Category: 0
Event: 10005 Source: DCOM
DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare il servizio EventSystem con gli argomenti "" per eseguire il server {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 09/12/2011 14.08.54
Type: Errore Category: 0
Event: 10005 Source: DCOM
DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare il servizio StiSvc con gli argomenti "" per eseguire il server {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Log: 'System' Date/Time: 09/12/2011 13.44.32
Type: Errore Category: 0
Event: 10005 Source: DCOM
DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare il servizio EventSystem con gli argomenti "" per eseguire il server {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 09/12/2011 13.41.49
Type: Errore Category: 0
Event: 7026 Source: Service Control Manager
All'avvio non è stato possibile caricare i seguenti driver: EIO_XP Fips intelppm

Log: 'System' Date/Time: 09/12/2011 13.36.01
Type: Errore Category: 0
Event: 10005 Source: DCOM
DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare il servizio gupdate1c9b90393db5e3c con gli argomenti "/comsvc" per eseguire il server {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Log: 'System' Date/Time: 09/12/2011 13.04.05
Type: Errore Category: 0
Event: 7022 Source: Service Control Manager
Servizio Acquisizione di immagini di Windows (WIA) bloccato in partenza.

Log: 'System' Date/Time: 09/12/2011 13.00.34
Type: Errore Category: 0
Event: 10005 Source: DCOM
DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare il servizio EventSystem con gli argomenti "" per eseguire il server {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 09/12/2011 12.59.44
Type: Errore Category: 0
Event: 7026 Source: Service Control Manager
All'avvio non è stato possibile caricare i seguenti driver: EIO_XP Fips intelppm

Log: 'System' Date/Time: 09/12/2011 12.58.41
Type: Errore Category: 0
Event: 10005 Source: DCOM
DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare il servizio EventSystem con gli argomenti "" per eseguire il server {1BE1F766-5536-11D1-B726-00C04FB926AF}

Log: 'System' Date/Time: 09/12/2011 1.36.00
Type: Errore Category: 0
Event: 10005 Source: DCOM
DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare il servizio gupdate1c9b90393db5e3c con gli argomenti "/comsvc" per eseguire il server {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Log: 'System' Date/Time: 08/12/2011 23.00.21
Type: Errore Category: 0
Event: 7022 Source: Service Control Manager
Servizio Acquisizione di immagini di Windows (WIA) bloccato in partenza.

Log: 'System' Date/Time: 08/12/2011 21.42.11
Type: Errore Category: 0
Event: 10005 Source: DCOM
DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare il servizio EventSystem con gli argomenti "" per eseguire il server {1BE1F766-5536-11D1-B726-00C04FB926AF}

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Avvertimento Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thanx again for all your support, in the meanwhile i let my desktop pc switched off, i dont want to get my CPU burnt...


OOOps...i forgot to paste the Vino Application Log, sorry...

Vino's Event Viewer v01c run on Windows XP in Italian
Report run at 09/12/2011 18.33.57

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Errore Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 09/12/2011 14.55.54
Type: Errore Category: 101
Event: 1002 Source: Application Hang
Applicazione in stallo spsetup114.exe, versione 1.0.0.0, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Log: 'Application' Date/Time: 09/12/2011 14.47.13
Type: Errore Category: 101
Event: 1002 Source: Application Hang
Applicazione in stallo sigverif.exe, versione 5.1.2600.2180, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Log: 'Application' Date/Time: 09/12/2011 14.46.43
Type: Errore Category: 101
Event: 1002 Source: Application Hang
Applicazione in stallo sigverif.exe, versione 5.1.2600.2180, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Log: 'Application' Date/Time: 09/12/2011 13.38.36
Type: Errore Category: 101
Event: 1002 Source: Application Hang
Applicazione in stallo sigverif.exe, versione 5.1.2600.2180, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Avvertimento Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Edited by DaNeeLo, 09 December 2011 - 11:35 AM.

