Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - joy

Pages: [1] 2 3 ... 5
1
Tech Clinic / Problems with my internet connection and AV7
« on: April 03, 2010, 09:11:16 AM »
I'm trying to understand what can be wrong...
I mean, I changed my modem a couple of weeks ago. My old modem was broken.
I installed Linksys AM200 model for adsl with Ethernet. I did the online configuration as explained on the packaging.
I put in the data (PPPoA, automatic IP address).

Maybe I have problems with that thing...I don't know,I'm just trying to understand...

Thanks
Bye

2
Tech Clinic / Problems with my internet connection and AV7
« on: April 03, 2010, 06:28:16 AM »
Hi...
Unfortunately I still have problems with my connection to internet.
Sometimes it falls and put me directly in off line, so I have to keep open Outlook.
When the connection falls, it opens the pop-up for connecting to internet, as I click on 'connect' it displays an error message: error 678,
[Error 678. The remote computer is not responding (in general lack of dialogue between the PC and ADSL modem or no signal)].
However, if I open Outlook then the connection is restablished.


Here MBAM logfile:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3948

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

03/04/2010 13.04.34
mbam-log-2010-04-03 (13-04-34).txt

Scan type: Quick scan
Objects scanned: 98949
Time elapsed: 10 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Here OTL logfile:

OTL logfile created on: 03/04/2010 13.17.27 - Run 4
OTL by OldTimer - Version 3.1.37.3     Folder = C:\Documents and Settings\Giorgia\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
255,00 Mb Total Physical Memory | 119,00 Mb Available Physical Memory | 46,00% Memory free
618,00 Mb Paging File | 272,00 Mb Available in Paging File | 44,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 38,28 Gb Total Space | 27,88 Gb Free Space | 72,84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC-GIORGIA
Current User Name: Giorgia
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/04/02 10.13.11 | 002,064,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgtray.exe
PRC - [2010/04/02 10.12.51 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/31 17.51.05 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Giorgia\Desktop\OTL.exe
PRC - [2010/03/26 10.37.56 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgnsx.exe
PRC - [2010/03/26 10.37.51 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgrsx.exe
PRC - [2010/03/26 10.37.44 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/26 10.35.04 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgwdsvc.exe
PRC - [2009/03/06 00.04.30 | 000,132,424 | ---- | M] (Apple Inc.) -- C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/04/14 04.14.07 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/13 19.36.40 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msfeedssync.exe
PRC - [2006/10/27 16.16.48 | 012,813,096 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2004/03/16 14.49.16 | 000,184,320 | ---- | M] () -- C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
PRC - [2002/07/01 05.05.00 | 000,074,752 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE
 
 
[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/03/31 17.51.05 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Giorgia\Desktop\OTL.exe
 
 
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2010/03/26 10.35.04 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programmi\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/03/06 00.04.30 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/01/09 14.37.51 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006/10/26 20.49.34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14.03.08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002/07/17 02.03.00 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
 
 
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010/03/26 10.41.34 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/26 10.41.28 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/26 10.41.26 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/04/13 20.53.09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 20.45.29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 20.36.39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/10/05 18.41.52 | 000,052,864 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CnxTrUsb.sys -- (CnxTrUsb)
DRV - [2004/10/05 18.41.52 | 000,025,984 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CnxTrLan.sys -- (CnxTrLan)
DRV - [2004/08/04 00.29.56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/18 00.00.04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 22.11.06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
 
 
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.Google.com/
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
 
 
 
O1 HOSTS File: ([2010/04/01 17.35.56 | 000,001,542 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programmi\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cmaudio]  File not found
O4 - HKLM..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [SSC Service Utility] C:\Programmi\SSC Service Utility\ssc_serv.exe File not found
O4 - HKCU..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\Giorgia\Menu Avvio\Programmi\Esecuzione automatica\Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmi\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1231415365683 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} http://www.miniclip.com/igloader/igloader.CAB (igLoader Content on Demand)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {ECD97A8A-7B1A-428D-B696-3ED29826CE55} http://www.pointworld.kr/ocx/PointWorldXZ.ocx (PointWorld)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/08 01.38.37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/04/01 17.35.45 | 000,000,000 | ---D | C] -- C:\_OTS
[2010/04/01 10.23.32 | 000,637,440 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Giorgia\Desktop\OTS.exe
[2010/03/31 18.25.50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Dati applicazioni\Malwarebytes
[2010/03/31 18.25.32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/31 18.25.28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
[2010/03/31 18.25.26 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/31 18.25.25 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware
[2010/03/31 18.24.06 | 005,918,720 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Giorgia\Desktop\mbam-setup.exe
[2010/03/31 17.52.20 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/31 17.51.05 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Giorgia\Desktop\OTL.exe
[2010/03/28 18.02.50 | 000,000,000 | ---D | C] -- C:\Programmi\TrendMicro
[2010/03/28 16.04.35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Microsoft
[2010/03/28 16.04.35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dati applicazioni\Microsoft
[2010/03/28 16.04.35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft
[2010/03/28 15.25.10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Dati applicazioni\AVG9
[2010/03/26 12.44.10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
[2010/03/26 10.42.39 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/03/26 10.27.57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\avg9
[2010/03/26 10.26.56 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/03/26 10.23.44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft
[2010/03/25 12.13.03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Desktop\Non-Dedicated magazines
[2010/03/25 12.12.52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Desktop\Intermediate magazines
[2010/03/25 12.12.23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Desktop\Dedicated magazines
[2010/03/22 12.39.26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Maximize Games
[2010/03/19 16.00.12 | 003,850,306 | ---- | C] (Laurence Anthony) -- C:\Documents and Settings\Giorgia\Desktop\antconc3.2.1w.exe
[2009/06/05 17.40.54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\myBabylon_English
[2009/01/23 18.40.11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
 
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/04/03 12.41.54 | 058,476,103 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/03 12.35.33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/03 12.35.02 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A9DA7A23-CD4A-4ABC-8B76-499BB36F91B2}.job
[2010/04/03 12.34.13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/03 12.34.08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/03 12.34.06 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/02 19.17.38 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Giorgia\ntuser.dat
[2010/04/02 19.17.38 | 000,000,194 | -HS- | M] () -- C:\Documents and Settings\Giorgia\ntuser.ini
[2010/04/02 13.50.12 | 005,326,442 | -H-- | M] () -- C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\IconCache.db
[2010/04/01 10.23.32 | 000,637,440 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Giorgia\Desktop\OTS.exe
[2010/03/31 18.49.56 | 000,069,616 | ---- | M] () -- C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
[2010/03/31 18.25.38 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/31 18.24.06 | 005,918,720 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Giorgia\Desktop\mbam-setup.exe
[2010/03/31 17.51.05 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Giorgia\Desktop\OTL.exe
[2010/03/31 17.41.44 | 000,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/29 15.24.58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/29 15.24.46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 18.24.27 | 000,002,423 | ---- | M] () -- C:\Documents and Settings\Giorgia\Desktop\HiJackThis.lnk
[2010/03/28 16.08.52 | 000,001,479 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/03/28 15.29.03 | 000,347,866 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2010/03/28 15.29.02 | 000,759,504 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/28 15.29.02 | 000,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/28 15.29.02 | 000,048,568 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2010/03/28 15.29.02 | 000,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/26 18.40.44 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/26 10.41.34 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/26 10.41.28 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/26 10.41.26 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/26 10.40.46 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/26 10.40.38 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/25 12.09.16 | 000,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/19 16.00.12 | 003,850,306 | ---- | M] (Laurence Anthony) -- C:\Documents and Settings\Giorgia\Desktop\antconc3.2.1w.exe
 
[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]
 
[2010/03/31 18.25.38 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/28 18.02.51 | 000,002,423 | ---- | C] () -- C:\Documents and Settings\Giorgia\Desktop\HiJackThis.lnk
[2010/03/28 16.08.52 | 000,001,479 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/10/05 13.40.24 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/10 18.23.57 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2009/01/09 02.45.34 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2003/02/19 02.26.28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
 
[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 335 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:07557E0B
@Alternate Data Stream - 311 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:7A8B9BF3
@Alternate Data Stream - 307 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:0A085469
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:CDAD96F5
@Alternate Data Stream - 294 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:B9502C3B
@Alternate Data Stream - 292 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:74A6F815
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:D8F9D810
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:E8CB831A
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:FA408F93
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:18BFD8F8
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:0D52F295
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:C213B3C4
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:D02FBAEC
< End of report >


Bye

3
Tech Clinic / Problems with my internet connection and AV7
« on: April 01, 2010, 10:49:20 AM »
OTS only asked me to reboot. I clicked Yes. After reboot the following logfile opened.

Here the logfile:

All Processes Killed
No active process named Explorer.EXE was found!
[Registry - Safe List]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\ not found.
127.0.0.1 local.subssearch.com removed from HOSTS file successfully
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F52F46FA-0980-485A-A724-332A0946C80D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F52F46FA-0980-485A-A724-332A0946C80D}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:njfjxf.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\pmnoPhed deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\D:\SetupWizard.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programmi\TorrentsDownloadBin\SubsSearch.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\Temp\NavBrowser.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\SetupWizard.exe deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b69c2c0-3770-11df-ae34-000476d12534}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\1\Command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\1\Command not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\2\Command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\2\Command not found.
[Files/Folders - Modified Within 30 Days]
C:\WINDOWS\tasks\vtfkyhka.job moved successfully.
[Files - No Company Name]
C:\WINDOWS\System32\vgugpoty.ini moved successfully.
C:\WINDOWS\System32\irgxqnts.ini moved successfully.
C:\WINDOWS\System32\vanujrwg.ini moved successfully.
C:\WINDOWS\System32\lvgdyqsv.ini moved successfully.
C:\WINDOWS\System32\rkelugjp.ini moved successfully.
C:\WINDOWS\System32\thvioosn.ini moved successfully.
C:\WINDOWS\System32\dehPonmp.ini2 moved successfully.
C:\WINDOWS\System32\dehPonmp.ini moved successfully.
[Empty Temp Folders]
 
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
 
User: Giorgia
->Temp folder emptied: 111169935 bytes
->Temporary Internet Files folder emptied: 206094161 bytes
->Java cache emptied: 69509617 bytes
->Google Chrome cache emptied: 6398159 bytes
->Flash cache emptied: 437814 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4134372 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1955761 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 60 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 64655 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 381,00 mb
 
< End of fix log >
OTS by OldTimer - Version 3.1.27.1 fix logfile created on 04012010_173545

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Giorgia\Impostazioni locali\Temp\~DF2A3.tmp not found!
File\Folder C:\Documents and Settings\Giorgia\Impostazioni locali\Temp\~DF329.tmp not found!
C:\Documents and Settings\Giorgia\Impostazioni locali\Temporary Internet Files\Content.IE5\ZLA3KWUT\iframe[1].htm moved successfully.
C:\Documents and Settings\Giorgia\Impostazioni locali\Temporary Internet Files\Content.IE5\PBF9UZXY\index[4].htm moved successfully.
C:\Documents and Settings\Giorgia\Impostazioni locali\Temporary Internet Files\Content.IE5\FPOVFGNR\IYVDB6CAMZCOD8CASVVY4BCA3Q3813CA8VN2YICAVQ9ZU5CAULMYMVCAQUDN8QCA6XQD9FCAQFG
ZYUCAQQRH77CAYG8Q6TCA1243VJCA8ETO6PCADRDRA7CA6U6UADCAGVYF38CA1W20LQCAARJE2F.htm moved successfully.
C:\Documents and Settings\Giorgia\Impostazioni locali\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.

Registry entries deleted on Reboot...


Bye

4
Tech Clinic / Problems with my internet connection and AV7
« on: April 01, 2010, 03:34:26 AM »
Here OTS logfile:

Code: [Select]
OTS logfile created on: 01/04/2010 10.24.59 - Run 1
OTS by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Giorgia\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
255,00 Mb Total Physical Memory | 154,00 Mb Available Physical Memory | 60,00% Memory free
618,00 Mb Paging File | 343,00 Mb Available in Paging File | 55,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 38,28 Gb Total Space | 27,50 Gb Free Space | 71,84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC-GIORGIA
Current User Name: Giorgia
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Giorgia\Desktop\OTS.exe -> [2010/04/01 10.23.32 | 000,637,440 | ---- | M] (OldTimer Tools)
avgchsvx.exe -> C:\Programmi\AVG\AVG9\avgchsvx.exe -> [2010/03/26 10.37.58 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgnsx.exe -> C:\Programmi\AVG\AVG9\avgnsx.exe -> [2010/03/26 10.37.56 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsx.exe -> C:\Programmi\AVG\AVG9\avgrsx.exe -> [2010/03/26 10.37.51 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgcsrvx.exe -> C:\Programmi\AVG\AVG9\avgcsrvx.exe -> [2010/03/26 10.37.44 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgtray.exe -> C:\Programmi\AVG\AVG9\avgtray.exe -> [2010/03/26 10.36.34 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> C:\Programmi\AVG\AVG9\avgwdsvc.exe -> [2010/03/26 10.35.04 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.)
jucheck.exe -> C:\Programmi\Java\jre6\bin\jucheck.exe -> [2009/10/11 05.17.45 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.)
applemobiledeviceservice.exe -> C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/03/06 00.04.30 | 000,132,424 | ---- | M] (Apple Inc.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 04.14.07 | 001,036,288 | ---- | M] (Microsoft Corporation)
mpbtn.exe -> C:\Programmi\Alice ti aiuta\bin\mpbtn.exe -> [2004/03/16 14.49.16 | 000,184,320 | ---- | M] ()
e_s10ic2.exe -> C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE -> [2002/07/01 05.05.00 | 000,074,752 | ---- | M] (SEIKO EPSON CORPORATION)
 
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Giorgia\Desktop\OTS.exe -> [2010/04/01 10.23.32 | 000,637,440 | ---- | M] (OldTimer Tools)
 
[Win32 Services - Safe List]
(avg9wd) AVG WatchDog [Auto | Running] -> C:\Programmi\AVG\AVG9\avgwdsvc.exe -> [2010/03/26 10.35.04 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.)
(Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/03/06 00.04.30 | 000,132,424 | ---- | M] (Apple Inc.)
(Adobe LM Service) Adobe LM Service [On_Demand | Stopped] -> C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe -> [2009/01/09 14.37.51 | 000,068,096 | ---- | M] ()
(odserv) Microsoft Office Diagnostics Service [On_Demand | Stopped] -> C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2006/10/26 20.49.34 | 000,441,136 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [On_Demand | Stopped] -> C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 14.03.08 | 000,145,184 | ---- | M] (Microsoft Corporation)
(EPSONStatusAgent2) EPSON Printer Status Agent2 [Disabled | Stopped] -> C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe -> [2002/07/17 02.03.00 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION)
 
[Driver Services - Safe List]
(AvgTdiX) AVG Network Redirector [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avgtdix.sys -> [2010/03/26 10.41.34 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgLdx86) AVG AVI Loader Driver x86 [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avgldx86.sys -> [2010/03/26 10.41.28 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgMfx86) AVG On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> C:\WINDOWS\system32\drivers\avgmfx86.sys -> [2010/03/26 10.41.26 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.)
(nm) Driver di Network Monitor [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nmnt.sys -> [2008/04/13 20.53.09 | 000,040,320 | ---- | M] (Microsoft Corporation)
(gameenum) Enumeratore porta giochi [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\gameenum.sys -> [2008/04/13 20.45.29 | 000,010,624 | ---- | M] (Microsoft Corporation)
(sisagp) Filtro bus SIS AGP [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\sisagp.sys -> [2008/04/13 20.36.39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(CnxTrUsb) Access Gateway USB Interface Device Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\CnxTrUsb.sys -> [2004/10/05 18.41.52 | 000,052,864 | ---- | M] (Conexant)
(CnxTrLan) Access Gateway USB Network Adapter driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\CnxTrLan.sys -> [2004/10/05 18.41.52 | 000,025,984 | ---- | M] (Conexant)
(nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2004/08/04 00.29.56 | 001,897,408 | ---- | M] (NVIDIA Corporation)
(ms_mpu401) Driver Microsoft MPU-401 MIDI UART [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\msmpu401.sys -> [2001/08/18 00.00.04 | 000,002,944 | ---- | M] (Microsoft Corporation)
(EL90XBC) 3Com Fast EtherLink ISA Adapter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\el90xbc5.sys -> [2001/08/17 22.11.06 | 000,066,591 | ---- | M] (3Com Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Search\\"Local Page" -> http://www.Google.com/ ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: URLSearchHooks\\"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> 127.0.0.1;*.local ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions ->  ->
< FireFox Extensions [User Folders] > ->
< HOSTS File > ([2009/06/03 19.57.08 | 000,000,804 | ---- | M] - 21 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1   localhost
127.0.0.1 local.subssearch.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2008/06/11 23.33.16 | 000,075,128 | ---- | M] (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Programmi\AVG\AVG9\avgssie.dll [AVG Safe Search] -> [2010/03/26 10.38.31 | 001,598,744 | ---- | M] (AVG Technologies CZ, s.r.o.)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2006/10/27 01.48.42 | 002,210,608 | ---- | M] (Microsoft Corporation)
{F52F46FA-0980-485A-A724-332A0946C80D} [HKLM] -> C:\WINDOWS\System32\pmnoPhed.dll [Reg Error: Value error.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"AVG9_TRAY" -> C:\Programmi\AVG\AVG9\avgtray.exe [C:\PROGRA~1\AVG\AVG9\avgtray.exe] -> [2010/03/26 10.36.34 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.)
"Cmaudio" ->  [RunDll32 cmicnfg.cpl,CMICtrlWnd] -> File not found
"EPSON Stylus C62 Series" -> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"] -> [2002/07/01 05.05.00 | 000,074,752 | ---- | M] (SEIKO EPSON CORPORATION)
"SSC Service Utility" -> C:\Programmi\SSC Service Utility\ssc_serv.exe [C:\Programmi\SSC Service Utility\ssc_serv.exe /s] -> File not found
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"EPSON Stylus C62 Series" -> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_S6C.tmp"] -> [2002/07/01 05.05.00 | 000,074,752 | ---- | M] (SEIKO EPSON CORPORATION)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica ->
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk -> C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe -> [1999/11/04 16.06.48 | 000,113,664 | ---- | M] (Adobe Systems, Inc.)
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk -> C:\Programmi\Alice ti aiuta\bin\matcli.exe -> [2004/03/16 14.49.16 | 000,212,992 | ---- | M] (Motive Communications, Inc.)
< Giorgia Startup Folder > -> C:\Documents and Settings\Giorgia\Menu Avvio\Programmi\Esecuzione automatica ->
C:\Documents and Settings\Giorgia\Menu Avvio\Programmi\Esecuzione automatica\Ritaglio schermata e avvio di OneNote 2007.lnk -> C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE -> [2006/10/26 21.24.54 | 000,098,632 | ---- | M] (Microsoft Corporation)
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&sporta in Microsoft Excel -> C:\Programmi\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000] -> [2006/10/27 16.07.36 | 017,891,112 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll [Button: Invia a OneNote] -> [2006/10/26 21.32.42 | 000,604,000 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll [Menu: I&nvia a OneNote] -> [2006/10/26 21.32.42 | 000,604,000 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Programmi\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2006/10/26 21.12.22 | 000,040,424 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231415365683 [WUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} [HKLM] -> http://www.miniclip.com/igloader/igloader.CAB [igLoader Content on Demand] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] ->
{ECD97A8A-7B1A-428D-B696-3ED29826CE55} [HKLM] -> http://www.pointworld.kr/ocx/PointWorldXZ.ocx [PointWorld] ->
Microsoft XML Parser for Java [HKLM] -> file:///C:/WINDOWS/Java/classes/xmldso.cab [Reg Error: Key error.] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.1.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{9CB27BDA-F4B2-4F49-9707-E77E96260F05}\\DhcpNameServer -> 192.168.1.1   (3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX)) ->
{F5A526A8-9B1D-4012-9748-A326F8613DEA}\\DhcpNameServer -> 151.99.125.2 151.99.125.3   () ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
njfjxf.dll ->  -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 04.14.07 | 001,036,288 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2006/10/27 01.48.42 | 002,210,608 | ---- | M] (Microsoft Corporation)
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
C:\WINDOWS\system32\pmnoPhed ->  -> File not found
*MultiFile Done* -> ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"D:\SetupWizard.exe" -> D:\SetupWizard.exe [D:\SetupWizard.exe:*:Enabled:SetupWizard] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Programmi\AVG\AVG9\avgnsx.exe" -> C:\Programmi\AVG\AVG9\avgnsx.exe [C:\Programmi\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe] -> [2010/03/26 10.37.56 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Programmi\AVG\AVG9\avgupd.exe" -> C:\Programmi\AVG\AVG9\avgupd.exe [C:\Programmi\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe] -> [2010/03/26 10.35.54 | 001,035,032 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Programmi\eMule\emule.exe" -> C:\Programmi\eMule\emule.exe [C:\Programmi\eMule\emule.exe:*:Enabled:eMule] -> [2008/08/01 19.41.24 | 005,480,448 | ---- | M] (http://www.emule-project.net)
"C:\Programmi\iTunes\iTunes.exe" -> C:\Programmi\iTunes\iTunes.exe [C:\Programmi\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009/03/12 20.56.54 | 013,498,664 | ---- | M] (Apple Inc.)
"C:\Programmi\Microsoft Office\Office12\GROOVE.EXE" -> C:\Programmi\Microsoft Office\Office12\GROOVE.EXE [C:\Programmi\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> [2006/10/27 16.37.44 | 000,338,216 | ---- | M] (Microsoft Corporation)
"C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE" -> C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE [C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> [2006/10/27 16.03.04 | 001,018,664 | ---- | M] (Microsoft Corporation)
"C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE" -> C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE [C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> [2006/10/27 16.16.48 | 012,813,096 | ---- | M] (Microsoft Corporation)
"C:\Programmi\TorrentsDownloadBin\SubsSearch.exe" -> C:\Programmi\TorrentsDownloadBin\SubsSearch.exe [C:\Programmi\TorrentsDownloadBin\SubsSearch.exe:*:Enabled:UniFS Media - SubsSearch.exe] -> File not found
"C:\Programmi\uTorrent\uTorrent.exe" -> C:\Programmi\uTorrent\uTorrent.exe [C:\Programmi\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [2009/06/04 13.35.10 | 000,274,224 | ---- | M] (BitTorrent, Inc.)
"C:\WINDOWS\Temp\NavBrowser.exe" -> C:\WINDOWS\Temp\NavBrowser.exe [C:\WINDOWS\Temp\NavBrowser.exe:*:Enabled:NAVBrowser] -> File not found
"D:\SetupWizard.exe" -> D:\SetupWizard.exe [D:\SetupWizard.exe:*:Enabled:SetupWizard] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> Driver del CD-ROM ->
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2009/01/08 01.38.37 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{1b69c2c0-3770-11df-ae34-000476d12534}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell
\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\1\Command
\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\1\Command\\"" ->  [.\RECYCLER\RECYCLER\autorun.exe] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\2\Command
\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\2\Command\\"" ->  [.\RECYCLER\RECYCLER\autorun.exe] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
 
[Registry - Additional Scans - Safe List]
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> "%1" %* ->
.cmd [@ = cmdfile] -> "%1" %* ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
.pif [@ = piffile] -> "%1" %* ->
.scr [@ = scrfile] -> "%1" /S ->
< File Associations - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>\ ->
.html [@ = htmlfile] -> Reg Error: Key error. -> File not found
< Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ ->
text/xml:{807563E5-5146-11D5-A672-00B0D022E945} [HKLM] -> C:\Programmi\File comuni\Microsoft Shared\OFFICE12\MSOXMLMF.DLL[Microsoft Office InfoPath XML Mime Filter] -> [2006/10/26 22.41.48 | 000,044,344 | ---- | M] (Microsoft Corporation)
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} [HKLM] -> C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll[Local Groove Web Services Protocol] -> [2006/10/27 01.48.02 | 000,222,512 | ---- | M] (Microsoft Corporation)
ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2006/10/26 19.49.48 | 001,011,488 | ---- | M] (Microsoft Corporation)
linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKLM] -> C:\Programmi\AVG\AVG9\avgpp.dll[XPLPPFilter Class] -> [2010/03/26 10.38.46 | 000,091,416 | ---- | M] (AVG Technologies CZ, s.r.o.)
msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2006/10/26 19.49.48 | 001,011,488 | ---- | M] (Microsoft Corporation)
msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL[MSDAIPP.BINDER] -> [2006/10/26 19.49.48 | 001,011,488 | ---- | M] (Microsoft Corporation)
ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} [HKLM] -> C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll[HxProtocol Class] -> [2006/10/26 14.45.02 | 000,873,216 | ---- | M] (Microsoft Corporation)
< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\\"FirstRunDisabled" ->  [1] -> File not found
\\"AntiVirusDisableNotify" ->  [0] -> File not found
\\"FirewallDisableNotify" ->  [0] -> File not found
\\"AntiVirusOverride" ->  [0] -> File not found
\\"FirewallOverride" ->  [0] -> File not found
\\"UpdatesDisableNotify" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
\\"EnableFirewall" ->  [1] -> File not found
\\"DoNotAllowExceptions" ->  [0] -> File not found
\\"DisableNotifications" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A} -> HiJackThis
{162B71B8-8464-4680-A086-601D555B331D} -> Apple Mobile Device Support
{216AB108-2AE1-4130-B3D5-20B2C4C80F8F} -> QuickTime
{26A24AE4-039D-4CA4-87B4-2F83216013FF} -> Java(TM) 6 Update 17
{350C9410-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update
{837b34e3-7c30-493c-8f6a-2b0f04e2912c} -> Microsoft Visual C++ 2005 Redistributable
{90120000-0010-0410-0000-0000000FF1CE} -> Microsoft Software Update for Web Folders  (Italian) 12
{90120000-0015-0410-0000-0000000FF1CE} -> Microsoft Office Access MUI (Italian) 2007
{90120000-0016-0410-0000-0000000FF1CE} -> Microsoft Office Excel MUI (Italian) 2007
{90120000-0018-0410-0000-0000000FF1CE} -> Microsoft Office PowerPoint MUI (Italian) 2007
{90120000-0019-0410-0000-0000000FF1CE} -> Microsoft Office Publisher MUI (Italian) 2007
{90120000-001A-0410-0000-0000000FF1CE} -> Microsoft Office Outlook MUI (Italian) 2007
{90120000-001B-0410-0000-0000000FF1CE} -> Microsoft Office Word MUI (Italian) 2007
{90120000-001F-0407-0000-0000000FF1CE} -> Microsoft Office Proof (German) 2007
{90120000-001F-0409-0000-0000000FF1CE} -> Microsoft Office Proof (English) 2007
{90120000-001F-040C-0000-0000000FF1CE} -> Microsoft Office Proof (French) 2007
{90120000-001F-0410-0000-0000000FF1CE} -> Microsoft Office Proof (Italian) 2007
{90120000-002C-0410-0000-0000000FF1CE} -> Microsoft Office Proofing (Italian) 2007
{90120000-0030-0000-0000-0000000FF1CE} -> Microsoft Office Enterprise 2007
{90120000-0044-0410-0000-0000000FF1CE} -> Microsoft Office InfoPath MUI (Italian) 2007
{90120000-006E-0410-0000-0000000FF1CE} -> Microsoft Office Shared MUI (Italian) 2007
{90120000-00A1-0410-0000-0000000FF1CE} -> Microsoft Office OneNote MUI (Italian) 2007
{90120000-00BA-0410-0000-0000000FF1CE} -> Microsoft Office Groove MUI (Italian) 2007
{AC76BA86-7AD7-1040-7B44-A90000000001} -> Adobe Reader 9 - Italiano
{B2EFE303-A594-11D5-95EB-005004BC1C65} -> EPSON PhotoQuicker3.2
{C26B06A9-27BB-45B0-9873-9C623EC2BA38} -> iTunes
{DDC5AF8D-A320-4A8C-805D-9063C6352127} -> Installazione Guidata Alice ADSL
{EFB21DE7-8C19-4A88-BB28-A766E16493BC} -> Adobe Photoshop CS
Access Gateway USB -> Access Gateway USB
Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX
Adobe Shockwave Player -> Adobe Shockwave Player 11.5
AliceRE.MCCInstall -> Alice ti aiuta
AVG9Uninstall -> AVG Free 9.0
C-Media Audio Driver -> C-Media WDM Audio Driver
Collins COBUILD 3.0 -> Collins COBUILD on CD-ROM
eMule -> eMule
ENTERPRISE -> Microsoft Office Enterprise 2007
EPSON Printer and Utilities -> Software per stampante EPSON
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs
ie7 -> Windows Internet Explorer 7
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs
Windows Media Format Runtime -> Windows Media Format 11 runtime
Windows Media Player -> Windows Media Player 11
Windows XP Service Pack -> Windows XP Service Pack 3
WinRAR archiver -> WinRAR gestione archivi
WinZip -> WinZip
WMFDist11 -> Windows Media Format 11 runtime
wmp11 -> Windows Media Player 11
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0
< Uninstall List [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
uTorrent -> µTorrent
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 04/10/2009 10.15.12 Computer Name = PC-GIORGIA | Source = Application Hang | ID = 1002 -> Description = Applicazione in stallo iexplore.exe, versione 7.0.6000.16762, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.
Application [ Error ] 04/10/2009 10.15.13 Computer Name = PC-GIORGIA | Source = Application Hang | ID = 1002 -> Description = Applicazione in stallo iexplore.exe, versione 7.0.6000.16762, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.
Application [ Error ] 04/10/2009 10.15.15 Computer Name = PC-GIORGIA | Source = Application Hang | ID = 1002 -> Description = Applicazione in stallo iexplore.exe, versione 7.0.6000.16762, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.
Application [ Error ] 04/10/2009 10.15.15 Computer Name = PC-GIORGIA | Source = Application Hang | ID = 1002 -> Description = Applicazione in stallo iexplore.exe, versione 7.0.6000.16762, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.
Application [ Error ] 07/10/2009 13.18.36 Computer Name = PC-GIORGIA | Source = Application Error | ID = 1000 -> Description = Applicazione che ha provocato l'errore iexplore.exe, versione 7.0.6000.16762, modulo che ha provocato l'errore msvcr80.dll, versione 8.0.50727.762, indirizzo errore 0x00008a8c.
Application [ Error ] 22/10/2009 3.39.33 Computer Name = PC-GIORGIA | Source = Microsoft Office 12 | ID = 5000 -> Description = EventType officelifeboathang, P1 outlook.exe, P2 12.0.4518.1014, P3 outlook.exe, P4 12.0.4518.1014, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Application [ Error ] 28/10/2009 12.34.27 Computer Name = PC-GIORGIA | Source = Application Error | ID = 1000 -> Description = Applicazione che ha provocato l'errore iexplore.exe, versione 7.0.6000.16762, modulo che ha provocato l'errore avgssie.dll, versione 8.5.0.405, indirizzo errore 0x00005d27.
Application [ Error ] 01/11/2009 9.05.14 Computer Name = PC-GIORGIA | Source = Application Error | ID = 1000 -> Description = Applicazione che ha provocato l'errore iexplore.exe, versione 7.0.6000.16762, modulo che ha provocato l'errore flash10c.ocx, versione 10.0.32.18, indirizzo errore 0x000d0dcc.
Application [ Error ] 01/11/2009 9.06.25 Computer Name = PC-GIORGIA | Source = Application Error | ID = 1000 -> Description = Applicazione che ha provocato l'errore iexplore.exe, versione 7.0.6000.16762, modulo che ha provocato l'errore flash10c.ocx, versione 10.0.32.18, indirizzo errore 0x000d0dcc.
Application [ Error ] 04/11/2009 4.52.00 Computer Name = PC-GIORGIA | Source = Application Error | ID = 1000 -> Description = Applicazione che ha provocato l'errore iexplore.exe, versione 7.0.6000.16762, modulo che ha provocato l'errore flash10c.ocx, versione 10.0.32.18, indirizzo errore 0x00240b3d.
OSession [ Error ] 23/02/2009 14.48.19 Computer Name = PC-GIORGIA | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 117 seconds with 60 seconds of active time.  This session ended with a crash.
OSession [ Error ] 22/03/2009 7.59.01 Computer Name = PC-GIORGIA | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 122 seconds with 0 seconds of active time.  This session ended with a crash.
System [ Error ] 19/03/2010 9.53.26 Computer Name = PC-GIORGIA | Source = Service Control Manager | ID = 7011 -> Description = Timout (30000 millisecondi) durante l'attesa della risposta alla transazione dal servizio avg8wd.
System [ Error ] 19/03/2010 14.33.48 Computer Name = PC-GIORGIA | Source = DCOM | ID = 10005 -> Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare il servizio wuauserv con gli argomenti ""  per eseguire il server   {E60687F7-01A1-40AA-86AC-DB1CBF673334}
System [ Error ] 22/03/2010 6.50.37 Computer Name = PC-GIORGIA | Source = DCOM | ID = 10005 -> Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare il servizio wuauserv con gli argomenti ""  per eseguire il server   {E60687F7-01A1-40AA-86AC-DB1CBF673334}
System [ Error ] 26/03/2010 7.05.26 Computer Name = PC-GIORGIA | Source = DCOM | ID = 10005 -> Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare il servizio wuauserv con gli argomenti ""  per eseguire il server   {E60687F7-01A1-40AA-86AC-DB1CBF673334}
System [ Error ] 28/03/2010 9.26.52 Computer Name = PC-GIORGIA | Source = DCOM | ID = 10005 -> Description = DCOM ha ricevuto l'errore "%1053" durante il tentativo di avviare il servizio iPod Service con gli argomenti ""  per eseguire il server   {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
System [ Error ] 28/03/2010 9.27.37 Computer Name = PC-GIORGIA | Source = Service Control Manager | ID = 7009 -> Description = Timeout (30000 millisecondi) durante l'attesa della connessione del servizio Servizio iPod.
System [ Error ] 28/03/2010 9.27.37 Computer Name = PC-GIORGIA | Source = Service Control Manager | ID = 7000 -> Description = Il servizio Servizio iPod non è stato avviato per il seguente errore:   %%1053
System [ Error ] 28/03/2010 11.19.23 Computer Name = PC-GIORGIA | Source = DCOM | ID = 10005 -> Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare il servizio wuauserv con gli argomenti ""  per eseguire il server   {E60687F7-01A1-40AA-86AC-DB1CBF673334}
System [ Error ] 28/03/2010 11.27.13 Computer Name = PC-GIORGIA | Source = DCOM | ID = 10010 -> Description = Il server {E60687F7-01A1-40AA-86AC-DB1CBF673334} non si è registrato con DCOM entro il tempo d'attesa richiesto.
System [ Error ] 28/03/2010 11.27.44 Computer Name = PC-GIORGIA | Source = DCOM | ID = 10010 -> Description = Il server {E60687F7-01A1-40AA-86AC-DB1CBF673334} non si è registrato con DCOM entro il tempo d'attesa richiesto.
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Documents and Settings\Giorgia\Desktop\OTS.exe -> [2010/04/01 10.23.32 | 000,637,440 | ---- | C] (OldTimer Tools)
 Malwarebytes -> C:\Documents and Settings\Giorgia\Dati applicazioni\Malwarebytes -> [2010/03/31 18.25.50 | 000,000,000 | ---D | C]
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/03/31 18.25.32 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes -> C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes -> [2010/03/31 18.25.28 | 000,000,000 | ---D | C]
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/03/31 18.25.26 | 000,020,824 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\Programmi\Malwarebytes' Anti-Malware -> [2010/03/31 18.25.25 | 000,000,000 | ---D | C]
 mbam-setup.exe -> C:\Documents and Settings\Giorgia\Desktop\mbam-setup.exe -> [2010/03/31 18.24.06 | 005,918,720 | ---- | C] (Malwarebytes Corporation )
 _OTL -> C:\_OTL -> [2010/03/31 17.52.20 | 000,000,000 | ---D | C]
 OTL.exe -> C:\Documents and Settings\Giorgia\Desktop\OTL.exe -> [2010/03/31 17.51.05 | 000,555,520 | ---- | C] (OldTimer Tools)
 TrendMicro -> C:\Programmi\TrendMicro -> [2010/03/28 18.02.50 | 000,000,000 | ---D | C]
 Microsoft -> C:\Documents and Settings\NetworkService\Dati applicazioni\Microsoft -> [2010/03/28 16.04.35 | 000,000,000 | --SD | M]
 Microsoft -> C:\Documents and Settings\LocalService\Dati applicazioni\Microsoft -> [2010/03/28 16.04.35 | 000,000,000 | --SD | M]
 Microsoft -> C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft -> [2010/03/28 16.04.35 | 000,000,000 | ---D | M]
 AVG9 -> C:\Documents and Settings\Giorgia\Dati applicazioni\AVG9 -> [2010/03/28 15.25.10 | 000,000,000 | ---D | C]
 Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy -> [2010/03/26 12.44.10 | 000,000,000 | ---D | C]
 $AVG -> C:\$AVG -> [2010/03/26 10.42.39 | 000,000,000 | -H-D | C]
 avg9 -> C:\Documents and Settings\All Users\Dati applicazioni\avg9 -> [2010/03/26 10.27.57 | 000,000,000 | ---D | C]
 SxsCaPendDel -> C:\WINDOWS\SxsCaPendDel -> [2010/03/26 10.26.56 | 000,000,000 | ---D | C]
 Microsoft -> C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft -> [2010/03/26 10.23.44 | 000,000,000 | ---D | M]
 Non-Dedicated magazines -> C:\Documents and Settings\Giorgia\Desktop\Non-Dedicated magazines -> [2010/03/25 12.13.03 | 000,000,000 | ---D | C]
 Intermediate magazines -> C:\Documents and Settings\Giorgia\Desktop\Intermediate magazines -> [2010/03/25 12.12.52 | 000,000,000 | ---D | C]
 Dedicated magazines -> C:\Documents and Settings\Giorgia\Desktop\Dedicated magazines -> [2010/03/25 12.12.23 | 000,000,000 | ---D | C]
 Maximize Games -> C:\Documents and Settings\Giorgia\Maximize Games -> [2010/03/22 12.39.26 | 000,000,000 | ---D | C]
 antconc3.2.1w.exe -> C:\Documents and Settings\Giorgia\Desktop\antconc3.2.1w.exe -> [2010/03/19 16.00.12 | 003,850,306 | ---- | C] (Laurence Anthony)
 myBabylon_English -> C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\myBabylon_English -> [2009/06/05 17.40.54 | 000,000,000 | ---D | M]
 Apple -> C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple -> [2009/01/23 18.40.11 | 000,000,000 | ---D | M]
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
 
[Files/Folders - Modified Within 30 Days]
 OTS.exe -> C:\Documents and Settings\Giorgia\Desktop\OTS.exe -> [2010/04/01 10.23.32 | 000,637,440 | ---- | M] (OldTimer Tools)
 vtfkyhka.job -> C:\WINDOWS\tasks\vtfkyhka.job -> [2010/04/01 10.00.02 | 000,000,320 | ---- | M] ()
 incavi.avm -> C:\WINDOWS\System32\drivers\Avg\incavi.avm -> [2010/04/01 09.33.52 | 058,333,217 | ---- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/04/01 09.29.46 | 000,002,206 | ---- | M] ()
 SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/04/01 09.28.28 | 000,000,006 | -H-- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/04/01 09.28.24 | 000,002,048 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2010/04/01 09.28.21 | 267,964,416 | -HS- | M] ()
 ntuser.dat -> C:\Documents and Settings\Giorgia\ntuser.dat -> [2010/03/31 21.59.36 | 004,456,448 | ---- | M] ()
 ntuser.ini -> C:\Documents and Settings\Giorgia\ntuser.ini -> [2010/03/31 21.59.36 | 000,000,194 | -HS- | M] ()
 User_Feed_Synchronization-{A9DA7A23-CD4A-4ABC-8B76-499BB36F91B2}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{A9DA7A23-CD4A-4ABC-8B76-499BB36F91B2}.job -> [2010/03/31 19.32.30 | 000,000,418 | -H-- | M] ()
 GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT -> [2010/03/31 18.49.56 | 000,069,616 | ---- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/03/31 18.25.38 | 000,000,676 | ---- | M] ()
 mbam-setup.exe -> C:\Documents and Settings\Giorgia\Desktop\mbam-setup.exe -> [2010/03/31 18.24.06 | 005,918,720 | ---- | M] (Malwarebytes Corporation )
 IconCache.db -> C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\IconCache.db -> [2010/03/31 17.56.09 | 005,324,756 | -H-- | M] ()
 OTL.exe -> C:\Documents and Settings\Giorgia\Desktop\OTL.exe -> [2010/03/31 17.51.05 | 000,555,520 | ---- | M] (OldTimer Tools)
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/03/31 17.41.44 | 000,266,208 | ---- | M] ()
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/03/29 15.24.58 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/03/29 15.24.46 | 000,020,824 | ---- | M] (Malwarebytes Corporation)
 HiJackThis.lnk -> C:\Documents and Settings\Giorgia\Desktop\HiJackThis.lnk -> [2010/03/28 18.24.27 | 000,002,423 | ---- | M] ()
 AVG Free 9.0.lnk -> C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk -> [2010/03/28 16.08.52 | 000,001,479 | ---- | M] ()
 perfh010.dat -> C:\WINDOWS\System32\perfh010.dat -> [2010/03/28 15.29.03 | 000,347,866 | ---- | M] ()
 PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2010/03/28 15.29.02 | 000,759,504 | ---- | M] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/03/28 15.29.02 | 000,314,508 | ---- | M] ()
 perfc010.dat -> C:\WINDOWS\System32\perfc010.dat -> [2010/03/28 15.29.02 | 000,048,568 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/03/28 15.29.02 | 000,040,836 | ---- | M] ()
 AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/03/26 18.40.44 | 000,000,276 | ---- | M] ()
 avgtdix.sys -> C:\WINDOWS\System32\drivers\avgtdix.sys -> [2010/03/26 10.41.34 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.)
 avgldx86.sys -> C:\WINDOWS\System32\drivers\avgldx86.sys -> [2010/03/26 10.41.28 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.)
 avgmfx86.sys -> C:\WINDOWS\System32\drivers\avgmfx86.sys -> [2010/03/26 10.41.26 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.)
 avgrsstx.dll -> C:\WINDOWS\System32\avgrsstx.dll -> [2010/03/26 10.40.46 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.)
 iavichjw.avm -> C:\WINDOWS\System32\drivers\Avg\iavichjw.avm -> [2010/03/26 10.40.38 | 000,113,461 | ---- | M] ()
 d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2010/03/25 12.09.16 | 000,001,744 | ---- | M] ()
 antconc3.2.1w.exe -> C:\Documents and Settings\Giorgia\Desktop\antconc3.2.1w.exe -> [2010/03/19 16.00.12 | 003,850,306 | ---- | M] (Laurence Anthony)
 217 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
 
[Files - No Company Name]
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/03/31 18.25.38 | 000,000,676 | ---- | C] ()
 HiJackThis.lnk -> C:\Documents and Settings\Giorgia\Desktop\HiJackThis.lnk -> [2010/03/28 18.02.51 | 000,002,423 | ---- | C] ()
 AVG Free 9.0.lnk -> C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk -> [2010/03/28 16.08.52 | 000,001,479 | ---- | C] ()
 FCIC.INI -> C:\WINDOWS\FCIC.INI -> [2009/03/10 18.23.57 | 000,002,528 | ---- | C] ()
 vgugpoty.ini -> C:\WINDOWS\System32\vgugpoty.ini -> [2009/01/22 17.50.02 | 001,474,003 | -HS- | C] ()
 irgxqnts.ini -> C:\WINDOWS\System32\irgxqnts.ini -> [2009/01/21 20.23.00 | 001,474,003 | -HS- | C] ()
 vanujrwg.ini -> C:\WINDOWS\System32\vanujrwg.ini -> [2009/01/20 20.21.46 | 001,472,741 | -HS- | C] ()
 lvgdyqsv.ini -> C:\WINDOWS\System32\lvgdyqsv.ini -> [2009/01/19 19.24.29 | 001,472,741 | -HS- | C] ()
 rkelugjp.ini -> C:\WINDOWS\System32\rkelugjp.ini -> [2009/01/19 19.21.28 | 001,443,651 | -HS- | C] ()
 thvioosn.ini -> C:\WINDOWS\System32\thvioosn.ini -> [2009/01/17 17.41.29 | 001,442,941 | -HS- | C] ()
 dehPonmp.ini2 -> C:\WINDOWS\System32\dehPonmp.ini2 -> [2009/01/17 17.40.15 | 000,415,538 | -HS- | C] ()
 dehPonmp.ini -> C:\WINDOWS\System32\dehPonmp.ini -> [2009/01/17 17.40.14 | 000,415,538 | -HS- | C] ()
 pdfcmnnt.dll -> C:\WINDOWS\System32\pdfcmnnt.dll -> [2009/01/09 02.45.34 | 000,116,224 | ---- | C] ()
 cmirmdrv.dll -> C:\WINDOWS\System32\cmirmdrv.dll -> [2003/02/19 02.26.28 | 000,028,672 | ---- | C] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:D02FBAEC
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:C213B3C4
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:0D52F295
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:18BFD8F8
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:FA408F93
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:E8CB831A
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:D8F9D810
@Alternate Data Stream - 292 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:74A6F815
@Alternate Data Stream - 294 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:B9502C3B
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:CDAD96F5
@Alternate Data Stream - 307 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:0A085469
@Alternate Data Stream - 311 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:7A8B9BF3
@Alternate Data Stream - 335 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:07557E0B
< End of report >

Hope it helps.
Bye

5
Tech Clinic / Problems with my internet connection and AV7
« on: March 31, 2010, 02:17:22 PM »
I did exactly what you told me, but as I clicked on Run Fix appeared this message:

"Cannot create file C:\WINDOWS\system32\drivers\etc\Hosts" and "Ok". I clicked on "Ok" and I noticed that the first 2lines of your instruction were deleted.

I'm talking about:

:OTL
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - Reg Error: Key error. File not found

I clicked again on Run Fix and the scan started, but it was very fast. And the only lines that remained written on the Custom Scans/Fixes were:

[EmptyTemp]
[Reboot]

I tried to repeat all the passages, I tried to replace also the missing lines, but it happens all the time.

6
Tech Clinic / Problems with my internet connection and AV7
« on: March 31, 2010, 12:08:34 PM »
Here my mbam logfile:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3937

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

31/03/2010 18.40.11
mbam-log-2010-03-31 (18-40-11).txt

Scan type: Quick scan
Objects scanned: 98909
Time elapsed: 11 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{fe5b2d9d-91b0-b04b-ac20-14a260769687} (Adware.ColorSoft) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-zix (Trojan.Swizzor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.SearchPage) -> Bad: (http://www2.iesearch.com/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Thanks
Bye

7
Tech Clinic / Problems with my internet connection and AV7
« on: March 31, 2010, 11:18:42 AM »
Ok.I did it without log in as administrator.

I copied/pasted your instructions and, as I clicked on Scan Fix, appeared this pop-up:
"Cannot create file C:\WINDOWS\system32\drivers\etc\Hosts" and "Ok". I clicked on "Ok".

The scan run, but didn't reboot, so I did reboot manually.
OTL.exe after reboot didn't start running automatically.

Here the logfile I found as I opened OTL.exe:

All processes killed
Error: Unable to interpret <O1 - Hosts: 127.0.0.1 local.subssearch.com> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {F52F46FA-0980-485A-A724-332A0946C80D} - C:\WINDOWS\System32\pmnoPhed.dll File not found> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.> in the current context!
Error: Unable to interpret <O20 - AppInit_DLLs: (njfjxf.dll) - File not found> in the current context!
Error: Unable to interpret <O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\pmnoPhed) - File not found> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\1\Command - "" = .\RECYCLER\RECYCLER\autorun.exe> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\2\Command - "" = .\RECYCLER\RECYCLER\autorun.exe> in the current context!
Error: Unable to interpret <[2010/03/29 09.16.34 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\vtfkyhka.job> in the current context!
Error: Unable to interpret <[2009/01/22 17.50.02 | 001,474,003 | -HS- | C] () -- C:\WINDOWS\System32\vgugpoty.ini> in the current context!
Error: Unable to interpret <[2009/01/21 20.23.00 | 001,474,003 | -HS- | C] () -- C:\WINDOWS\System32\irgxqnts.ini> in the current context!
Error: Unable to interpret <[2009/01/20 20.21.46 | 001,472,741 | -HS- | C] () -- C:\WINDOWS\System32\vanujrwg.ini> in the current context!
Error: Unable to interpret <[2009/01/19 19.24.29 | 001,472,741 | -HS- | C] () -- C:\WINDOWS\System32\lvgdyqsv.ini> in the current context!
Error: Unable to interpret <[2009/01/19 19.21.28 | 001,443,651 | -HS- | C] () -- C:\WINDOWS\System32\rkelugjp.ini> in the current context!
Error: Unable to interpret <[2009/01/17 17.41.29 | 001,442,941 | -HS- | C] () -- C:\WINDOWS\System32\thvioosn.ini> in the current context!
Error: Unable to interpret <[2009/01/17 17.40.15 | 000,415,538 | -HS- | C] () -- C:\WINDOWS\System32\dehPonmp.ini2> in the current context!
Error: Unable to interpret <[2009/01/17 17.40.14 | 000,415,538 | -HS- | C] () -- C:\WINDOWS\System32\dehPonmp.ini> in the current context!
========== REGISTRY ==========
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\D:\SetupWizard.exe scheduled to be deleted on reboot.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\Temp\NavBrowser.exe scheduled to be deleted on reboot.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programmi\TorrentsDownloadBin\SubsSearch.exe scheduled to be deleted on reboot.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\SetupWizard.exe scheduled to be deleted on reboot.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
->Temporary Internet Files folder emptied: 402 bytes
 
User: Giorgia
 
User: LocalService
 
User: NetworkService
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
%systemroot%\System32 .tmp files removed: 60 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.1.37.3 log created on 03312010_175544

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


And here the logfile I did after reboot (Run Scan):

OTL logfile created on: 31/03/2010 18.06.20 - Run 3
OTL by OldTimer - Version 3.1.37.3     Folder = C:\Documents and Settings\Giorgia\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
255,00 Mb Total Physical Memory | 153,00 Mb Available Physical Memory | 60,00% Memory free
618,00 Mb Paging File | 355,00 Mb Available in Paging File | 57,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 38,28 Gb Total Space | 27,49 Gb Free Space | 71,82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC-GIORGIA
Current User Name: Giorgia
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/03/31 17.51.05 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Giorgia\Desktop\OTL.exe
PRC - [2010/03/26 10.37.58 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/26 10.37.56 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgnsx.exe
PRC - [2010/03/26 10.37.51 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgrsx.exe
PRC - [2010/03/26 10.37.44 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/26 10.36.34 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgtray.exe
PRC - [2010/03/26 10.35.04 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/11 05.17.45 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Java\jre6\bin\jucheck.exe
PRC - [2009/03/12 20.09.20 | 000,545,792 | R--- | M] (Lingea s.r.o.) -- C:\Programmi\Lingea\Collins COBUILD\lexicon.exe
PRC - [2009/03/06 00.04.30 | 000,132,424 | ---- | M] (Apple Inc.) -- C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/04/14 04.14.07 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/03/16 14.49.16 | 000,184,320 | ---- | M] () -- C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
PRC - [2002/07/01 05.05.00 | 000,074,752 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE
 
 
[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/03/31 17.51.05 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Giorgia\Desktop\OTL.exe
 
 
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2010/03/26 10.35.04 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programmi\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/03/06 00.04.30 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/01/09 14.37.51 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006/10/26 20.49.34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14.03.08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002/07/17 02.03.00 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
 
 
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010/03/26 10.41.34 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/26 10.41.28 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/26 10.41.26 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/04/13 20.53.09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 20.45.29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 20.36.39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/10/05 18.41.52 | 000,052,864 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CnxTrUsb.sys -- (CnxTrUsb)
DRV - [2004/10/05 18.41.52 | 000,025,984 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CnxTrLan.sys -- (CnxTrLan)
DRV - [2004/08/04 00.29.56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/18 00.00.04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 22.11.06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
 
 
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www2.iesearch.com/
 
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
 
 
 
O1 HOSTS File: ([2009/06/03 19.57.08 | 000,000,804 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1     local.subssearch.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {F52F46FA-0980-485A-A724-332A0946C80D} - C:\WINDOWS\System32\pmnoPhed.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programmi\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cmaudio]  File not found
O4 - HKLM..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [SSC Service Utility] C:\Programmi\SSC Service Utility\ssc_serv.exe File not found
O4 - HKCU..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\Giorgia\Menu Avvio\Programmi\Esecuzione automatica\Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmi\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1231415365683 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} http://www.miniclip.com/igloader/igloader.CAB (igLoader Content on Demand)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {ECD97A8A-7B1A-428D-B696-3ED29826CE55} http://www.pointworld.kr/ocx/PointWorldXZ.ocx (PointWorld)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (njfjxf.dll) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\pmnoPhed) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/08 01.38.37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell - "" = AutoRun
O33 - MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\1\Command - "" = .\RECYCLER\RECYCLER\autorun.exe
O33 - MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\2\Command - "" = .\RECYCLER\RECYCLER\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/03/31 17.52.20 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/31 17.51.05 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Giorgia\Desktop\OTL.exe
[2010/03/28 18.02.50 | 000,000,000 | ---D | C] -- C:\Programmi\TrendMicro
[2010/03/28 16.04.35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Microsoft
[2010/03/28 16.04.35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dati applicazioni\Microsoft
[2010/03/28 16.04.35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft
[2010/03/28 15.25.10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Dati applicazioni\AVG9
[2010/03/26 12.44.10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
[2010/03/26 10.42.39 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/03/26 10.27.57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\avg9
[2010/03/26 10.26.56 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/03/26 10.23.44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft
[2010/03/25 12.13.03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Desktop\Non-Dedicated magazines
[2010/03/25 12.12.52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Desktop\Intermediate magazines
[2010/03/25 12.12.23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Desktop\Dedicated magazines
[2010/03/22 12.39.26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Maximize Games
[2010/03/19 16.00.12 | 003,850,306 | ---- | C] (Laurence Anthony) -- C:\Documents and Settings\Giorgia\Desktop\antconc3.2.1w.exe
[2009/06/05 17.40.54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\myBabylon_English
[2009/01/23 18.40.11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/03/31 18.00.17 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A9DA7A23-CD4A-4ABC-8B76-499BB36F91B2}.job
[2010/03/31 18.00.01 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\vtfkyhka.job
[2010/03/31 17.59.20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/31 17.58.06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/31 17.58.02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/31 17.57.59 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/31 17.56.39 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Giorgia\ntuser.dat
[2010/03/31 17.56.39 | 000,000,194 | -HS- | M] () -- C:\Documents and Settings\Giorgia\ntuser.ini
[2010/03/31 17.56.09 | 005,324,756 | -H-- | M] () -- C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\IconCache.db
[2010/03/31 17.51.05 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Giorgia\Desktop\OTL.exe
[2010/03/31 17.41.44 | 000,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/31 12.38.07 | 058,313,297 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/28 18.24.27 | 000,002,423 | ---- | M] () -- C:\Documents and Settings\Giorgia\Desktop\HiJackThis.lnk
[2010/03/28 16.08.52 | 000,001,479 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/03/28 15.29.03 | 000,347,866 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2010/03/28 15.29.02 | 000,759,504 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/28 15.29.02 | 000,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/28 15.29.02 | 000,048,568 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2010/03/28 15.29.02 | 000,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/26 18.40.44 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/26 10.41.34 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/26 10.41.28 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/26 10.41.26 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/26 10.40.46 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/26 10.40.38 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/25 12.09.16 | 000,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/19 16.00.12 | 003,850,306 | ---- | M] (Laurence Anthony) -- C:\Documents and Settings\Giorgia\Desktop\antconc3.2.1w.exe
[2010/03/02 19.23.03 | 000,069,616 | ---- | M] () -- C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]
 
[2010/03/28 18.02.51 | 000,002,423 | ---- | C] () -- C:\Documents and Settings\Giorgia\Desktop\HiJackThis.lnk
[2010/03/28 16.08.52 | 000,001,479 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/10/05 13.40.24 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/10 18.23.57 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2009/01/22 17.50.02 | 001,474,003 | -HS- | C] () -- C:\WINDOWS\System32\vgugpoty.ini
[2009/01/21 20.23.00 | 001,474,003 | -HS- | C] () -- C:\WINDOWS\System32\irgxqnts.ini
[2009/01/20 20.21.46 | 001,472,741 | -HS- | C] () -- C:\WINDOWS\System32\vanujrwg.ini
[2009/01/19 19.24.29 | 001,472,741 | -HS- | C] () -- C:\WINDOWS\System32\lvgdyqsv.ini
[2009/01/19 19.21.28 | 001,443,651 | -HS- | C] () -- C:\WINDOWS\System32\rkelugjp.ini
[2009/01/17 17.41.29 | 001,442,941 | -HS- | C] () -- C:\WINDOWS\System32\thvioosn.ini
[2009/01/17 17.40.15 | 000,415,538 | -HS- | C] () -- C:\WINDOWS\System32\dehPonmp.ini2
[2009/01/17 17.40.14 | 000,415,538 | -HS- | C] () -- C:\WINDOWS\System32\dehPonmp.ini
[2009/01/09 02.45.34 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2003/02/19 02.26.28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
 
[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 335 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:07557E0B
@Alternate Data Stream - 311 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:7A8B9BF3
@Alternate Data Stream - 307 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:0A085469
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:CDAD96F5
@Alternate Data Stream - 294 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:B9502C3B
@Alternate Data Stream - 292 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:74A6F815
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:D8F9D810
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:E8CB831A
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:FA408F93
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:18BFD8F8
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:0D52F295
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:C213B3C4
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:D02FBAEC
< End of report >

That's all.

Now I download Malwarebytes' Anti-Malware .

Thanks.
Bye

8
Tech Clinic / Problems with my internet connection and AV7
« on: March 31, 2010, 06:07:51 AM »
Sorry, but I can't log into OTL.exe as administrator. I think I need the password...I don't have it or don't remember it.

Bye

9
Tech Clinic / Problems with my internet connection and AV7
« on: March 29, 2010, 05:36:39 AM »
Oh,I've forgot to tell you that from this morning - when the connection falls - I can't find the tool 'diagnostica connessioni di rete' on the internet explorer page...so I have to leave outlook open to have my normal internet connection.

Thanks
Bye

P.S 'diagnostica connessioni di rete' in english should be 'diagnostic network connection'...I suppose.

10
Tech Clinic / Problems with my internet connection and AV7
« on: March 29, 2010, 02:57:53 AM »
Here the first log, OTL:

OTL logfile created on: 29/03/2010 9.34.45 - Run 1
OTL by OldTimer - Version 3.1.37.3     Folder = C:\Documents and Settings\Giorgia\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
255,00 Mb Total Physical Memory | 129,00 Mb Available Physical Memory | 50,00% Memory free
618,00 Mb Paging File | 359,00 Mb Available in Paging File | 58,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 38,28 Gb Total Space | 27,42 Gb Free Space | 71,62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC-GIORGIA
Current User Name: Giorgia
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/03/29 09.30.10 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Giorgia\Desktop\OTL.exe
PRC - [2010/03/26 10.37.58 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/26 10.37.56 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgnsx.exe
PRC - [2010/03/26 10.37.51 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgrsx.exe
PRC - [2010/03/26 10.37.44 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/26 10.36.34 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgtray.exe
PRC - [2010/03/26 10.35.04 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgwdsvc.exe
PRC - [2009/03/06 00.04.30 | 000,132,424 | ---- | M] (Apple Inc.) -- C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/04/14 04.14.07 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/03/16 14.49.16 | 000,184,320 | ---- | M] () -- C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
PRC - [2002/07/01 05.05.00 | 000,074,752 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE
 
 
[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/03/29 09.30.10 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Giorgia\Desktop\OTL.exe
 
 
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2010/03/26 10.35.04 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programmi\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/03/06 00.04.30 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/01/09 14.37.51 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006/10/26 20.49.34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14.03.08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002/07/17 02.03.00 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
 
 
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010/03/26 10.41.34 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/26 10.41.28 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/26 10.41.26 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/04/13 20.53.09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 20.45.29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 20.36.39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/10/05 18.41.52 | 000,052,864 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CnxTrUsb.sys -- (CnxTrUsb)
DRV - [2004/10/05 18.41.52 | 000,025,984 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CnxTrLan.sys -- (CnxTrLan)
DRV - [2004/08/04 00.29.56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/18 00.00.04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 22.11.06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
 
 
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www2.iesearch.com/
 
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
 
 
 
O1 HOSTS File: ([2009/06/03 19.57.08 | 000,000,804 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1     local.subssearch.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {F52F46FA-0980-485A-A724-332A0946C80D} - C:\WINDOWS\System32\pmnoPhed.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programmi\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cmaudio]  File not found
O4 - HKLM..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [SSC Service Utility] C:\Programmi\SSC Service Utility\ssc_serv.exe File not found
O4 - HKCU..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\Giorgia\Menu Avvio\Programmi\Esecuzione automatica\Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmi\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1231415365683 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} http://www.miniclip.com/igloader/igloader.CAB (igLoader Content on Demand)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {ECD97A8A-7B1A-428D-B696-3ED29826CE55} http://www.pointworld.kr/ocx/PointWorldXZ.ocx (PointWorld)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (njfjxf.dll) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\pmnoPhed) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/08 01.38.37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell - "" = AutoRun
O33 - MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\1\Command - "" = .\RECYCLER\RECYCLER\autorun.exe
O33 - MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\2\Command - "" = .\RECYCLER\RECYCLER\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/01/08 01.37.53 | 000,000,000 | ---D | M]
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
Unable to start service SrService!
 
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/03/29 09.30.10 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Giorgia\Desktop\OTL.exe
[2010/03/28 18.02.50 | 000,000,000 | ---D | C] -- C:\Programmi\TrendMicro
[2010/03/28 17.16.25 | 000,000,000 | ---D | C] -- C:\Programmi\AV7
[2010/03/28 16.04.35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Microsoft
[2010/03/28 16.04.35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dati applicazioni\Microsoft
[2010/03/28 16.04.35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft
[2010/03/28 15.25.10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Dati applicazioni\AVG9
[2010/03/26 12.44.10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
[2010/03/26 10.42.39 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/03/26 10.27.57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\avg9
[2010/03/26 10.26.56 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/03/26 10.23.44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft
[2010/03/25 12.13.03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Desktop\Non-Dedicated magazines
[2010/03/25 12.12.52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Desktop\Intermediate magazines
[2010/03/25 12.12.23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Desktop\Dedicated magazines
[2010/03/22 12.39.26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Maximize Games
[2010/03/19 16.00.12 | 003,850,306 | ---- | C] (Laurence Anthony) -- C:\Documents and Settings\Giorgia\Desktop\antconc3.2.1w.exe
[2009/06/05 17.40.54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\myBabylon_English
[2009/01/23 18.40.11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/03/29 09.30.10 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Giorgia\Desktop\OTL.exe
[2010/03/29 09.23.58 | 058,189,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/29 09.18.11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/29 09.16.34 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\vtfkyhka.job
[2010/03/29 09.16.34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/29 09.16.27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/29 09.16.24 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/28 19.19.46 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Giorgia\ntuser.dat
[2010/03/28 19.19.46 | 000,000,194 | -HS- | M] () -- C:\Documents and Settings\Giorgia\ntuser.ini
[2010/03/28 18.24.27 | 000,002,423 | ---- | M] () -- C:\Documents and Settings\Giorgia\Desktop\HiJackThis.lnk
[2010/03/28 17.53.15 | 001,401,344 | ---- | M] () -- C:\Documents and Settings\Giorgia\Desktop\HijackThis.msi
[2010/03/28 16.11.07 | 004,793,312 | -H-- | M] () -- C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\IconCache.db
[2010/03/28 16.08.52 | 000,001,479 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/03/28 15.29.03 | 000,347,866 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2010/03/28 15.29.02 | 000,759,504 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/28 15.29.02 | 000,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/28 15.29.02 | 000,048,568 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2010/03/28 15.29.02 | 000,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/28 15.28.47 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A9DA7A23-CD4A-4ABC-8B76-499BB36F91B2}.job
[2010/03/26 18.40.44 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/26 10.41.34 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/26 10.41.28 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/26 10.41.26 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/26 10.40.46 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/26 10.40.38 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/25 12.09.16 | 000,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/19 16.00.12 | 003,850,306 | ---- | M] (Laurence Anthony) -- C:\Documents and Settings\Giorgia\Desktop\antconc3.2.1w.exe
[2010/03/02 19.23.03 | 000,069,616 | ---- | M] () -- C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]
 
[2010/03/28 18.02.51 | 000,002,423 | ---- | C] () -- C:\Documents and Settings\Giorgia\Desktop\HiJackThis.lnk
[2010/03/28 17.53.12 | 001,401,344 | ---- | C] () -- C:\Documents and Settings\Giorgia\Desktop\HijackThis.msi
[2010/03/28 16.08.52 | 000,001,479 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/10/05 13.40.24 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/10 18.23.57 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2009/01/22 17.50.02 | 001,474,003 | -HS- | C] () -- C:\WINDOWS\System32\vgugpoty.ini
[2009/01/21 20.23.00 | 001,474,003 | -HS- | C] () -- C:\WINDOWS\System32\irgxqnts.ini
[2009/01/20 20.21.46 | 001,472,741 | -HS- | C] () -- C:\WINDOWS\System32\vanujrwg.ini
[2009/01/19 19.24.29 | 001,472,741 | -HS- | C] () -- C:\WINDOWS\System32\lvgdyqsv.ini
[2009/01/19 19.21.28 | 001,443,651 | -HS- | C] () -- C:\WINDOWS\System32\rkelugjp.ini
[2009/01/17 17.41.29 | 001,442,941 | -HS- | C] () -- C:\WINDOWS\System32\thvioosn.ini
[2009/01/17 17.40.15 | 000,415,538 | -HS- | C] () -- C:\WINDOWS\System32\dehPonmp.ini2
[2009/01/17 17.40.14 | 000,415,538 | -HS- | C] () -- C:\WINDOWS\System32\dehPonmp.ini
[2009/01/09 02.45.34 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2003/02/19 02.26.28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
 
[color=\"#E56717\"]========== Custom Scans ==========[/color]
 
 
[color=\"#A23BEC\"]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=\"#A23BEC\"]< MD5 for: AGP440.SYS  >[/color]
[2004/08/19 16.50.30 | 018,778,587 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/01/08 14.26.20 | 023,892,987 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/01/08 14.26.20 | 023,892,987 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20.36.38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20.36.38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
[color=\"#A23BEC\"]< MD5 for: ATAPI.SYS  >[/color]
[2004/08/19 16.50.30 | 018,778,587 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/01/08 14.26.20 | 023,892,987 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/01/08 14.26.20 | 023,892,987 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20.40.30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20.40.30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23.59.44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
[color=\"#A23BEC\"]< MD5 for: EVENTLOG.DLL  >[/color]
[2008/04/14 04.13.39 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=BD5FEE908FDD9CB09AA3E78111AB1119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04.13.39 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=BD5FEE908FDD9CB09AA3E78111AB1119 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/19 16.39.10 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=D1CAA255F33C06C8302769A86FFB905E -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
[color=\"#A23BEC\"]< MD5 for: NETLOGON.DLL  >[/color]
[2004/08/19 16.39.22 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=926BB51BB6DE79DEDB93E9C2B0811CCF -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/14 04.13.46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E1DACEE13CAF8E118416399ABD2A08D9 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04.13.46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E1DACEE13CAF8E118416399ABD2A08D9 -- C:\WINDOWS\system32\netlogon.dll
 
[color=\"#A23BEC\"]< MD5 for: SCECLI.DLL  >[/color]
[2008/04/14 04.13.49 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=034B4B1E882563562B35E1FAB279DEDF -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04.13.49 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=034B4B1E882563562B35E1FAB279DEDF -- C:\WINDOWS\system32\scecli.dll
[2004/08/19 16.39.26 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=1446EB71ADF0F54980CDD7E5A812E102 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
[color=\"#A23BEC\"]< %systemroot%\*. /mp /s >[/color]
 
[color=\"#A23BEC\"]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
[color=\"#A23BEC\"]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
 
[color=\"#A23BEC\"]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=\"#A23BEC\"]< %systemroot%\System32\config\*.sav  >[/color]
[2009/01/08 02.24.14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/01/08 02.24.14 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/01/08 02.24.14 | 000,413,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
[color=\"#A23BEC\"]<  >[/color]
 
[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 335 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:07557E0B
@Alternate Data Stream - 311 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:7A8B9BF3
@Alternate Data Stream - 307 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:0A085469
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:CDAD96F5
@Alternate Data Stream - 294 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:B9502C3B
@Alternate Data Stream - 292 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:74A6F815
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:D8F9D810
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:E8CB831A
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:FA408F93
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:18BFD8F8
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:0D52F295
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:C213B3C4
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:D02FBAEC
< End of report >



Here the second log, EXTRAS:

OTL Extras logfile created on: 29/03/2010 9.34.45 - Run 1
OTL by OldTimer - Version 3.1.37.3     Folder = C:\Documents and Settings\Giorgia\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
255,00 Mb Total Physical Memory | 129,00 Mb Available Physical Memory | 50,00% Memory free
618,00 Mb Paging File | 359,00 Mb Available in Paging File | 58,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 38,28 Gb Total Space | 27,42 Gb Free Space | 71,62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC-GIORGIA
Current User Name: Giorgia
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[color=\"#E56717\"]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programmi\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programmi\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=\"#E56717\"]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
[color=\"#E56717\"]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\SetupWizard.exe" = D:\SetupWizard.exe:*:Enabled:SetupWizard -- File not found
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programmi\Microsoft Office\Office12\GROOVE.EXE" = C:\Programmi\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programmi\eMule\emule.exe" = C:\Programmi\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Programmi\iTunes\iTunes.exe" = C:\Programmi\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\Temp\NavBrowser.exe" = C:\WINDOWS\Temp\NavBrowser.exe:*:Enabled:NAVBrowser -- File not found
"C:\Programmi\TorrentsDownloadBin\SubsSearch.exe" = C:\Programmi\TorrentsDownloadBin\SubsSearch.exe:*:Enabled:UniFS Media - SubsSearch.exe -- File not found
"C:\Programmi\uTorrent\uTorrent.exe" = C:\Programmi\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\SetupWizard.exe" = D:\SetupWizard.exe:*:Enabled:SetupWizard -- File not found
"C:\Programmi\AVG\AVG9\avgupd.exe" = C:\Programmi\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programmi\AVG\AVG9\avgnsx.exe" = C:\Programmi\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
 
 
[color=\"#E56717\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(tm) 6 Update 17
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0010-0410-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (Italian) 12
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2007
"{AC76BA86-7AD7-1040-7B44-A90000000001}" = Adobe Reader 9 - Italiano
"{B2EFE303-A594-11D5-95EB-005004BC1C65}" = EPSON PhotoQuicker3.2
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{DDC5AF8D-A320-4A8C-805D-9063C6352127}" = Installazione Guidata Alice ADSL
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"0OT_rj22QBTg-" = LoudMo Contextual Ad Assistant
"Access Gateway USB" = Access Gateway USB
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AliceRE.MCCInstall" = Alice ti aiuta
"AVG9Uninstall" = AVG Free 9.0
"C-Media Audio Driver" = C-Media WDM Audio Driver
"Collins COBUILD 3.0" = Collins COBUILD on CD-ROM
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = Software per stampante EPSON
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR gestione archivi
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
[color=\"#E56717\"]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
 
[color=\"#E56717\"]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 04/10/2009 10.15.12 | Computer Name = PC-GIORGIA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo iexplore.exe, versione 7.0.6000.16762, modulo
 in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.
 
Error - 04/10/2009 10.15.13 | Computer Name = PC-GIORGIA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo iexplore.exe, versione 7.0.6000.16762, modulo
 in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.
 
Error - 04/10/2009 10.15.15 | Computer Name = PC-GIORGIA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo iexplore.exe, versione 7.0.6000.16762, modulo
 in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.
 
Error - 04/10/2009 10.15.15 | Computer Name = PC-GIORGIA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo iexplore.exe, versione 7.0.6000.16762, modulo
 in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.
 
Error - 07/10/2009 13.18.36 | Computer Name = PC-GIORGIA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore iexplore.exe, versione 7.0.6000.16762,
 modulo che ha provocato l'errore msvcr80.dll, versione 8.0.50727.762, indirizzo
 errore 0x00008a8c.
 
Error - 22/10/2009 3.39.33 | Computer Name = PC-GIORGIA | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 outlook.exe, P2 12.0.4518.1014, P3
 outlook.exe, P4 12.0.4518.1014, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
 
Error - 28/10/2009 12.34.27 | Computer Name = PC-GIORGIA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore iexplore.exe, versione 7.0.6000.16762,
 modulo che ha provocato l'errore avgssie.dll, versione 8.5.0.405, indirizzo errore
 0x00005d27.
 
Error - 01/11/2009 9.05.14 | Computer Name = PC-GIORGIA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore iexplore.exe, versione 7.0.6000.16762,
 modulo che ha provocato l'errore flash10c.ocx, versione 10.0.32.18, indirizzo errore
 0x000d0dcc.
 
Error - 01/11/2009 9.06.25 | Computer Name = PC-GIORGIA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore iexplore.exe, versione 7.0.6000.16762,
 modulo che ha provocato l'errore flash10c.ocx, versione 10.0.32.18, indirizzo errore
 0x000d0dcc.
 
Error - 04/11/2009 4.52.00 | Computer Name = PC-GIORGIA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore iexplore.exe, versione 7.0.6000.16762,
 modulo che ha provocato l'errore flash10c.ocx, versione 10.0.32.18, indirizzo errore
 0x00240b3d.
 
[ OSession Events ]
Error - 23/02/2009 14.48.19 | Computer Name = PC-GIORGIA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 117
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 22/03/2009 7.59.01 | Computer Name = PC-GIORGIA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 122
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 19/03/2010 9.53.26 | Computer Name = PC-GIORGIA | Source = Service Control Manager | ID = 7011
Description = Timout (30000 millisecondi) durante l'attesa della risposta alla transazione
 dal servizio avg8wd.
 
Error - 19/03/2010 14.33.48 | Computer Name = PC-GIORGIA | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare
il servizio wuauserv con gli argomenti ""  per eseguire il server   {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 22/03/2010 6.50.37 | Computer Name = PC-GIORGIA | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare
il servizio wuauserv con gli argomenti ""  per eseguire il server   {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 26/03/2010 7.05.26 | Computer Name = PC-GIORGIA | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare
il servizio wuauserv con gli argomenti ""  per eseguire il server   {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 28/03/2010 9.26.52 | Computer Name = PC-GIORGIA | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1053" durante il tentativo di avviare
il servizio iPod Service con gli argomenti ""  per eseguire il server   {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
 
Error - 28/03/2010 9.27.37 | Computer Name = PC-GIORGIA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisecondi) durante l'attesa della connessione del
 servizio Servizio iPod.
 
Error - 28/03/2010 9.27.37 | Computer Name = PC-GIORGIA | Source = Service Control Manager | ID = 7000
Description = Il servizio Servizio iPod non è stato avviato per il seguente errore:
   %%1053
 
Error - 28/03/2010 11.19.23 | Computer Name = PC-GIORGIA | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare
il servizio wuauserv con gli argomenti ""  per eseguire il server   {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 28/03/2010 11.27.13 | Computer Name = PC-GIORGIA | Source = DCOM | ID = 10010
Description = Il server {E60687F7-01A1-40AA-86AC-DB1CBF673334} non si è registrato
 con DCOM entro il tempo d'attesa richiesto.
 
Error - 28/03/2010 11.27.44 | Computer Name = PC-GIORGIA | Source = DCOM | ID = 10010
Description = Il server {E60687F7-01A1-40AA-86AC-DB1CBF673334} non si è registrato
 con DCOM entro il tempo d'attesa richiesto.
 
 
< End of report >

11
Tech Clinic / Problems with my internet connection and AV7
« on: March 28, 2010, 11:36:49 AM »
Hi, I have a couple of problems with my pc.

First of all AV7 installed automatically this morning, but I think I've managed to uninstall it through my hijack logfile...

Secondly, my internet connection has been running strangely for a couple of month. I manage to surf the net, but sometimes - by itself - the connection falls down and get automatically off line. The connection pop-up appears, but I can't connect from there, so I have to go to Internet Explorer page, tools, uncheck the 'off line' and do a sort of scan...it is called "diagnostica connessione di rete", in italian...and then everythig gets normal.

This is my hijack log:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 18.25.15, on 28/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\AVG\AVG9\avgui.exe
C:\Programmi\AVG\AVG9\avgscanx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\TrendMicro\HiJackThis\HiJackThis.exe
C:\Programmi\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F52F46FA-0980-485A-A724-332A0946C80D} - C:\WINDOWS\system32\pmnoPhed.dll (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [SSC Service Utility] C:\Programmi\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_S6C.tmp"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1231415365683
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {ECD97A8A-7B1A-428D-B696-3ED29826CE55} (PointWorld) - http://www.pointworld.kr/ocx/PointWorldXZ.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: njfjxf.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe

--
End of file - 7218 bytes


Thaks

12
Tech Clinic / Computer running slow
« on: August 28, 2008, 11:08:12 AM »
Sorry for the delay,but I was on vacation....

Link to the scan logfile

http://www.virustotal.com/it/analisis/2c825ac2d8baec3e8e21d44058dd30ec

But, for any case, this is the result:

File _ntimaxp.gif ricevuto il 2008.08.28 18:24:35 (CET)
Stato corrente: Carico ... in coda attesa scansione finito NON TROVATO INTERROTTO


Risultato: 27/33 (81.82%)
Carico informazioni server...
Il tuo file è in coda in posizione: 1.
Tempo stimato inizio tra 37 e 53 secondi.
Non chiudere la finestra fino al termine della scansione.
Lo scanner che stava processando il tuo file si è fermato in questo momento, stiamo aspettando alcuni secondi per tentare di recuperare i tuoi risultati.
Se stai aspettando da più di cinque minuti devi rimandare il tuo file.
VirusTotal sta controllando il tuo file in questo momento,
i risultati saranno visualizzati mentre vengono generati.
 Formattato Stampa risultati  
Il tuo file è scaduto o non esiste.
Il servizio è fermo in questo momento, il tuo file sta aspettando di essere controllato (posizione: ) da un tempo indefinito.

Puoi aspettare la risposta sul web (ricarico automatico) o digitare il tuo indirizzo email nel riquadro qui sotto e premere "richiesta" così il sistema ti invierà una notifica al termine della scansione.
 Email:  
 

Antivirus Versione Ultimo aggiornamento Risultato
AhnLab-V3 2008.8.29.0 2008.08.28 Win-Trojan/Rkdice.124324
AntiVir 7.8.1.23 2008.08.28 TR/RKDice.A
Authentium 5.1.0.4 2008.08.28 W32/RKDice.A
Avast 4.8.1195.0 2008.08.28 Win32:RKDice
AVG 8.0.0.161 2008.08.28 Generic.YME
BitDefender 7.2 2008.08.28 Trojan.RKDice.A
CAT-QuickHeal 9.50 2008.08.26 Trojan.RKDice.a
ClamAV 0.93.1 2008.08.28 Trojan.RkDice-1
DrWeb 4.44.0.09170 2008.08.28 Win32.HLLW.SpyBot
eSafe 7.0.17.0 2008.08.27 -
eTrust-Vet 31.6.6054 2008.08.28 Win32/Stresid.AT
Ewido 4.0 2008.08.28 -
F-Prot 4.4.4.56 2008.08.28 W32/RKDice.A
F-Secure 7.60.13501.0 2008.08.28 Trojan.Win32.RKDice.a
Fortinet 3.14.0.0 2008.08.28 W32/RKDice.A!tr
GData 19 2008.08.28 Trojan.Win32.RKDice.a
Ikarus T3.1.1.34.0 2008.08.28 Trojan.Win32.RKDice.a
K7AntiVirus 7.10.428 2008.08.25 Trojan.Win32.RKDice.a
Kaspersky 7.0.0.125 2008.08.28 Trojan.Win32.RKDice.a
McAfee 5372 2008.08.28 -
Microsoft 1.3807 2008.08.25 Backdoor:Win32/Rkdice.A
NOD32v2 3396 2008.08.28 Win32/RKDice.A
Panda 9.0.0.4 2008.08.27 Trj/RKDice.A
PCTools 4.4.2.0 2008.08.28 Trojan.RKDice.A
Prevx1 V2 2008.08.28 Rootkit
Rising 20.59.31.00 2008.08.28 Trojan.RKDice.b
Sophos 4.33.0 2008.08.28 Troj/RKDice-Fam
Sunbelt 3.1.1582.1 2008.08.26 -
TheHacker 6.3.0.6.064 2008.08.27 Trojan/RKDice.a
TrendMicro 8.700.0.1004 2008.08.28 -
ViRobot 2008.8.28.1353 2008.08.28 -
VirusBuster 4.5.11.0 2008.08.28 Trojan.RKDice.A
Webwasher-Gateway 6.6.2 2008.08.28 Trojan.RKDice.A
Informazioni addizionali
File size: 124531 bytes
MD5...: de114af81889fb4ca2b97192ab068554
SHA1..: 3c431d647f7ed7e48de9e63d8cd035a1d4f7ebe1
SHA256: 4e2b3b6b777afdcd1b4ea7c9104678b099546458024daae12c6187b6213247b3
SHA512: 7db980b16e7be01ea2e95a177cd07e3145a0c4a3a0049fb3672664920abb8e11
d9dcbcdf16f05f1d54bbfe3ae17fb3afa77d596bd6e9ef45e02606bee414184f
PEiD..: -
TrID..: File type identification
Clipper DOS Executable (33.3%)
Generic Win/DOS Executable (33.0%)
DOS Executable Generic (33.0%)
VXD Driver (0.5%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x3ee83268
timedatestamp.....: 0x0 (Thu Jan 01 00:00:00 1970)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x154a3 0x15600 6.31 dcd0a63f7c3da347808fbdf171ee9433
.data 0x17000 0x3d12 0x3800 6.29 86d348928156335af3689f840ac766b4
.reloc 0x1b000 0x3048 0x3200 6.55 0196fdaa8682110c76516bf5c9b5e2e9

( 1 imports )
> KERNEL32.dll: RtlUnwind, GetModuleHandleA

( 3 exports )
upzpcnyjlhjtz, zqdedfmggplphcheiww, zttfydztmnqvwrgtulcjy
 
Prevx info: http://info.prevx.com/aboutprogramtext.asp...C0584003BD6CD4A


About Avast!...Yes, I did what you told me about starting on Access Protections

Thank you and Bye
Jo

13
Tech Clinic / Computer running slow
« on: August 11, 2008, 07:05:55 AM »
ComboFix logfile:


ComboFix 08-08-10.04 - Giorgia 2008-08-11 14.09.18.5 - NTFSx86
Eseguito da: C:\Documents and Settings\Giorgia\Desktop\ComboFix.exe
 * Creato nuovo punto di ripristino

[color=\"red\"]ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !![/color]
.

(((((((((((((((((((((((((   Files Creati Da 2008-07-11 al 2008-08-11  )))))))))))))))))))))))))))))))))))
.

2008-08-11 12:41 . 2008-08-11 12:41   <DIR>   d--------   C:\WINDOWS\LastGood
2008-08-09 13:21 . 2008-08-10 13:24   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-08-09 13:21 . 2008-08-09 13:21   1,409   --a------   C:\WINDOWS\QTFont.for
2008-08-08 12:56 . 2008-08-11 12:42   <DIR>   d--------   C:\Programmi\EsetOnlineScanner
2008-08-07 09:29 . 2008-08-07 09:29   <DIR>   d--------   C:\_OTMoveIt
2008-08-06 12:40 . 2008-08-06 12:45   <DIR>   d--------   C:\Programmi\SpywareBlaster
2008-08-04 20:18 . 2008-08-04 20:18   <DIR>   d--------   C:\Documents and Settings\Giorgia\Saved Games
2008-08-04 20:02 . 2008-08-04 20:02   <DIR>   d--------   C:\Programmi\LeeGTs Games
2008-08-04 18:09 . 2008-08-04 18:09   <DIR>   d--------   C:\Documents and Settings\Giorgia\Dati applicazioni\Amaranth Games
2008-08-04 17:31 . 2008-08-04 17:31   <DIR>   d--------   C:\Programmi\PlayFirst
2008-08-04 16:33 . 2004-08-04 08:00   8,192   --a--c---   C:\WINDOWS\system32\dllcache\i2omgmt.sys
2008-08-04 16:32 . 2004-08-04 08:00   8,192   --a------   C:\WINDOWS\system32\drivers\changer.sys
2008-08-04 16:32 . 2004-08-04 08:00   8,192   --a--c---   C:\WINDOWS\system32\dllcache\changer.sys
2008-08-04 16:12 . 2008-06-10 02:32   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-08-04 16:10 . 2008-08-04 16:10   <DIR>   d--------   C:\Programmi\File comuni\Java
2008-08-01 13:01 . 2008-08-01 13:01   <DIR>   d--------   C:\Programmi\Malwarebytes' Anti-Malware
2008-08-01 13:01 . 2008-08-01 13:01   <DIR>   d--------   C:\Documents and Settings\Giorgia\Dati applicazioni\Malwarebytes
2008-08-01 13:01 . 2008-08-01 13:01   <DIR>   d--------   C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-08-01 13:01 . 2008-07-30 20:07   38,472   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-01 13:01 . 2008-07-30 20:07   17,144   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-07-31 11:19 . 2008-07-31 11:19   578,048   --a--c---   C:\WINDOWS\system32\dllcache\user32.dll
2008-07-29 18:09 . 2008-07-29 18:09   <DIR>   d--------   C:\Programmi\MSXML 4.0
2008-07-29 16:02 . 2008-06-14 19:59   272,768   -----c---   C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-29 15:51 . 2008-07-29 15:51   <DIR>   d--------   C:\Programmi\Pirelli
2008-07-29 15:44 . 2004-10-05 18:41   25,984   --a------   C:\WINDOWS\system32\drivers\CnxTrLan.sys
2008-07-29 13:28 . 2008-07-29 13:28   <DIR>   d--------   C:\Programmi\Motive
2008-07-28 18:58 . 2004-07-05 21:25   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Risorse di stampa
2008-07-28 18:58 . 2004-07-05 21:25   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Risorse di rete
2008-07-28 18:58 . 2008-07-28 19:00   <DIR>   d--------   C:\Documents and Settings\Administrator\Preferiti
2008-07-28 18:58 . 2004-07-05 20:35   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Modelli
2008-07-28 18:58 . 2004-07-05 21:25   <DIR>   dr-------   C:\Documents and Settings\Administrator\Menu Avvio
2008-07-28 18:58 . 2008-08-11 14:13   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Impostazioni locali
2008-07-28 18:58 . 2004-07-05 21:25   <DIR>   d--------   C:\Documents and Settings\Administrator\Documenti
2008-07-28 18:58 . 2004-07-05 21:25   <DIR>   dr-h-----   C:\Documents and Settings\Administrator\Dati applicazioni
2008-07-28 18:58 . 2008-07-28 18:58   <DIR>   d--------   C:\Documents and Settings\Administrator
2008-07-28 15:59 . 2008-07-28 15:59   <DIR>   d--------   C:\Documents and Settings\Giorgia\Dati applicazioni\Youdagames
2008-07-28 15:59 . 2008-07-28 15:59   <DIR>   d--------   C:\Documents and Settings\Giorgia\Dati applicazioni\SpinTop
2008-07-28 15:59 . 2008-07-28 15:59   <DIR>   d--------   C:\Documents and Settings\All Users\Dati applicazioni\Ludia
2008-07-28 15:59 . 2008-07-28 15:59   <DIR>   d--------   C:\Documents and Settings\All Users\Dati applicazioni\blg
2008-07-28 15:58 . 2008-07-28 15:58   <DIR>   d--------   C:\WINDOWS\Supermarket Mania
2008-07-15 19:50 . 2008-07-15 19:50   <DIR>   d--------   C:\Documents and Settings\Giorgia\Dati applicazioni\blg

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-09 16:02   ---------   d-----w   C:\Programmi\CleanUp!
2008-08-07 09:16   ---------   d-----w   C:\Programmi\eMule
2008-08-06 10:50   ---------   d---a-w   C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-08-04 15:31   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\PlayFirst
2008-08-04 14:12   ---------   d-----w   C:\Programmi\Java
2008-08-01 13:49   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\Gaijin Ent
2008-08-01 12:23   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\SolidDocuments
2008-07-29 16:44   ---------   d-----w   C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-07-29 13:51   ---------   d-----w   C:\Programmi\Alice ti aiuta
2008-07-28 13:59   ---------   d-----w   C:\Programmi\Free PDF to Word Doc Converter
2008-07-28 13:59   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\ITTNord
2008-07-28 11:11   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\AdobeUM
2008-07-28 11:09   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\Alawar
2008-07-28 11:09   ---------   d-----w   C:\Documents and Settings\All Users\Dati applicazioni\PlayFirst
2008-07-01 10:35   ---------   d-----w   C:\Documents and Settings\All Users\Dati applicazioni\FreshGames
2008-06-30 11:01   ---------   d-----w   C:\Documents and Settings\All Users\Dati applicazioni\Fitn17
2008-06-20 10:45   360,320   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44   138,368   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52   225,920   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59   272,768   ------w   C:\WINDOWS\system32\drivers\bthport.sys
2005-09-05 07:39   19,544   ----a-w   C:\Documents and Settings\Giorgia\Dati applicazioni\GDIPFONTCACHEV1.DAT
2004-11-22 16:00   5,547,008   ----a-w   C:\Programmi\pspf.msi
.

(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-06-24 14:08 860160]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 15:29 176128]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"EPSON Stylus C62 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-07-01 05:05 74752]
"DataLayer"="C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 11:31 819712]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:39 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-05-09 10:44:23 110592]
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2005-08-30 09:50:07 212992]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2006-12-29 17:01:45 118784]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\LimeWire\\LimeWire.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
.
Contenuto della cartella 'Scheduled Tasks'

2008-08-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Giorgia\Dati applicazioni\Mozilla\Firefox\Profiles\iaehvn8b.default\


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-11 14:14:58
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


C:\:ntimaxp.gif 124531 bytes executable

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
Ora fine scansione: 2008-08-11 14:24:15
ComboFix-quarantined-files.txt  2008-08-11 12:24:04

Pre-Run: 26,828,345,344 byte disponibili
Post-Run: 27,052,310,528 byte disponibili

132   --- E O F ---   2008-07-29 16:44:35


thanx
bye

14
Tech Clinic / Computer running slow
« on: August 11, 2008, 06:40:07 AM »
Eset Online Scanner log:

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3345 (20080811)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=a94d4b6b64672f41a87c0dce345bb83a
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-08-11 11:58:06
# local_time=2008-08-11 01:58:06 (+0100, ora legale Europa occidentale)
# country="Italy"
# osver=5.1.2600 NT Service Pack 2
# scanned=242394
# found=0
# scan_time=4517


Bye

15
Tech Clinic / Computer running slow
« on: August 07, 2008, 02:40:14 AM »
This is the logfile from OTMOveIt2 :

File move failed. C:\:ntimaxp.gif scheduled to be moved on reboot.
File/Folder C:\Programmi\7788xyx not found.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08072008_092949

Files moved on Reboot...
File move failed. C:\:ntimaxp.gif scheduled to be moved on reboot.

As concerning Avast, I mean...I run a complete scan and while doing it, appears a big grey box saying "Trojan Horse", asking me to erase it/put it in bin etc etc. I clicked on cancel/erase...

About Avast!
Version 4.8 Home edition
Version Jul2008 (4.8.1229)
Xtreme Toolkit version 1.9.4.0
Use version ActiveSkin 4.2.7.3

VPS file (virus archive)
Compilation date: 06/08/2008
Version file: 080806-0

Registration key
Update rexpiration date: sunday 1 March 2009


The red little shel is still here, when I click on it, it opens "Windows Secure Centre" (I hope it's the right translation)...
Firewall is activated; Automatic Updates are blocked (I decide which and when to download them) and Protection from virus is not activated
What I have to do?

Thank you
Bye

16
Tech Clinic / Computer running slow
« on: August 06, 2008, 10:18:50 AM »
Oh, one more thing...
There are two little shelds at the bottom-rigth part of my desktop...on the lower bar. One is yellow and I know what it means (It is against microsoft automatic updates.I don't want them because my XP is given by a friend of mine/cracked). The red sheld is the problem, I've never seen it before and when I click on it, it says that avast!antivirus is not activated...

What I have to do? Is it a problem?
I've just run an avast scan, and it cancelled a trojan horse.

That's all...
Thank you again.

17
Tech Clinic / Computer running slow
« on: August 06, 2008, 05:43:09 AM »
Well...Let's start...

1. I found only this folder > C:\Programmi\temp01, not this > C:\Programmi\7788xyx

2. Everything ok with ComboFix /u and OTMoveIt2.exe

3. I did everything you told me with Spywareblaster, but I didn't find "Check for updates every couple of weeks" (maybe it is only an advice for me?!?)

4. I think/hope AVAST is running as it has to, and I occasionally do some scan (HijackThis, Avast, etc)

5. And last, this is the logfile from Hijackthis (addspy):

C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 05816AFA  (112 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 0A73A758  (99 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 1D6686D8  (126 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 2615E8F1  (117 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 2A81F9CE  (97 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 3B3A35EC  (129 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 3CD562B4  (114 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 426796C0  (111 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 4CF61E54  (104 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 4D066AD2  (108 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 4F636E25  (127 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 507C73B7  (114 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 5C321E34  (120 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 5F1019FF  (113 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 69FD6BF0  (104 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 6FA38600  (115 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 723E56EC  (106 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 7FC64998  (122 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 89E1BAF5  (121 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 8B51CAAE  (122 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 949483BD  (117 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 9FE30AB2  (100 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : A6346EE9  (125 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : B19CC382  (111 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : B56AB4D2  (94 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : BEA1F887  (101 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : CB0EB1DE  (125 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : D8A7F3FF  (98 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : D994162E  (94 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : E71141D2  (107 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : EB603FE4  (110 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : EF794BCD  (115 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : F67AAFC5  (109 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 05816AFA  (112 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 0A73A758  (99 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 1D6686D8  (126 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 2615E8F1  (117 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 2A81F9CE  (97 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 3B3A35EC  (129 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 3CD562B4  (114 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 426796C0  (111 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 4CF61E54  (104 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 4D066AD2  (108 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 4F636E25  (127 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 507C73B7  (114 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 5C321E34  (120 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 5F1019FF  (113 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 69FD6BF0  (104 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 6FA38600  (115 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 723E56EC  (106 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 7FC64998  (122 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 89E1BAF5  (121 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 8B51CAAE  (122 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 949483BD  (117 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 9FE30AB2  (100 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : A6346EE9  (125 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : B19CC382  (111 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : B56AB4D2  (94 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : BEA1F887  (101 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : CB0EB1DE  (125 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : D8A7F3FF  (98 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : D994162E  (94 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : E71141D2  (107 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : EB603FE4  (110 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : EF794BCD  (115 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : F67AAFC5  (109 bytes)
C:\Documents and Settings\Giorgia : zylomtest  (0 bytes)
C:\Documents and Settings\Giorgia : zylomtr{00013KEU-UKQE-K6V0-6KK2-254E2EDG6VV4}  (14 bytes)
C:\Documents and Settings\Giorgia : zylomtr{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVTJ}  (17 bytes)
C:\Documents and Settings\Giorgia : zylomtr{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVU5}  (17 bytes)
C:\Documents and Settings\Giorgia : zylomtr{000HQ7FF-AD7A-3FG5-BPAV-24QJBB1JIVUT}  (17 bytes)
C:\Documents and Settings\Giorgia : zylomtr{1000278T-TT9K-T8DU-1KFV-23O5NTEJMVTR}  (18 bytes)
C:\Documents and Settings\Giorgia : zylomtest  (0 bytes)
C:\Documents and Settings\Giorgia : zylomtr{00013KEU-UKQE-K6V0-6KK2-254E2EDG6VV4}  (14 bytes)
C:\Documents and Settings\Giorgia : zylomtr{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVTJ}  (17 bytes)
C:\Documents and Settings\Giorgia : zylomtr{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVU5}  (17 bytes)
C:\Documents and Settings\Giorgia : zylomtr{000HQ7FF-AD7A-3FG5-BPAV-24QJBB1JIVUT}  (17 bytes)
C:\Documents and Settings\Giorgia : zylomtr{1000278T-TT9K-T8DU-1KFV-23O5NTEJMVTR}  (18 bytes)


That's all...
Thank you

18
Tech Clinic / Computer running slow
« on: August 05, 2008, 01:49:46 AM »
ComboFix logfile:


ComboFix 08-08-04.01 - Giorgia 2008-08-05  8.44.16.4 - NTFSx86
Eseguito da: C:\Documents and Settings\Giorgia\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Giorgia\Desktop\CFScript.txt

[color=\"red\"]ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !![/color]
.

(((((((((((((((((((((((((((((((((((((   Altre eliminazioni   )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Giorgia\Dati applicazioni\macromedia\Flash Player\#SharedObjects\K9VWWD3V\interclick.com
C:\Documents and Settings\Giorgia\Dati applicazioni\macromedia\Flash Player\#SharedObjects\K9VWWD3V\interclick.com\ud.sol
C:\Documents and Settings\Giorgia\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Giorgia\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\smdat32m.sys

.
(((((((((((((((((((((((((   Files Creati Da 2008-07-05 al 2008-08-05  )))))))))))))))))))))))))))))))))))
.

2008-08-04 20:18 . 2008-08-04 20:18   <DIR>   d--------   C:\Documents and Settings\Giorgia\Saved Games
2008-08-04 20:02 . 2008-08-04 20:02   <DIR>   d--------   C:\Programmi\LeeGTs Games
2008-08-04 18:09 . 2008-08-04 18:09   <DIR>   d--------   C:\Documents and Settings\Giorgia\Dati applicazioni\Amaranth Games
2008-08-04 17:31 . 2008-08-04 17:31   <DIR>   d--------   C:\Programmi\PlayFirst
2008-08-04 16:33 . 2004-08-04 08:00   8,192   --a--c---   C:\WINDOWS\system32\dllcache\i2omgmt.sys
2008-08-04 16:32 . 2004-08-04 08:00   8,192   --a------   C:\WINDOWS\system32\drivers\changer.sys
2008-08-04 16:32 . 2004-08-04 08:00   8,192   --a--c---   C:\WINDOWS\system32\dllcache\changer.sys
2008-08-04 16:12 . 2008-06-10 02:32   73,728   --a------   C:\WINDOWS\system32\javacpl.cpl
2008-08-04 16:10 . 2008-08-04 16:10   <DIR>   d--------   C:\Programmi\File comuni\Java
2008-08-01 13:01 . 2008-08-01 13:01   <DIR>   d--------   C:\Programmi\Malwarebytes' Anti-Malware
2008-08-01 13:01 . 2008-08-01 13:01   <DIR>   d--------   C:\Documents and Settings\Giorgia\Dati applicazioni\Malwarebytes
2008-08-01 13:01 . 2008-08-01 13:01   <DIR>   d--------   C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-08-01 13:01 . 2008-07-30 20:07   38,472   --a------   C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-01 13:01 . 2008-07-30 20:07   17,144   --a------   C:\WINDOWS\system32\drivers\mbam.sys
2008-07-31 11:52 . 2008-07-31 11:52   <DIR>   d--------   C:\Deckard
2008-07-31 11:19 . 2008-07-31 11:19   578,048   --a--c---   C:\WINDOWS\system32\dllcache\user32.dll
2008-07-30 14:14 . 2008-07-30 14:14   <DIR>   d--------   C:\SDFix
2008-07-29 18:09 . 2008-07-29 18:09   <DIR>   d--------   C:\Programmi\MSXML 4.0
2008-07-29 16:02 . 2008-06-14 19:59   272,768   -----c---   C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-29 15:51 . 2008-07-29 15:51   <DIR>   d--------   C:\Programmi\Pirelli
2008-07-29 15:44 . 2004-10-05 18:41   25,984   --a------   C:\WINDOWS\system32\drivers\CnxTrLan.sys
2008-07-29 13:28 . 2008-07-29 13:28   <DIR>   d--------   C:\Programmi\Motive
2008-07-28 18:58 . 2004-07-05 21:25   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Risorse di stampa
2008-07-28 18:58 . 2004-07-05 21:25   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Risorse di rete
2008-07-28 18:58 . 2008-07-28 19:00   <DIR>   d--------   C:\Documents and Settings\Administrator\Preferiti
2008-07-28 18:58 . 2004-07-05 20:35   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Modelli
2008-07-28 18:58 . 2004-07-05 21:25   <DIR>   dr-------   C:\Documents and Settings\Administrator\Menu Avvio
2008-07-28 18:58 . 2008-08-05 08:48   <DIR>   d--h-----   C:\Documents and Settings\Administrator\Impostazioni locali
2008-07-28 18:58 . 2004-07-05 21:25   <DIR>   d--------   C:\Documents and Settings\Administrator\Documenti
2008-07-28 18:58 . 2004-07-05 21:25   <DIR>   dr-h-----   C:\Documents and Settings\Administrator\Dati applicazioni
2008-07-28 18:58 . 2008-07-28 18:58   <DIR>   d--------   C:\Documents and Settings\Administrator
2008-07-28 15:59 . 2008-07-28 15:59   <DIR>   d--------   C:\Documents and Settings\Giorgia\Dati applicazioni\Youdagames
2008-07-28 15:59 . 2008-07-28 15:59   <DIR>   d--------   C:\Documents and Settings\Giorgia\Dati applicazioni\SpinTop
2008-07-28 15:59 . 2008-07-28 15:59   <DIR>   d--------   C:\Documents and Settings\All Users\Dati applicazioni\Ludia
2008-07-28 15:59 . 2008-07-28 15:59   <DIR>   d--------   C:\Documents and Settings\All Users\Dati applicazioni\blg
2008-07-28 15:58 . 2008-07-28 15:58   <DIR>   d--------   C:\WINDOWS\Supermarket Mania
2008-07-15 19:50 . 2008-07-15 19:50   <DIR>   d--------   C:\Documents and Settings\Giorgia\Dati applicazioni\blg

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-04 17:44   ---------   d-----w   C:\Programmi\eMule
2008-08-04 16:18   ---------   d---a-w   C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-08-04 15:31   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\PlayFirst
2008-08-04 14:12   ---------   d-----w   C:\Programmi\Java
2008-08-01 13:49   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\Gaijin Ent
2008-08-01 12:23   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\SolidDocuments
2008-07-29 16:44   ---------   d-----w   C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-07-29 13:51   ---------   d-----w   C:\Programmi\Alice ti aiuta
2008-07-28 14:13   ---------   d-----w   C:\Programmi\CleanUp!
2008-07-28 13:59   ---------   d-----w   C:\Programmi\Free PDF to Word Doc Converter
2008-07-28 13:59   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\ITTNord
2008-07-28 11:11   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\AdobeUM
2008-07-28 11:09   ---------   d-----w   C:\Documents and Settings\Giorgia\Dati applicazioni\Alawar
2008-07-28 11:09   ---------   d-----w   C:\Documents and Settings\All Users\Dati applicazioni\PlayFirst
2008-07-15 17:43   0   ----a-w   C:\Programmi\temp01
2008-07-01 10:35   ---------   d-----w   C:\Documents and Settings\All Users\Dati applicazioni\FreshGames
2008-06-30 11:01   ---------   d-----w   C:\Documents and Settings\All Users\Dati applicazioni\Fitn17
2008-06-20 17:39   247,296   ----a-w   C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45   360,320   ----a-w   C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44   138,368   ----a-w   C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52   225,920   ----a-w   C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59   272,768   ------w   C:\WINDOWS\system32\drivers\bthport.sys
2008-05-07 05:14   1,292,800   ----a-w   C:\WINDOWS\system32\quartz.dll
2005-09-05 07:39   19,544   ----a-w   C:\Documents and Settings\Giorgia\Dati applicazioni\GDIPFONTCACHEV1.DAT
2004-11-22 16:00   5,547,008   ----a-w   C:\Programmi\pspf.msi
.

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Programmi\7788xyx ----

         C:\Programmi\7788xyx\

---- Directory of C:\Programmi\temp01 ----

         C:\Programmi\temp01\


(((((((((((((((((((((((((((((((((((((   Punti Reg Caricati   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2005-06-24 14:08 860160]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:39 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SWHelper"="C:\WINDOWS\system32\Macromed\Shockwave 10\PostUpdate.exe" [2008-08-04 17:01 53248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2005-06-29 15:29 176128]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"EPSON Stylus C62 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-07-01 05:05 74752]
"DataLayer"="C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe" [2005-06-07 11:31 819712]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:39 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-05-09 10:44:23 110592]
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2005-08-30 09:50:07 212992]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2006-12-29 17:01:45 118784]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\LimeWire\\LimeWire.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
.
Contenuto della cartella 'Scheduled Tasks'

2008-06-30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]
.
- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-MsnMsgr - C:\Programmi\MSN Messenger\MsnMsgr.Exe
HKLM-Run-Cmaudio - cmicnfg.cpl


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 08:48:59
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


C:\:ntimaxp.gif 124531 bytes executable


**************************************************************************
.
Ora fine scansione: 2008-08-05  8:55:26
ComboFix-quarantined-files.txt  2008-08-05 06:54:22

Pre-Run: 25,608,318,976 byte disponibili
Post-Run: 25,889,759,232 byte disponibili

144   --- E O F ---   2008-07-29 16:44:35



That's all...
Well, could you tell me - at the end of our work - which of the programms you told me to download I can erase?
When I can enable Avast again, and if my antivrus system it's ok?

Thank you
Joy

19
Tech Clinic / Computer running slow
« on: August 04, 2008, 09:00:18 AM »
DSS last main.txt logfile:

Deckard's System Scanner v20071014.68
Run by Giorgia on 2008-08-04 16:15:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------

[color=\"red\"]Total Physical Memory: 256 MiB (512 MiB recommended).[/color]


-- HijackThis (run as Giorgia.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.15.55, on 04/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Giorgia\Desktop\dss.exe
C:\HIJACK~1\Giorgia.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{346CE3E6-CEFF-487D-8062-41622532CFC9}: NameServer = 212.216.172.62,212.216.172.162
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E23121B-051B-4265-97D3-DE26F9093EA0}: NameServer = 85.37.17.6 85.38.28.89
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe

--
End of file - 5728 bytes

-- Files created between 2008-07-04 and 2008-08-04 -----------------------------

2008-08-04 16:10:32         0 d-------- C:\Programmi\File comuni\Java
2008-08-01 15:47:22         0 d-------- C:\Programmi\7788xyx
2008-08-01 13:01:05         0 d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-07-29 18:09:01         0 d-------- C:\Programmi\MSXML 4.0
2008-07-29 15:51:23         0 d-------- C:\Programmi\Pirelli
2008-07-29 13:28:27         0 d-------- C:\Programmi\Motive
2008-07-28 16:42:01   6553600 --a------ C:\Documents and Settings\Giorgia\ntuser.dat
2008-07-28 15:58:58         0 d-------- C:\WINDOWS\Supermarket Mania
2008-07-15 19:43:01         0 --a------ C:\Programmi\temp01


-- Find3M Report ---------------------------------------------------------------

2008-08-04 16:12:51         0 d-------- C:\Programmi\Java
2008-08-04 16:10:32         0 d-------- C:\Programmi\File comuni
2008-08-04 11:26:07         0 d-------- C:\Programmi\eMule
2008-08-01 15:49:19      1632 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-08-01 15:49:19         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\Gaijin Ent
2008-08-01 14:23:51         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\SolidDocuments
2008-08-01 13:01:19         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\Malwarebytes
2008-07-29 18:11:54    450358 --a------ C:\WINDOWS\system32\perfh010.dat
2008-07-29 18:11:54     75186 --a------ C:\WINDOWS\system32\perfc010.dat
2008-07-29 15:51:00         0 d-------- C:\Programmi\Alice ti aiuta
2008-07-28 15:59:38         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\SpinTop
2008-07-28 15:59:32         0 d-------- C:\Programmi\Free PDF to Word Doc Converter
2008-07-28 15:59:19         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\Youdagames
2008-07-28 15:59:01         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\ITTNord
2008-07-28 13:11:39         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\AdobeUM
2008-07-28 13:09:33         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\Alawar
2008-07-22 16:42:26      1744 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-15 19:50:04         0 d-------- C:\Documents and Settings\Giorgia\Dati applicazioni\blg


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [19/07/2008 16.38]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [25/10/2006 19.58]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [29/06/2005 15.29]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [30/10/2006 10.36]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 00.47]
"EPSON Stylus C62 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [01/07/2002 05.05]
"DataLayer"="C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe" [07/06/2005 11.31]
"Cmaudio"="cmicnfg.cpl" []
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [10/06/2008 04.27]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [24/06/2005 14.08]
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [20/08/2004 00.39]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [09/05/2005 10.44.23]
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [30/08/2005 9.50.07]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/04/2008 3.38.16]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [29/12/2006 17.01.45]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders   msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-08-04 16:16:23 ------------



Everything is running well.
Thank you

20
Tech Clinic / Computer running slow
« on: August 01, 2008, 07:15:04 AM »
Here the log file of Malwarebytes:


Malwarebytes' Anti-Malware 1.24
Versione del database: 1014
Windows 5.1.2600 Service Pack 2

14.30.17 01/08/2008
mbam-log-8-1-2008 (14-30-16).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 94985
Tempo trascorso: 1 hour(s), 27 minute(s), 15 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 41
Valori di registro infetti: 1
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 4

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\Interface\{bd219b90-626b-40f4-bfdd-420240dfca2c} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{49bcc77a-79eb-4d50-a6db-04e8202921c4} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adzgalore.optimizer (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\adzgalore.optimizer.1 (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1037b06c-84b7-4240-8d80-485810a0497d} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{54b287f9-fd90-4457-b65e-cb91560c021d} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e4c7afc-9915-4036-b7f9-8b3f1710788f} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{450b9e4d-4014-4de3-b34e-014a81468293} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c7f00a9a-f1bc-436e-82c7-e8cae6fd67f7} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\gnucdna.core (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f02c0ae1-d796-42c9-81e1-084d88f79b8e} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{0be385a3-85a5-4722-b677-68dae891ff21} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{272c0d60-0561-4c83-b3db-eb0a71f9d2eb} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{284477e4-a7cb-4055-9e1b-0ea7cba28945} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{70ca4938-6a0f-4641-a9a9-c936e4c1e7de} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7468213e-010e-4ec6-a17d-642e909ba7ec} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{89dc33a2-f86f-42a1-8b5f-d4d1943efc9c} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b86f4810-19a9-4050-9ac9-b5cf60b5799a} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bb5b7e14-f8b4-4365-a24d-f4965c33e1ee} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c13d4627-02f5-4b03-897a-bf6a90022dd2} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c636f1fc-6ae4-4e6a-90ab-6d61d821a0dd} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cb971ac0-6408-40da-a540-92f9f256f51f} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d5694dfe-43b6-4e05-aa29-8c556c968973} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e2032ec2-a9ac-4ed7-9bdb-ebecacf076f2} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ebab4a71-8c34-461a-b57d-dd041d439555} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f06fea43-0cc3-4bf6-a85b-5efb1c07aa4b} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fc94a0f7-9c7c-4ae2-9106-5c212332b209} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{2850bdc7-2330-4e31-9fa0-88268846539a} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pornpro.pornpro_bho (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pornpro.pornpro_bho.1 (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\adssite (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\adzgalore (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\HID_Layer (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\WINDOWS\system32\GnucDNA.dll (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D8D61582-A32E-4FC7-B9FB-F25421AFB0AB}\RP311\A0123325.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\Cursors\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.



Fresh Hijackthis logfile:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.34.54, on 01/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Programmi\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{346CE3E6-CEFF-487D-8062-41622532CFC9}: NameServer = 212.216.172.62,212.216.172.162
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E23121B-051B-4265-97D3-DE26F9093EA0}: NameServer = 85.37.17.6 85.38.28.89
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe

--
End of file - 5450 bytes


Hope I've posted everything you need...
Bye and Thanx

Pages: [1] 2 3 ... 5