  • 0

#8
DaNeeLo

DaNeeLo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I forgot to tell you something that could be useful for you: i downloaded and runned (in normal mode) the utility Process Monitor, just to see what happens when services.exe eats all that cpu. Well,once runned, the application shows a strange activity of the process services.exe: this process open and close one after another a lot of registry keys (i dont remember the whole path, but it was something related to Enum, untill it reach something like 18.000.000 activities before Process Monitor crash. I dont know if this could be useful for you, but i wanted to tell you.....thanx again!!
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,700 posts
  • MVP
What is the temperature running at now? If it's still high then I would replace the thermal paste. Otherwise I'd let it be. Because of your high CPU usage by Services it's going to be a bit higher than normal but it should be stable and not climb over time.

Run Process Explorer again and this time click on the Process column header.
Look under Services.exe and you should see a lot of sub-entries. For each one, hover over it and note what it says it is (most of the svchost.exe entries will look alike but somewhere it will say what they do. The top one is usually DcomLaunch so that's what you need to write down.) right click and Kill Process. Wait 30 seconds then note the CPU percentage for System Idle. If it suddenly shoots up the last item you stopped was the culprit. On mine you can also see the CPU % for each sub-entry so that may also help narrow it down if it does that on an XP too.

Reboot

Run Process Explorer again and Double click on the sub-entry that is at fault. Select Services tab. Take a screen shot and attach it to your next reply
To do a print screen:
http://www.ehow.com/...windows-xp.html Save it as a .jpg or .jpeg or the forum may not allow it to be attached.
To Attach a file, open a reply then click on Browse and point it at the file. Open. Then Attach this File.
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,700 posts
  • MVP
Yes. Process Monitor is a good idea. It would have been the next step. Since you have it, start it up and once it is running, File, uncheck Capture Events. (This will keep it from crashing.) Now locate a section of the log where it is doing what you were talking about and click on the top line. Then go down to the bottom line, hold the Shift key down and click on the bottom line. This should select all of the lines on this page. File, Save, check Highlighted events, (note where it is going to save the log) and OK. Rename the log from logfile.pml to logfile.txt then attach it to your next reply.
  • 0

Advertisements


#11
DaNeeLo

DaNeeLo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Temperature is still high (61C°) so i think i'd better replace the thermal past; i followed your instructions but, without killing the process under services.exe (because it happened that the system crashed depending on what i was killing), i right clicked on each one and checked its properties: well, noone of them eats CPU! ...but, if i right click on services.exe and then select properties, i see a lot of threads (the number change, but i see a lot of kernel32.dll and only one upnpmgr.dll). If i start to kill them one by one, system idle's cpu doesnt change but, when i kill the last one left, it reach 100%; it doesnt depend on the thread i kill, because if i change the last thread to kill the same thing happens. When system idle is 100% cpu, after some seconds the pc got stuck and i need to reboot; i've noticed that if i keep only on thread alive, the cpu usage is 50% by that thread and 50% by system idle....
  • 0

#12
DaNeeLo

DaNeeLo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I see i cant attach txt or rar files, i give you this linkwhere you can download it..i hope it can help!
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,700 posts
  • MVP
I don't see the link.

There should be no problem with .txt files unless they are too big which is why I just want one page.

Make sure you can see the extensions:

Double-click on the My Computer icon.
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button and exit My Computer.
Now your computer is configured to show all hidden files.

You can also use 7-zip
http://www.7-zip.org/
to zip the file up into an archive (you need to change it to create .zip instead of the .7z default and attach the .zip file. IF all else fails then save it as csv then open it in notepad and copy and paste it into a reply.
  • 0

#14
DaNeeLo

DaNeeLo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Thanx Ron....file is in the attachment...the PC is so slow that mess me up...

Attached Files


Edited by DaNeeLo, 09 December 2011 - 02:09 PM.

  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,700 posts
  • MVP
That worked but it doesn't show much of interest. It's just going through some of the registry. Does it keep going in a circle?

I guess we are going to need more of the log. I'll send you my email address in a pm and you can create a Filter to make it somewhat smaller:

Start Process Monitor then File, uncheck Capture Events. Filter, Filter, change the first box to read Process Name, leaves the second box at "is" Click the down arrow in the third box and select Services.exe then hit the ADD button. OK. Now File, Save, make sure Events Displayed Using Current Filter is checked then save the file. Overwrite the old one.

Attach the file to an email with subject: DaNeeLo

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP