« previous next »
Pages: [1]

Author Topic: Problems with my internet connection and AV7  (Read 1845 times)

Offline joy

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
    • http://
Problems with my internet connection and AV7
« on: March 28, 2010, 11:36:49 AM »
Hi, I have a couple of problems with my pc.

First of all AV7 installed automatically this morning, but I think I've managed to uninstall it through my hijack logfile...

Secondly, my internet connection has been running strangely for a couple of month. I manage to surf the net, but sometimes - by itself - the connection falls down and get automatically off line. The connection pop-up appears, but I can't connect from there, so I have to go to Internet Explorer page, tools, uncheck the 'off line' and do a sort of scan...it is called "diagnostica connessione di rete", in italian...and then everythig gets normal.

This is my hijack log:

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 18.25.15, on 28/03/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\AVG\AVG9\avgui.exe
C:\Programmi\AVG\AVG9\avgscanx.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\TrendMicro\HiJackThis\HiJackThis.exe
C:\Programmi\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F52F46FA-0980-485A-A724-332A0946C80D} - C:\WINDOWS\system32\pmnoPhed.dll (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"
O4 - HKLM\..\Run: [SSC Service Utility] C:\Programmi\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_S6C.tmp"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1231415365683
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} (igLoader Content on Demand) - http://www.miniclip.com/igloader/igloader.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {ECD97A8A-7B1A-428D-B696-3ED29826CE55} (PointWorld) - http://www.pointworld.kr/ocx/PointWorldXZ.ocx
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: njfjxf.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Programmi\AVG\AVG9\avgwdsvc.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe

--
End of file - 7218 bytes


Thaks
« Last Edit: March 28, 2010, 11:39:06 AM by joy »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Problems with my internet connection and AV7
« Reply #1 on: March 28, 2010, 12:28:22 PM »
Hi again Joy, I'm out of town at the moment
But I'll try and help with what I can from here
Can you do the following for me please
Download [color=\"#FF0000\"]OTL.exe[/color][/url] by OldTimer to your Desktop.
  • Close all windows and double click on OTL.exe to run it
  • Under the Custom Scan box paste this in, the contents in Blue
[color=\"#0000FF\"]netsvcs
msconfig
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav [/color]


  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

NOTE: If you have trouble, or an error message trying to post the logs
Can you upload it to a reply box
In a Reply, select "Browse..." on the bottom right and then navigate to the file and select it
Then click "Upload"
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline joy

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
    • http://
Problems with my internet connection and AV7
« Reply #2 on: March 29, 2010, 02:57:53 AM »
Here the first log, OTL:

OTL logfile created on: 29/03/2010 9.34.45 - Run 1
OTL by OldTimer - Version 3.1.37.3     Folder = C:\Documents and Settings\Giorgia\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
255,00 Mb Total Physical Memory | 129,00 Mb Available Physical Memory | 50,00% Memory free
618,00 Mb Paging File | 359,00 Mb Available in Paging File | 58,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 38,28 Gb Total Space | 27,42 Gb Free Space | 71,62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC-GIORGIA
Current User Name: Giorgia
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/03/29 09.30.10 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Giorgia\Desktop\OTL.exe
PRC - [2010/03/26 10.37.58 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/26 10.37.56 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgnsx.exe
PRC - [2010/03/26 10.37.51 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgrsx.exe
PRC - [2010/03/26 10.37.44 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/26 10.36.34 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgtray.exe
PRC - [2010/03/26 10.35.04 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgwdsvc.exe
PRC - [2009/03/06 00.04.30 | 000,132,424 | ---- | M] (Apple Inc.) -- C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/04/14 04.14.07 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/03/16 14.49.16 | 000,184,320 | ---- | M] () -- C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
PRC - [2002/07/01 05.05.00 | 000,074,752 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE
 
 
[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/03/29 09.30.10 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Giorgia\Desktop\OTL.exe
 
 
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2010/03/26 10.35.04 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programmi\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/03/06 00.04.30 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/01/09 14.37.51 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006/10/26 20.49.34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14.03.08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002/07/17 02.03.00 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
 
 
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010/03/26 10.41.34 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/26 10.41.28 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/26 10.41.26 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/04/13 20.53.09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 20.45.29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 20.36.39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/10/05 18.41.52 | 000,052,864 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CnxTrUsb.sys -- (CnxTrUsb)
DRV - [2004/10/05 18.41.52 | 000,025,984 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CnxTrLan.sys -- (CnxTrLan)
DRV - [2004/08/04 00.29.56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/18 00.00.04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 22.11.06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
 
 
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www2.iesearch.com/
 
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
 
 
 
O1 HOSTS File: ([2009/06/03 19.57.08 | 000,000,804 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1     local.subssearch.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {F52F46FA-0980-485A-A724-332A0946C80D} - C:\WINDOWS\System32\pmnoPhed.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programmi\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cmaudio]  File not found
O4 - HKLM..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [SSC Service Utility] C:\Programmi\SSC Service Utility\ssc_serv.exe File not found
O4 - HKCU..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\Giorgia\Menu Avvio\Programmi\Esecuzione automatica\Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmi\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1231415365683 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} http://www.miniclip.com/igloader/igloader.CAB (igLoader Content on Demand)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {ECD97A8A-7B1A-428D-B696-3ED29826CE55} http://www.pointworld.kr/ocx/PointWorldXZ.ocx (PointWorld)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (njfjxf.dll) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\pmnoPhed) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/08 01.38.37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell - "" = AutoRun
O33 - MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\1\Command - "" = .\RECYCLER\RECYCLER\autorun.exe
O33 - MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\2\Command - "" = .\RECYCLER\RECYCLER\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/01/08 01.37.53 | 000,000,000 | ---D | M]
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
Unable to start service SrService!
 
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/03/29 09.30.10 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Giorgia\Desktop\OTL.exe
[2010/03/28 18.02.50 | 000,000,000 | ---D | C] -- C:\Programmi\TrendMicro
[2010/03/28 17.16.25 | 000,000,000 | ---D | C] -- C:\Programmi\AV7
[2010/03/28 16.04.35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Microsoft
[2010/03/28 16.04.35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dati applicazioni\Microsoft
[2010/03/28 16.04.35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft
[2010/03/28 15.25.10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Dati applicazioni\AVG9
[2010/03/26 12.44.10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
[2010/03/26 10.42.39 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/03/26 10.27.57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\avg9
[2010/03/26 10.26.56 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/03/26 10.23.44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft
[2010/03/25 12.13.03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Desktop\Non-Dedicated magazines
[2010/03/25 12.12.52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Desktop\Intermediate magazines
[2010/03/25 12.12.23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Desktop\Dedicated magazines
[2010/03/22 12.39.26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Maximize Games
[2010/03/19 16.00.12 | 003,850,306 | ---- | C] (Laurence Anthony) -- C:\Documents and Settings\Giorgia\Desktop\antconc3.2.1w.exe
[2009/06/05 17.40.54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\myBabylon_English
[2009/01/23 18.40.11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/03/29 09.30.10 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Giorgia\Desktop\OTL.exe
[2010/03/29 09.23.58 | 058,189,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/29 09.18.11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/29 09.16.34 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\vtfkyhka.job
[2010/03/29 09.16.34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/29 09.16.27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/29 09.16.24 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/28 19.19.46 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Giorgia\ntuser.dat
[2010/03/28 19.19.46 | 000,000,194 | -HS- | M] () -- C:\Documents and Settings\Giorgia\ntuser.ini
[2010/03/28 18.24.27 | 000,002,423 | ---- | M] () -- C:\Documents and Settings\Giorgia\Desktop\HiJackThis.lnk
[2010/03/28 17.53.15 | 001,401,344 | ---- | M] () -- C:\Documents and Settings\Giorgia\Desktop\HijackThis.msi
[2010/03/28 16.11.07 | 004,793,312 | -H-- | M] () -- C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\IconCache.db
[2010/03/28 16.08.52 | 000,001,479 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/03/28 15.29.03 | 000,347,866 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2010/03/28 15.29.02 | 000,759,504 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/28 15.29.02 | 000,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/28 15.29.02 | 000,048,568 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2010/03/28 15.29.02 | 000,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/28 15.28.47 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A9DA7A23-CD4A-4ABC-8B76-499BB36F91B2}.job
[2010/03/26 18.40.44 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/26 10.41.34 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/26 10.41.28 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/26 10.41.26 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/26 10.40.46 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/26 10.40.38 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/25 12.09.16 | 000,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/19 16.00.12 | 003,850,306 | ---- | M] (Laurence Anthony) -- C:\Documents and Settings\Giorgia\Desktop\antconc3.2.1w.exe
[2010/03/02 19.23.03 | 000,069,616 | ---- | M] () -- C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]
 
[2010/03/28 18.02.51 | 000,002,423 | ---- | C] () -- C:\Documents and Settings\Giorgia\Desktop\HiJackThis.lnk
[2010/03/28 17.53.12 | 001,401,344 | ---- | C] () -- C:\Documents and Settings\Giorgia\Desktop\HijackThis.msi
[2010/03/28 16.08.52 | 000,001,479 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/10/05 13.40.24 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/10 18.23.57 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2009/01/22 17.50.02 | 001,474,003 | -HS- | C] () -- C:\WINDOWS\System32\vgugpoty.ini
[2009/01/21 20.23.00 | 001,474,003 | -HS- | C] () -- C:\WINDOWS\System32\irgxqnts.ini
[2009/01/20 20.21.46 | 001,472,741 | -HS- | C] () -- C:\WINDOWS\System32\vanujrwg.ini
[2009/01/19 19.24.29 | 001,472,741 | -HS- | C] () -- C:\WINDOWS\System32\lvgdyqsv.ini
[2009/01/19 19.21.28 | 001,443,651 | -HS- | C] () -- C:\WINDOWS\System32\rkelugjp.ini
[2009/01/17 17.41.29 | 001,442,941 | -HS- | C] () -- C:\WINDOWS\System32\thvioosn.ini
[2009/01/17 17.40.15 | 000,415,538 | -HS- | C] () -- C:\WINDOWS\System32\dehPonmp.ini2
[2009/01/17 17.40.14 | 000,415,538 | -HS- | C] () -- C:\WINDOWS\System32\dehPonmp.ini
[2009/01/09 02.45.34 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2003/02/19 02.26.28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
 
[color=\"#E56717\"]========== Custom Scans ==========[/color]
 
 
[color=\"#A23BEC\"]< %SYSTEMDRIVE%\*.exe >[/color]
 
 
[color=\"#A23BEC\"]< MD5 for: AGP440.SYS  >[/color]
[2004/08/19 16.50.30 | 018,778,587 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/01/08 14.26.20 | 023,892,987 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/01/08 14.26.20 | 023,892,987 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20.36.38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20.36.38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
[color=\"#A23BEC\"]< MD5 for: ATAPI.SYS  >[/color]
[2004/08/19 16.50.30 | 018,778,587 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/01/08 14.26.20 | 023,892,987 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/01/08 14.26.20 | 023,892,987 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20.40.30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20.40.30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23.59.44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
[color=\"#A23BEC\"]< MD5 for: EVENTLOG.DLL  >[/color]
[2008/04/14 04.13.39 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=BD5FEE908FDD9CB09AA3E78111AB1119 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04.13.39 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=BD5FEE908FDD9CB09AA3E78111AB1119 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/19 16.39.10 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=D1CAA255F33C06C8302769A86FFB905E -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
[color=\"#A23BEC\"]< MD5 for: NETLOGON.DLL  >[/color]
[2004/08/19 16.39.22 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=926BB51BB6DE79DEDB93E9C2B0811CCF -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/14 04.13.46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E1DACEE13CAF8E118416399ABD2A08D9 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04.13.46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E1DACEE13CAF8E118416399ABD2A08D9 -- C:\WINDOWS\system32\netlogon.dll
 
[color=\"#A23BEC\"]< MD5 for: SCECLI.DLL  >[/color]
[2008/04/14 04.13.49 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=034B4B1E882563562B35E1FAB279DEDF -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04.13.49 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=034B4B1E882563562B35E1FAB279DEDF -- C:\WINDOWS\system32\scecli.dll
[2004/08/19 16.39.26 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=1446EB71ADF0F54980CDD7E5A812E102 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
[color=\"#A23BEC\"]< %systemroot%\*. /mp /s >[/color]
 
[color=\"#A23BEC\"]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
[color=\"#A23BEC\"]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
 
[color=\"#A23BEC\"]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=\"#A23BEC\"]< %systemroot%\System32\config\*.sav  >[/color]
[2009/01/08 02.24.14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/01/08 02.24.14 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/01/08 02.24.14 | 000,413,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
[color=\"#A23BEC\"]<  >[/color]
 
[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 335 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:07557E0B
@Alternate Data Stream - 311 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:7A8B9BF3
@Alternate Data Stream - 307 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:0A085469
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:CDAD96F5
@Alternate Data Stream - 294 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:B9502C3B
@Alternate Data Stream - 292 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:74A6F815
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:D8F9D810
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:E8CB831A
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:FA408F93
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:18BFD8F8
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:0D52F295
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:C213B3C4
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:D02FBAEC
< End of report >



Here the second log, EXTRAS:

OTL Extras logfile created on: 29/03/2010 9.34.45 - Run 1
OTL by OldTimer - Version 3.1.37.3     Folder = C:\Documents and Settings\Giorgia\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
255,00 Mb Total Physical Memory | 129,00 Mb Available Physical Memory | 50,00% Memory free
618,00 Mb Paging File | 359,00 Mb Available in Paging File | 58,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 38,28 Gb Total Space | 27,42 Gb Free Space | 71,62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC-GIORGIA
Current User Name: Giorgia
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[color=\"#E56717\"]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programmi\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programmi\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=\"#E56717\"]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
[color=\"#E56717\"]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\SetupWizard.exe" = D:\SetupWizard.exe:*:Enabled:SetupWizard -- File not found
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programmi\Microsoft Office\Office12\GROOVE.EXE" = C:\Programmi\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programmi\eMule\emule.exe" = C:\Programmi\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Programmi\iTunes\iTunes.exe" = C:\Programmi\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\Temp\NavBrowser.exe" = C:\WINDOWS\Temp\NavBrowser.exe:*:Enabled:NAVBrowser -- File not found
"C:\Programmi\TorrentsDownloadBin\SubsSearch.exe" = C:\Programmi\TorrentsDownloadBin\SubsSearch.exe:*:Enabled:UniFS Media - SubsSearch.exe -- File not found
"C:\Programmi\uTorrent\uTorrent.exe" = C:\Programmi\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\SetupWizard.exe" = D:\SetupWizard.exe:*:Enabled:SetupWizard -- File not found
"C:\Programmi\AVG\AVG9\avgupd.exe" = C:\Programmi\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programmi\AVG\AVG9\avgnsx.exe" = C:\Programmi\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
 
 
[color=\"#E56717\"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(tm) 6 Update 17
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0010-0410-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (Italian) 12
"{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2007
"{AC76BA86-7AD7-1040-7B44-A90000000001}" = Adobe Reader 9 - Italiano
"{B2EFE303-A594-11D5-95EB-005004BC1C65}" = EPSON PhotoQuicker3.2
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{DDC5AF8D-A320-4A8C-805D-9063C6352127}" = Installazione Guidata Alice ADSL
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"0OT_rj22QBTg-" = LoudMo Contextual Ad Assistant
"Access Gateway USB" = Access Gateway USB
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AliceRE.MCCInstall" = Alice ti aiuta
"AVG9Uninstall" = AVG Free 9.0
"C-Media Audio Driver" = C-Media WDM Audio Driver
"Collins COBUILD 3.0" = Collins COBUILD on CD-ROM
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = Software per stampante EPSON
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR gestione archivi
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
[color=\"#E56717\"]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
 
[color=\"#E56717\"]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 04/10/2009 10.15.12 | Computer Name = PC-GIORGIA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo iexplore.exe, versione 7.0.6000.16762, modulo
 in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.
 
Error - 04/10/2009 10.15.13 | Computer Name = PC-GIORGIA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo iexplore.exe, versione 7.0.6000.16762, modulo
 in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.
 
Error - 04/10/2009 10.15.15 | Computer Name = PC-GIORGIA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo iexplore.exe, versione 7.0.6000.16762, modulo
 in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.
 
Error - 04/10/2009 10.15.15 | Computer Name = PC-GIORGIA | Source = Application Hang | ID = 1002
Description = Applicazione in stallo iexplore.exe, versione 7.0.6000.16762, modulo
 in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.
 
Error - 07/10/2009 13.18.36 | Computer Name = PC-GIORGIA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore iexplore.exe, versione 7.0.6000.16762,
 modulo che ha provocato l'errore msvcr80.dll, versione 8.0.50727.762, indirizzo
 errore 0x00008a8c.
 
Error - 22/10/2009 3.39.33 | Computer Name = PC-GIORGIA | Source = Microsoft Office 12 | ID = 5000
Description = EventType officelifeboathang, P1 outlook.exe, P2 12.0.4518.1014, P3
 outlook.exe, P4 12.0.4518.1014, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
 
Error - 28/10/2009 12.34.27 | Computer Name = PC-GIORGIA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore iexplore.exe, versione 7.0.6000.16762,
 modulo che ha provocato l'errore avgssie.dll, versione 8.5.0.405, indirizzo errore
 0x00005d27.
 
Error - 01/11/2009 9.05.14 | Computer Name = PC-GIORGIA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore iexplore.exe, versione 7.0.6000.16762,
 modulo che ha provocato l'errore flash10c.ocx, versione 10.0.32.18, indirizzo errore
 0x000d0dcc.
 
Error - 01/11/2009 9.06.25 | Computer Name = PC-GIORGIA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore iexplore.exe, versione 7.0.6000.16762,
 modulo che ha provocato l'errore flash10c.ocx, versione 10.0.32.18, indirizzo errore
 0x000d0dcc.
 
Error - 04/11/2009 4.52.00 | Computer Name = PC-GIORGIA | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore iexplore.exe, versione 7.0.6000.16762,
 modulo che ha provocato l'errore flash10c.ocx, versione 10.0.32.18, indirizzo errore
 0x00240b3d.
 
[ OSession Events ]
Error - 23/02/2009 14.48.19 | Computer Name = PC-GIORGIA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 117
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 22/03/2009 7.59.01 | Computer Name = PC-GIORGIA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 122
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 19/03/2010 9.53.26 | Computer Name = PC-GIORGIA | Source = Service Control Manager | ID = 7011
Description = Timout (30000 millisecondi) durante l'attesa della risposta alla transazione
 dal servizio avg8wd.
 
Error - 19/03/2010 14.33.48 | Computer Name = PC-GIORGIA | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare
il servizio wuauserv con gli argomenti ""  per eseguire il server   {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 22/03/2010 6.50.37 | Computer Name = PC-GIORGIA | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare
il servizio wuauserv con gli argomenti ""  per eseguire il server   {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 26/03/2010 7.05.26 | Computer Name = PC-GIORGIA | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare
il servizio wuauserv con gli argomenti ""  per eseguire il server   {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 28/03/2010 9.26.52 | Computer Name = PC-GIORGIA | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1053" durante il tentativo di avviare
il servizio iPod Service con gli argomenti ""  per eseguire il server   {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
 
Error - 28/03/2010 9.27.37 | Computer Name = PC-GIORGIA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 millisecondi) durante l'attesa della connessione del
 servizio Servizio iPod.
 
Error - 28/03/2010 9.27.37 | Computer Name = PC-GIORGIA | Source = Service Control Manager | ID = 7000
Description = Il servizio Servizio iPod non è stato avviato per il seguente errore:
   %%1053
 
Error - 28/03/2010 11.19.23 | Computer Name = PC-GIORGIA | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare
il servizio wuauserv con gli argomenti ""  per eseguire il server   {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
Error - 28/03/2010 11.27.13 | Computer Name = PC-GIORGIA | Source = DCOM | ID = 10010
Description = Il server {E60687F7-01A1-40AA-86AC-DB1CBF673334} non si è registrato
 con DCOM entro il tempo d'attesa richiesto.
 
Error - 28/03/2010 11.27.44 | Computer Name = PC-GIORGIA | Source = DCOM | ID = 10010
Description = Il server {E60687F7-01A1-40AA-86AC-DB1CBF673334} non si è registrato
 con DCOM entro il tempo d'attesa richiesto.
 
 
< End of report >
Logged

Offline joy

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
    • http://
Problems with my internet connection and AV7
« Reply #3 on: March 29, 2010, 05:36:39 AM »
Oh,I've forgot to tell you that from this morning - when the connection falls - I can't find the tool 'diagnostica connessioni di rete' on the internet explorer page...so I have to leave outlook open to have my normal internet connection.

Thanks
Bye

P.S 'diagnostica connessioni di rete' in english should be 'diagnostic network connection'...I suppose.
« Last Edit: March 29, 2010, 05:40:25 AM by joy »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Problems with my internet connection and AV7
« Reply #4 on: March 30, 2010, 10:56:13 PM »
Just got back home, so I should be able to help out a bit more now

Can you please do the following
If possible, close down all browser windows and uninstall the following
LoudMo Contextual Ad Assistant

Carry on with the following:
Right click on OTL.exe and choose to "Run as Administrator"
  • Under the [color=\"#0000FF\"]Custom Scans/Fixes[/color] box at the bottom, copy/paste in the following in the quote box below. don't include the word Quote please
    Quote
    :OTL
    IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - Reg Error: Key error. File not found
    O1 - Hosts: 127.0.0.1 local.subssearch.com
    O2 - BHO: (no name) - {F52F46FA-0980-485A-A724-332A0946C80D} - C:\WINDOWS\System32\pmnoPhed.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O20 - AppInit_DLLs: (njfjxf.dll) - File not found
    O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\pmnoPhed) - File not found
    O33 - MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell - "" = AutoRun
    O33 - MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\1\Command - "" = .\RECYCLER\RECYCLER\autorun.exe
    O33 - MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\2\Command - "" = .\RECYCLER\RECYCLER\autorun.exe
    [2010/03/29 09.16.34 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\vtfkyhka.job
    [2009/01/22 17.50.02 | 001,474,003 | -HS- | C] () -- C:\WINDOWS\System32\vgugpoty.ini
    [2009/01/21 20.23.00 | 001,474,003 | -HS- | C] () -- C:\WINDOWS\System32\irgxqnts.ini
    [2009/01/20 20.21.46 | 001,472,741 | -HS- | C] () -- C:\WINDOWS\System32\vanujrwg.ini
    [2009/01/19 19.24.29 | 001,472,741 | -HS- | C] () -- C:\WINDOWS\System32\lvgdyqsv.ini
    [2009/01/19 19.21.28 | 001,443,651 | -HS- | C] () -- C:\WINDOWS\System32\rkelugjp.ini
    [2009/01/17 17.41.29 | 001,442,941 | -HS- | C] () -- C:\WINDOWS\System32\thvioosn.ini
    [2009/01/17 17.40.15 | 000,415,538 | -HS- | C] () -- C:\WINDOWS\System32\dehPonmp.ini2
    [2009/01/17 17.40.14 | 000,415,538 | -HS- | C] () -- C:\WINDOWS\System32\dehPonmp.ini
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "D:\SetupWizard.exe"=-

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\Temp\NavBrowser.exe"=-
    "C:\Programmi\TorrentsDownloadBin\SubsSearch.exe"=-
    "D:\SetupWizard.exe"=-
    :Files
    :Commands
    [EmptyTemp]
    [Reboot]

  • Then click the [color=\"#FF0000\"]Run Fix[/color] button at the top
  • Let the program run unhindered, reboot the PC when it is done

On startup, Allow OTL to run if prompted
A log should open, can you post it please
A copy of this log can also be found in
C:\_OTL\Moved Files folder

In addition:
download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
       
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
       
  • Make sure that everything is checked, and click Remove Selected.
        * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
       
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline joy

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
    • http://
Problems with my internet connection and AV7
« Reply #5 on: March 31, 2010, 06:07:51 AM »
Sorry, but I can't log into OTL.exe as administrator. I think I need the password...I don't have it or don't remember it.

Bye
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Problems with my internet connection and AV7
« Reply #6 on: March 31, 2010, 08:57:18 AM »
Just run it normally
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline joy

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
    • http://
Problems with my internet connection and AV7
« Reply #7 on: March 31, 2010, 11:18:42 AM »
Ok.I did it without log in as administrator.

I copied/pasted your instructions and, as I clicked on Scan Fix, appeared this pop-up:
"Cannot create file C:\WINDOWS\system32\drivers\etc\Hosts" and "Ok". I clicked on "Ok".

The scan run, but didn't reboot, so I did reboot manually.
OTL.exe after reboot didn't start running automatically.

Here the logfile I found as I opened OTL.exe:

All processes killed
Error: Unable to interpret <O1 - Hosts: 127.0.0.1 local.subssearch.com> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {F52F46FA-0980-485A-A724-332A0946C80D} - C:\WINDOWS\System32\pmnoPhed.dll File not found> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.> in the current context!
Error: Unable to interpret <O20 - AppInit_DLLs: (njfjxf.dll) - File not found> in the current context!
Error: Unable to interpret <O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\pmnoPhed) - File not found> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\1\Command - "" = .\RECYCLER\RECYCLER\autorun.exe> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\2\Command - "" = .\RECYCLER\RECYCLER\autorun.exe> in the current context!
Error: Unable to interpret <[2010/03/29 09.16.34 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\vtfkyhka.job> in the current context!
Error: Unable to interpret <[2009/01/22 17.50.02 | 001,474,003 | -HS- | C] () -- C:\WINDOWS\System32\vgugpoty.ini> in the current context!
Error: Unable to interpret <[2009/01/21 20.23.00 | 001,474,003 | -HS- | C] () -- C:\WINDOWS\System32\irgxqnts.ini> in the current context!
Error: Unable to interpret <[2009/01/20 20.21.46 | 001,472,741 | -HS- | C] () -- C:\WINDOWS\System32\vanujrwg.ini> in the current context!
Error: Unable to interpret <[2009/01/19 19.24.29 | 001,472,741 | -HS- | C] () -- C:\WINDOWS\System32\lvgdyqsv.ini> in the current context!
Error: Unable to interpret <[2009/01/19 19.21.28 | 001,443,651 | -HS- | C] () -- C:\WINDOWS\System32\rkelugjp.ini> in the current context!
Error: Unable to interpret <[2009/01/17 17.41.29 | 001,442,941 | -HS- | C] () -- C:\WINDOWS\System32\thvioosn.ini> in the current context!
Error: Unable to interpret <[2009/01/17 17.40.15 | 000,415,538 | -HS- | C] () -- C:\WINDOWS\System32\dehPonmp.ini2> in the current context!
Error: Unable to interpret <[2009/01/17 17.40.14 | 000,415,538 | -HS- | C] () -- C:\WINDOWS\System32\dehPonmp.ini> in the current context!
========== REGISTRY ==========
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\D:\SetupWizard.exe scheduled to be deleted on reboot.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\Temp\NavBrowser.exe scheduled to be deleted on reboot.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programmi\TorrentsDownloadBin\SubsSearch.exe scheduled to be deleted on reboot.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\SetupWizard.exe scheduled to be deleted on reboot.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
->Temporary Internet Files folder emptied: 402 bytes
 
User: Giorgia
 
User: LocalService
 
User: NetworkService
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
Unable to locate HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce key.
%systemroot%\System32 .tmp files removed: 60 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 0,00 mb
 
 
OTL by OldTimer - Version 3.1.37.3 log created on 03312010_175544

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


And here the logfile I did after reboot (Run Scan):

OTL logfile created on: 31/03/2010 18.06.20 - Run 3
OTL by OldTimer - Version 3.1.37.3     Folder = C:\Documents and Settings\Giorgia\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
255,00 Mb Total Physical Memory | 153,00 Mb Available Physical Memory | 60,00% Memory free
618,00 Mb Paging File | 355,00 Mb Available in Paging File | 57,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 38,28 Gb Total Space | 27,49 Gb Free Space | 71,82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC-GIORGIA
Current User Name: Giorgia
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/03/31 17.51.05 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Giorgia\Desktop\OTL.exe
PRC - [2010/03/26 10.37.58 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/26 10.37.56 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgnsx.exe
PRC - [2010/03/26 10.37.51 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgrsx.exe
PRC - [2010/03/26 10.37.44 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/26 10.36.34 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgtray.exe
PRC - [2010/03/26 10.35.04 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/11 05.17.45 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Java\jre6\bin\jucheck.exe
PRC - [2009/03/12 20.09.20 | 000,545,792 | R--- | M] (Lingea s.r.o.) -- C:\Programmi\Lingea\Collins COBUILD\lexicon.exe
PRC - [2009/03/06 00.04.30 | 000,132,424 | ---- | M] (Apple Inc.) -- C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/04/14 04.14.07 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/03/16 14.49.16 | 000,184,320 | ---- | M] () -- C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
PRC - [2002/07/01 05.05.00 | 000,074,752 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE
 
 
[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/03/31 17.51.05 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Giorgia\Desktop\OTL.exe
 
 
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2010/03/26 10.35.04 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programmi\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/03/06 00.04.30 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/01/09 14.37.51 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006/10/26 20.49.34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14.03.08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002/07/17 02.03.00 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
 
 
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010/03/26 10.41.34 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/26 10.41.28 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/26 10.41.26 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/04/13 20.53.09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 20.45.29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 20.36.39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/10/05 18.41.52 | 000,052,864 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CnxTrUsb.sys -- (CnxTrUsb)
DRV - [2004/10/05 18.41.52 | 000,025,984 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CnxTrLan.sys -- (CnxTrLan)
DRV - [2004/08/04 00.29.56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/18 00.00.04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 22.11.06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
 
 
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www2.iesearch.com/
 
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
 
 
 
O1 HOSTS File: ([2009/06/03 19.57.08 | 000,000,804 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1     local.subssearch.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {F52F46FA-0980-485A-A724-332A0946C80D} - C:\WINDOWS\System32\pmnoPhed.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programmi\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cmaudio]  File not found
O4 - HKLM..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [SSC Service Utility] C:\Programmi\SSC Service Utility\ssc_serv.exe File not found
O4 - HKCU..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\Giorgia\Menu Avvio\Programmi\Esecuzione automatica\Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmi\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1231415365683 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} http://www.miniclip.com/igloader/igloader.CAB (igLoader Content on Demand)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {ECD97A8A-7B1A-428D-B696-3ED29826CE55} http://www.pointworld.kr/ocx/PointWorldXZ.ocx (PointWorld)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (njfjxf.dll) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\pmnoPhed) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/08 01.38.37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell - "" = AutoRun
O33 - MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\1\Command - "" = .\RECYCLER\RECYCLER\autorun.exe
O33 - MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\2\Command - "" = .\RECYCLER\RECYCLER\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/03/31 17.52.20 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/31 17.51.05 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Giorgia\Desktop\OTL.exe
[2010/03/28 18.02.50 | 000,000,000 | ---D | C] -- C:\Programmi\TrendMicro
[2010/03/28 16.04.35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Microsoft
[2010/03/28 16.04.35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dati applicazioni\Microsoft
[2010/03/28 16.04.35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft
[2010/03/28 15.25.10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Dati applicazioni\AVG9
[2010/03/26 12.44.10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
[2010/03/26 10.42.39 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/03/26 10.27.57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\avg9
[2010/03/26 10.26.56 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/03/26 10.23.44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft
[2010/03/25 12.13.03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Desktop\Non-Dedicated magazines
[2010/03/25 12.12.52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Desktop\Intermediate magazines
[2010/03/25 12.12.23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Desktop\Dedicated magazines
[2010/03/22 12.39.26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Maximize Games
[2010/03/19 16.00.12 | 003,850,306 | ---- | C] (Laurence Anthony) -- C:\Documents and Settings\Giorgia\Desktop\antconc3.2.1w.exe
[2009/06/05 17.40.54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\myBabylon_English
[2009/01/23 18.40.11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/03/31 18.00.17 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A9DA7A23-CD4A-4ABC-8B76-499BB36F91B2}.job
[2010/03/31 18.00.01 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\vtfkyhka.job
[2010/03/31 17.59.20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/31 17.58.06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/31 17.58.02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/31 17.57.59 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/31 17.56.39 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Giorgia\ntuser.dat
[2010/03/31 17.56.39 | 000,000,194 | -HS- | M] () -- C:\Documents and Settings\Giorgia\ntuser.ini
[2010/03/31 17.56.09 | 005,324,756 | -H-- | M] () -- C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\IconCache.db
[2010/03/31 17.51.05 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Giorgia\Desktop\OTL.exe
[2010/03/31 17.41.44 | 000,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/31 12.38.07 | 058,313,297 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/03/28 18.24.27 | 000,002,423 | ---- | M] () -- C:\Documents and Settings\Giorgia\Desktop\HiJackThis.lnk
[2010/03/28 16.08.52 | 000,001,479 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/03/28 15.29.03 | 000,347,866 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2010/03/28 15.29.02 | 000,759,504 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/28 15.29.02 | 000,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/28 15.29.02 | 000,048,568 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2010/03/28 15.29.02 | 000,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/26 18.40.44 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/26 10.41.34 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/26 10.41.28 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/26 10.41.26 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/26 10.40.46 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/26 10.40.38 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/25 12.09.16 | 000,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/19 16.00.12 | 003,850,306 | ---- | M] (Laurence Anthony) -- C:\Documents and Settings\Giorgia\Desktop\antconc3.2.1w.exe
[2010/03/02 19.23.03 | 000,069,616 | ---- | M] () -- C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]
 
[2010/03/28 18.02.51 | 000,002,423 | ---- | C] () -- C:\Documents and Settings\Giorgia\Desktop\HiJackThis.lnk
[2010/03/28 16.08.52 | 000,001,479 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/10/05 13.40.24 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/10 18.23.57 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2009/01/22 17.50.02 | 001,474,003 | -HS- | C] () -- C:\WINDOWS\System32\vgugpoty.ini
[2009/01/21 20.23.00 | 001,474,003 | -HS- | C] () -- C:\WINDOWS\System32\irgxqnts.ini
[2009/01/20 20.21.46 | 001,472,741 | -HS- | C] () -- C:\WINDOWS\System32\vanujrwg.ini
[2009/01/19 19.24.29 | 001,472,741 | -HS- | C] () -- C:\WINDOWS\System32\lvgdyqsv.ini
[2009/01/19 19.21.28 | 001,443,651 | -HS- | C] () -- C:\WINDOWS\System32\rkelugjp.ini
[2009/01/17 17.41.29 | 001,442,941 | -HS- | C] () -- C:\WINDOWS\System32\thvioosn.ini
[2009/01/17 17.40.15 | 000,415,538 | -HS- | C] () -- C:\WINDOWS\System32\dehPonmp.ini2
[2009/01/17 17.40.14 | 000,415,538 | -HS- | C] () -- C:\WINDOWS\System32\dehPonmp.ini
[2009/01/09 02.45.34 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2003/02/19 02.26.28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
 
[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 335 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:07557E0B
@Alternate Data Stream - 311 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:7A8B9BF3
@Alternate Data Stream - 307 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:0A085469
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:CDAD96F5
@Alternate Data Stream - 294 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:B9502C3B
@Alternate Data Stream - 292 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:74A6F815
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:D8F9D810
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:E8CB831A
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:FA408F93
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:18BFD8F8
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:0D52F295
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:C213B3C4
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:D02FBAEC
< End of report >

That's all.

Now I download Malwarebytes' Anti-Malware .

Thanks.
Bye
Logged

Offline joy

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
    • http://
Problems with my internet connection and AV7
« Reply #8 on: March 31, 2010, 12:08:34 PM »
Here my mbam logfile:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3937

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

31/03/2010 18.40.11
mbam-log-2010-03-31 (18-40-11).txt

Scan type: Quick scan
Objects scanned: 98909
Time elapsed: 11 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{fe5b2d9d-91b0-b04b-ac20-14a260769687} (Adware.ColorSoft) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-zix (Trojan.Swizzor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\cs41275 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.SearchPage) -> Bad: (http://www2.iesearch.com/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Thanks
Bye
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Problems with my internet connection and AV7
« Reply #9 on: March 31, 2010, 01:44:49 PM »
It's important that you copy/paste everything in that script I had in my previous post

Let's do this part again, make sure to copy/paste Everything in BLUE below

Run OTL.exe again
Under the Custom Scans/Fixes box at the bottom, copy/paste the following
Be sure to start with :OTL, Don't forget the : and and finish with [Reboot]

[color=\"#0000FF\"]:OTL
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - Reg Error: Key error. File not found
O1 - Hosts: 127.0.0.1 local.subssearch.com
O2 - BHO: (no name) - {F52F46FA-0980-485A-A724-332A0946C80D} - C:\WINDOWS\System32\pmnoPhed.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O20 - AppInit_DLLs: (njfjxf.dll) - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\pmnoPhed) - File not found
O33 - MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell - "" = AutoRun
O33 - MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\1\Command - "" = .\RECYCLER\RECYCLER\autorun.exe
O33 - MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\2\Command - "" = .\RECYCLER\RECYCLER\autorun.exe
[2010/03/29 09.16.34 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\vtfkyhka.job
[2009/01/22 17.50.02 | 001,474,003 | -HS- | C] () -- C:\WINDOWS\System32\vgugpoty.ini
[2009/01/21 20.23.00 | 001,474,003 | -HS- | C] () -- C:\WINDOWS\System32\irgxqnts.ini
[2009/01/20 20.21.46 | 001,472,741 | -HS- | C] () -- C:\WINDOWS\System32\vanujrwg.ini
[2009/01/19 19.24.29 | 001,472,741 | -HS- | C] () -- C:\WINDOWS\System32\lvgdyqsv.ini
[2009/01/19 19.21.28 | 001,443,651 | -HS- | C] () -- C:\WINDOWS\System32\rkelugjp.ini
[2009/01/17 17.41.29 | 001,442,941 | -HS- | C] () -- C:\WINDOWS\System32\thvioosn.ini
[2009/01/17 17.40.15 | 000,415,538 | -HS- | C] () -- C:\WINDOWS\System32\dehPonmp.ini2
[2009/01/17 17.40.14 | 000,415,538 | -HS- | C] () -- C:\WINDOWS\System32\dehPonmp.ini
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\SetupWizard.exe"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\Temp\NavBrowser.exe"=-
"C:\Programmi\TorrentsDownloadBin\SubsSearch.exe"=-
"D:\SetupWizard.exe"=-
:Files
:Commands
[EmptyTemp]
[Reboot][/color]

#  Then click the [color=\"#FF0000\"]Run Fix[/color] button at the top
# Let the program run unhindered, reboot the PC when it is done

Post the new log that opens
A copy of this log can also be found in
C:\_OTL\Moved Files folder
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline joy

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
    • http://
Problems with my internet connection and AV7
« Reply #10 on: March 31, 2010, 02:17:22 PM »
I did exactly what you told me, but as I clicked on Run Fix appeared this message:

"Cannot create file C:\WINDOWS\system32\drivers\etc\Hosts" and "Ok". I clicked on "Ok" and I noticed that the first 2lines of your instruction were deleted.

I'm talking about:

:OTL
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - Reg Error: Key error. File not found

I clicked again on Run Fix and the scan started, but it was very fast. And the only lines that remained written on the Custom Scans/Fixes were:

[EmptyTemp]
[Reboot]

I tried to repeat all the passages, I tried to replace also the missing lines, but it happens all the time.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Problems with my internet connection and AV7
« Reply #11 on: March 31, 2010, 02:43:58 PM »
well, that's strange, let's try the following please

download [color=\"blue\"]OTS.exe[/color][/url] to your Desktop.

  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS.exe to start the program.
  • Under Additional Scans click "Extras".
  • Do not change any other settings.
  • Now click the Run Scan button on the left side of the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete, Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here[/list]

If you have trouble posting back the info in a reply box, please Upload the file
Using the "Browse..../ Upload" buttons on the bottom right side of a reply box
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline joy

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
    • http://
Problems with my internet connection and AV7
« Reply #12 on: April 01, 2010, 03:34:26 AM »
Here OTS logfile:

Code: [Select]
OTS logfile created on: 01/04/2010 10.24.59 - Run 1
OTS by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Giorgia\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
255,00 Mb Total Physical Memory | 154,00 Mb Available Physical Memory | 60,00% Memory free
618,00 Mb Paging File | 343,00 Mb Available in Paging File | 55,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 38,28 Gb Total Space | 27,50 Gb Free Space | 71,84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC-GIORGIA
Current User Name: Giorgia
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Giorgia\Desktop\OTS.exe -> [2010/04/01 10.23.32 | 000,637,440 | ---- | M] (OldTimer Tools)
avgchsvx.exe -> C:\Programmi\AVG\AVG9\avgchsvx.exe -> [2010/03/26 10.37.58 | 001,086,744 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgnsx.exe -> C:\Programmi\AVG\AVG9\avgnsx.exe -> [2010/03/26 10.37.56 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgrsx.exe -> C:\Programmi\AVG\AVG9\avgrsx.exe -> [2010/03/26 10.37.51 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgcsrvx.exe -> C:\Programmi\AVG\AVG9\avgcsrvx.exe -> [2010/03/26 10.37.44 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgtray.exe -> C:\Programmi\AVG\AVG9\avgtray.exe -> [2010/03/26 10.36.34 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> C:\Programmi\AVG\AVG9\avgwdsvc.exe -> [2010/03/26 10.35.04 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.)
jucheck.exe -> C:\Programmi\Java\jre6\bin\jucheck.exe -> [2009/10/11 05.17.45 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.)
applemobiledeviceservice.exe -> C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/03/06 00.04.30 | 000,132,424 | ---- | M] (Apple Inc.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 04.14.07 | 001,036,288 | ---- | M] (Microsoft Corporation)
mpbtn.exe -> C:\Programmi\Alice ti aiuta\bin\mpbtn.exe -> [2004/03/16 14.49.16 | 000,184,320 | ---- | M] ()
e_s10ic2.exe -> C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE -> [2002/07/01 05.05.00 | 000,074,752 | ---- | M] (SEIKO EPSON CORPORATION)
 
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Giorgia\Desktop\OTS.exe -> [2010/04/01 10.23.32 | 000,637,440 | ---- | M] (OldTimer Tools)
 
[Win32 Services - Safe List]
(avg9wd) AVG WatchDog [Auto | Running] -> C:\Programmi\AVG\AVG9\avgwdsvc.exe -> [2010/03/26 10.35.04 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.)
(Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/03/06 00.04.30 | 000,132,424 | ---- | M] (Apple Inc.)
(Adobe LM Service) Adobe LM Service [On_Demand | Stopped] -> C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe -> [2009/01/09 14.37.51 | 000,068,096 | ---- | M] ()
(odserv) Microsoft Office Diagnostics Service [On_Demand | Stopped] -> C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2006/10/26 20.49.34 | 000,441,136 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [On_Demand | Stopped] -> C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 14.03.08 | 000,145,184 | ---- | M] (Microsoft Corporation)
(EPSONStatusAgent2) EPSON Printer Status Agent2 [Disabled | Stopped] -> C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe -> [2002/07/17 02.03.00 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION)
 
[Driver Services - Safe List]
(AvgTdiX) AVG Network Redirector [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avgtdix.sys -> [2010/03/26 10.41.34 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgLdx86) AVG AVI Loader Driver x86 [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avgldx86.sys -> [2010/03/26 10.41.28 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgMfx86) AVG On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> C:\WINDOWS\system32\drivers\avgmfx86.sys -> [2010/03/26 10.41.26 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.)
(nm) Driver di Network Monitor [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nmnt.sys -> [2008/04/13 20.53.09 | 000,040,320 | ---- | M] (Microsoft Corporation)
(gameenum) Enumeratore porta giochi [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\gameenum.sys -> [2008/04/13 20.45.29 | 000,010,624 | ---- | M] (Microsoft Corporation)
(sisagp) Filtro bus SIS AGP [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\sisagp.sys -> [2008/04/13 20.36.39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(CnxTrUsb) Access Gateway USB Interface Device Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\CnxTrUsb.sys -> [2004/10/05 18.41.52 | 000,052,864 | ---- | M] (Conexant)
(CnxTrLan) Access Gateway USB Network Adapter driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\CnxTrLan.sys -> [2004/10/05 18.41.52 | 000,025,984 | ---- | M] (Conexant)
(nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2004/08/04 00.29.56 | 001,897,408 | ---- | M] (NVIDIA Corporation)
(ms_mpu401) Driver Microsoft MPU-401 MIDI UART [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\msmpu401.sys -> [2001/08/18 00.00.04 | 000,002,944 | ---- | M] (Microsoft Corporation)
(EL90XBC) 3Com Fast EtherLink ISA Adapter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\el90xbc5.sys -> [2001/08/17 22.11.06 | 000,066,591 | ---- | M] (3Com Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Search\\"Local Page" -> http://www.Google.com/ ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: URLSearchHooks\\"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> 127.0.0.1;*.local ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions ->  ->
< FireFox Extensions [User Folders] > ->
< HOSTS File > ([2009/06/03 19.57.08 | 000,000,804 | ---- | M] - 21 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1   localhost
127.0.0.1 local.subssearch.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2008/06/11 23.33.16 | 000,075,128 | ---- | M] (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Programmi\AVG\AVG9\avgssie.dll [AVG Safe Search] -> [2010/03/26 10.38.31 | 001,598,744 | ---- | M] (AVG Technologies CZ, s.r.o.)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2006/10/27 01.48.42 | 002,210,608 | ---- | M] (Microsoft Corporation)
{F52F46FA-0980-485A-A724-332A0946C80D} [HKLM] -> C:\WINDOWS\System32\pmnoPhed.dll [Reg Error: Value error.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"AVG9_TRAY" -> C:\Programmi\AVG\AVG9\avgtray.exe [C:\PROGRA~1\AVG\AVG9\avgtray.exe] -> [2010/03/26 10.36.34 | 002,059,544 | ---- | M] (AVG Technologies CZ, s.r.o.)
"Cmaudio" ->  [RunDll32 cmicnfg.cpl,CMICtrlWnd] -> File not found
"EPSON Stylus C62 Series" -> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62"] -> [2002/07/01 05.05.00 | 000,074,752 | ---- | M] (SEIKO EPSON CORPORATION)
"SSC Service Utility" -> C:\Programmi\SSC Service Utility\ssc_serv.exe [C:\Programmi\SSC Service Utility\ssc_serv.exe /s] -> File not found
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"EPSON Stylus C62 Series" -> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_S6C.tmp"] -> [2002/07/01 05.05.00 | 000,074,752 | ---- | M] (SEIKO EPSON CORPORATION)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica ->
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk -> C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe -> [1999/11/04 16.06.48 | 000,113,664 | ---- | M] (Adobe Systems, Inc.)
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk -> C:\Programmi\Alice ti aiuta\bin\matcli.exe -> [2004/03/16 14.49.16 | 000,212,992 | ---- | M] (Motive Communications, Inc.)
< Giorgia Startup Folder > -> C:\Documents and Settings\Giorgia\Menu Avvio\Programmi\Esecuzione automatica ->
C:\Documents and Settings\Giorgia\Menu Avvio\Programmi\Esecuzione automatica\Ritaglio schermata e avvio di OneNote 2007.lnk -> C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE -> [2006/10/26 21.24.54 | 000,098,632 | ---- | M] (Microsoft Corporation)
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&sporta in Microsoft Excel -> C:\Programmi\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000] -> [2006/10/27 16.07.36 | 017,891,112 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll [Button: Invia a OneNote] -> [2006/10/26 21.32.42 | 000,604,000 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll [Menu: I&nvia a OneNote] -> [2006/10/26 21.32.42 | 000,604,000 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Programmi\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2006/10/26 21.12.22 | 000,040,424 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231415365683 [WUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab [Reg Error: Key error.] ->
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} [HKLM] -> http://www.miniclip.com/igloader/igloader.CAB [igLoader Content on Demand] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] ->
{ECD97A8A-7B1A-428D-B696-3ED29826CE55} [HKLM] -> http://www.pointworld.kr/ocx/PointWorldXZ.ocx [PointWorld] ->
Microsoft XML Parser for Java [HKLM] -> file:///C:/WINDOWS/Java/classes/xmldso.cab [Reg Error: Key error.] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.1.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{9CB27BDA-F4B2-4F49-9707-E77E96260F05}\\DhcpNameServer -> 192.168.1.1   (3Com EtherLink XL 10/100 PCI For Complete PC Management NIC (3C905C-TX)) ->
{F5A526A8-9B1D-4012-9748-A326F8613DEA}\\DhcpNameServer -> 151.99.125.2 151.99.125.3   () ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls ->
njfjxf.dll ->  -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 04.14.07 | 001,036,288 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2006/10/27 01.48.42 | 002,210,608 | ---- | M] (Microsoft Corporation)
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages ->
C:\WINDOWS\system32\pmnoPhed ->  -> File not found
*MultiFile Done* -> ->
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"D:\SetupWizard.exe" -> D:\SetupWizard.exe [D:\SetupWizard.exe:*:Enabled:SetupWizard] -> File not found
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Programmi\AVG\AVG9\avgnsx.exe" -> C:\Programmi\AVG\AVG9\avgnsx.exe [C:\Programmi\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe] -> [2010/03/26 10.37.56 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Programmi\AVG\AVG9\avgupd.exe" -> C:\Programmi\AVG\AVG9\avgupd.exe [C:\Programmi\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe] -> [2010/03/26 10.35.54 | 001,035,032 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Programmi\eMule\emule.exe" -> C:\Programmi\eMule\emule.exe [C:\Programmi\eMule\emule.exe:*:Enabled:eMule] -> [2008/08/01 19.41.24 | 005,480,448 | ---- | M] (http://www.emule-project.net)
"C:\Programmi\iTunes\iTunes.exe" -> C:\Programmi\iTunes\iTunes.exe [C:\Programmi\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2009/03/12 20.56.54 | 013,498,664 | ---- | M] (Apple Inc.)
"C:\Programmi\Microsoft Office\Office12\GROOVE.EXE" -> C:\Programmi\Microsoft Office\Office12\GROOVE.EXE [C:\Programmi\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> [2006/10/27 16.37.44 | 000,338,216 | ---- | M] (Microsoft Corporation)
"C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE" -> C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE [C:\Programmi\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> [2006/10/27 16.03.04 | 001,018,664 | ---- | M] (Microsoft Corporation)
"C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE" -> C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE [C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> [2006/10/27 16.16.48 | 012,813,096 | ---- | M] (Microsoft Corporation)
"C:\Programmi\TorrentsDownloadBin\SubsSearch.exe" -> C:\Programmi\TorrentsDownloadBin\SubsSearch.exe [C:\Programmi\TorrentsDownloadBin\SubsSearch.exe:*:Enabled:UniFS Media - SubsSearch.exe] -> File not found
"C:\Programmi\uTorrent\uTorrent.exe" -> C:\Programmi\uTorrent\uTorrent.exe [C:\Programmi\uTorrent\uTorrent.exe:*:Enabled:µTorrent] -> [2009/06/04 13.35.10 | 000,274,224 | ---- | M] (BitTorrent, Inc.)
"C:\WINDOWS\Temp\NavBrowser.exe" -> C:\WINDOWS\Temp\NavBrowser.exe [C:\WINDOWS\Temp\NavBrowser.exe:*:Enabled:NAVBrowser] -> File not found
"D:\SetupWizard.exe" -> D:\SetupWizard.exe [D:\SetupWizard.exe:*:Enabled:SetupWizard] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> Driver del CD-ROM ->
"ImagePath" ->  [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2009/01/08 01.38.37 | 000,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{1b69c2c0-3770-11df-ae34-000476d12534}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell
\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\\"" ->  [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\1\Command
\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\1\Command\\"" ->  [.\RECYCLER\RECYCLER\autorun.exe] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\2\Command
\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\2\Command\\"" ->  [.\RECYCLER\RECYCLER\autorun.exe] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
 
[Registry - Additional Scans - Safe List]
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> "%1" %* ->
.cmd [@ = cmdfile] -> "%1" %* ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
.pif [@ = piffile] -> "%1" %* ->
.scr [@ = scrfile] -> "%1" /S ->
< File Associations - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>\ ->
.html [@ = htmlfile] -> Reg Error: Key error. -> File not found
< Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ ->
text/xml:{807563E5-5146-11D5-A672-00B0D022E945} [HKLM] -> C:\Programmi\File comuni\Microsoft Shared\OFFICE12\MSOXMLMF.DLL[Microsoft Office InfoPath XML Mime Filter] -> [2006/10/26 22.41.48 | 000,044,344 | ---- | M] (Microsoft Corporation)
< Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} [HKLM] -> C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll[Local Groove Web Services Protocol] -> [2006/10/27 01.48.02 | 000,222,512 | ---- | M] (Microsoft Corporation)
ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2006/10/26 19.49.48 | 001,011,488 | ---- | M] (Microsoft Corporation)
linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} [HKLM] -> C:\Programmi\AVG\AVG9\avgpp.dll[XPLPPFilter Class] -> [2010/03/26 10.38.46 | 000,091,416 | ---- | M] (AVG Technologies CZ, s.r.o.)
msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2006/10/26 19.49.48 | 001,011,488 | ---- | M] (Microsoft Corporation)
msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL[MSDAIPP.BINDER] -> [2006/10/26 19.49.48 | 001,011,488 | ---- | M] (Microsoft Corporation)
ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} [HKLM] -> C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll[HxProtocol Class] -> [2006/10/26 14.45.02 | 000,873,216 | ---- | M] (Microsoft Corporation)
< Security Center Settings > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\\"FirstRunDisabled" ->  [1] -> File not found
\\"AntiVirusDisableNotify" ->  [0] -> File not found
\\"FirewallDisableNotify" ->  [0] -> File not found
\\"AntiVirusOverride" ->  [0] -> File not found
\\"FirewallOverride" ->  [0] -> File not found
\\"UpdatesDisableNotify" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
\\"EnableFirewall" ->  [1] -> File not found
\\"DoNotAllowExceptions" ->  [0] -> File not found
\\"DisableNotifications" ->  [0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\ -> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\ -> ->
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A} -> HiJackThis
{162B71B8-8464-4680-A086-601D555B331D} -> Apple Mobile Device Support
{216AB108-2AE1-4130-B3D5-20B2C4C80F8F} -> QuickTime
{26A24AE4-039D-4CA4-87B4-2F83216013FF} -> Java(TM) 6 Update 17
{350C9410-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update
{837b34e3-7c30-493c-8f6a-2b0f04e2912c} -> Microsoft Visual C++ 2005 Redistributable
{90120000-0010-0410-0000-0000000FF1CE} -> Microsoft Software Update for Web Folders  (Italian) 12
{90120000-0015-0410-0000-0000000FF1CE} -> Microsoft Office Access MUI (Italian) 2007
{90120000-0016-0410-0000-0000000FF1CE} -> Microsoft Office Excel MUI (Italian) 2007
{90120000-0018-0410-0000-0000000FF1CE} -> Microsoft Office PowerPoint MUI (Italian) 2007
{90120000-0019-0410-0000-0000000FF1CE} -> Microsoft Office Publisher MUI (Italian) 2007
{90120000-001A-0410-0000-0000000FF1CE} -> Microsoft Office Outlook MUI (Italian) 2007
{90120000-001B-0410-0000-0000000FF1CE} -> Microsoft Office Word MUI (Italian) 2007
{90120000-001F-0407-0000-0000000FF1CE} -> Microsoft Office Proof (German) 2007
{90120000-001F-0409-0000-0000000FF1CE} -> Microsoft Office Proof (English) 2007
{90120000-001F-040C-0000-0000000FF1CE} -> Microsoft Office Proof (French) 2007
{90120000-001F-0410-0000-0000000FF1CE} -> Microsoft Office Proof (Italian) 2007
{90120000-002C-0410-0000-0000000FF1CE} -> Microsoft Office Proofing (Italian) 2007
{90120000-0030-0000-0000-0000000FF1CE} -> Microsoft Office Enterprise 2007
{90120000-0044-0410-0000-0000000FF1CE} -> Microsoft Office InfoPath MUI (Italian) 2007
{90120000-006E-0410-0000-0000000FF1CE} -> Microsoft Office Shared MUI (Italian) 2007
{90120000-00A1-0410-0000-0000000FF1CE} -> Microsoft Office OneNote MUI (Italian) 2007
{90120000-00BA-0410-0000-0000000FF1CE} -> Microsoft Office Groove MUI (Italian) 2007
{AC76BA86-7AD7-1040-7B44-A90000000001} -> Adobe Reader 9 - Italiano
{B2EFE303-A594-11D5-95EB-005004BC1C65} -> EPSON PhotoQuicker3.2
{C26B06A9-27BB-45B0-9873-9C623EC2BA38} -> iTunes
{DDC5AF8D-A320-4A8C-805D-9063C6352127} -> Installazione Guidata Alice ADSL
{EFB21DE7-8C19-4A88-BB28-A766E16493BC} -> Adobe Photoshop CS
Access Gateway USB -> Access Gateway USB
Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX
Adobe Shockwave Player -> Adobe Shockwave Player 11.5
AliceRE.MCCInstall -> Alice ti aiuta
AVG9Uninstall -> AVG Free 9.0
C-Media Audio Driver -> C-Media WDM Audio Driver
Collins COBUILD 3.0 -> Collins COBUILD on CD-ROM
eMule -> eMule
ENTERPRISE -> Microsoft Office Enterprise 2007
EPSON Printer and Utilities -> Software per stampante EPSON
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation APIs
ie7 -> Windows Internet Explorer 7
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
MSCompPackV1 -> Microsoft Compression Client Pack 1.0 for Windows XP
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs
Windows Media Format Runtime -> Windows Media Format 11 runtime
Windows Media Player -> Windows Media Player 11
Windows XP Service Pack -> Windows XP Service Pack 3
WinRAR archiver -> WinRAR gestione archivi
WinZip -> WinZip
WMFDist11 -> Windows Media Format 11 runtime
wmp11 -> Windows Media Player 11
Wudf01000 -> Microsoft User-Mode Driver Framework Feature Pack 1.0
< Uninstall List [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
uTorrent -> µTorrent
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 04/10/2009 10.15.12 Computer Name = PC-GIORGIA | Source = Application Hang | ID = 1002 -> Description = Applicazione in stallo iexplore.exe, versione 7.0.6000.16762, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.
Application [ Error ] 04/10/2009 10.15.13 Computer Name = PC-GIORGIA | Source = Application Hang | ID = 1002 -> Description = Applicazione in stallo iexplore.exe, versione 7.0.6000.16762, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.
Application [ Error ] 04/10/2009 10.15.15 Computer Name = PC-GIORGIA | Source = Application Hang | ID = 1002 -> Description = Applicazione in stallo iexplore.exe, versione 7.0.6000.16762, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.
Application [ Error ] 04/10/2009 10.15.15 Computer Name = PC-GIORGIA | Source = Application Hang | ID = 1002 -> Description = Applicazione in stallo iexplore.exe, versione 7.0.6000.16762, modulo in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.
Application [ Error ] 07/10/2009 13.18.36 Computer Name = PC-GIORGIA | Source = Application Error | ID = 1000 -> Description = Applicazione che ha provocato l'errore iexplore.exe, versione 7.0.6000.16762, modulo che ha provocato l'errore msvcr80.dll, versione 8.0.50727.762, indirizzo errore 0x00008a8c.
Application [ Error ] 22/10/2009 3.39.33 Computer Name = PC-GIORGIA | Source = Microsoft Office 12 | ID = 5000 -> Description = EventType officelifeboathang, P1 outlook.exe, P2 12.0.4518.1014, P3 outlook.exe, P4 12.0.4518.1014, P5 NIL, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10 NIL.
Application [ Error ] 28/10/2009 12.34.27 Computer Name = PC-GIORGIA | Source = Application Error | ID = 1000 -> Description = Applicazione che ha provocato l'errore iexplore.exe, versione 7.0.6000.16762, modulo che ha provocato l'errore avgssie.dll, versione 8.5.0.405, indirizzo errore 0x00005d27.
Application [ Error ] 01/11/2009 9.05.14 Computer Name = PC-GIORGIA | Source = Application Error | ID = 1000 -> Description = Applicazione che ha provocato l'errore iexplore.exe, versione 7.0.6000.16762, modulo che ha provocato l'errore flash10c.ocx, versione 10.0.32.18, indirizzo errore 0x000d0dcc.
Application [ Error ] 01/11/2009 9.06.25 Computer Name = PC-GIORGIA | Source = Application Error | ID = 1000 -> Description = Applicazione che ha provocato l'errore iexplore.exe, versione 7.0.6000.16762, modulo che ha provocato l'errore flash10c.ocx, versione 10.0.32.18, indirizzo errore 0x000d0dcc.
Application [ Error ] 04/11/2009 4.52.00 Computer Name = PC-GIORGIA | Source = Application Error | ID = 1000 -> Description = Applicazione che ha provocato l'errore iexplore.exe, versione 7.0.6000.16762, modulo che ha provocato l'errore flash10c.ocx, versione 10.0.32.18, indirizzo errore 0x00240b3d.
OSession [ Error ] 23/02/2009 14.48.19 Computer Name = PC-GIORGIA | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 117 seconds with 60 seconds of active time.  This session ended with a crash.
OSession [ Error ] 22/03/2009 7.59.01 Computer Name = PC-GIORGIA | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 122 seconds with 0 seconds of active time.  This session ended with a crash.
System [ Error ] 19/03/2010 9.53.26 Computer Name = PC-GIORGIA | Source = Service Control Manager | ID = 7011 -> Description = Timout (30000 millisecondi) durante l'attesa della risposta alla transazione dal servizio avg8wd.
System [ Error ] 19/03/2010 14.33.48 Computer Name = PC-GIORGIA | Source = DCOM | ID = 10005 -> Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare il servizio wuauserv con gli argomenti ""  per eseguire il server   {E60687F7-01A1-40AA-86AC-DB1CBF673334}
System [ Error ] 22/03/2010 6.50.37 Computer Name = PC-GIORGIA | Source = DCOM | ID = 10005 -> Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare il servizio wuauserv con gli argomenti ""  per eseguire il server   {E60687F7-01A1-40AA-86AC-DB1CBF673334}
System [ Error ] 26/03/2010 7.05.26 Computer Name = PC-GIORGIA | Source = DCOM | ID = 10005 -> Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare il servizio wuauserv con gli argomenti ""  per eseguire il server   {E60687F7-01A1-40AA-86AC-DB1CBF673334}
System [ Error ] 28/03/2010 9.26.52 Computer Name = PC-GIORGIA | Source = DCOM | ID = 10005 -> Description = DCOM ha ricevuto l'errore "%1053" durante il tentativo di avviare il servizio iPod Service con gli argomenti ""  per eseguire il server   {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
System [ Error ] 28/03/2010 9.27.37 Computer Name = PC-GIORGIA | Source = Service Control Manager | ID = 7009 -> Description = Timeout (30000 millisecondi) durante l'attesa della connessione del servizio Servizio iPod.
System [ Error ] 28/03/2010 9.27.37 Computer Name = PC-GIORGIA | Source = Service Control Manager | ID = 7000 -> Description = Il servizio Servizio iPod non è stato avviato per il seguente errore:   %%1053
System [ Error ] 28/03/2010 11.19.23 Computer Name = PC-GIORGIA | Source = DCOM | ID = 10005 -> Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare il servizio wuauserv con gli argomenti ""  per eseguire il server   {E60687F7-01A1-40AA-86AC-DB1CBF673334}
System [ Error ] 28/03/2010 11.27.13 Computer Name = PC-GIORGIA | Source = DCOM | ID = 10010 -> Description = Il server {E60687F7-01A1-40AA-86AC-DB1CBF673334} non si è registrato con DCOM entro il tempo d'attesa richiesto.
System [ Error ] 28/03/2010 11.27.44 Computer Name = PC-GIORGIA | Source = DCOM | ID = 10010 -> Description = Il server {E60687F7-01A1-40AA-86AC-DB1CBF673334} non si è registrato con DCOM entro il tempo d'attesa richiesto.
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Documents and Settings\Giorgia\Desktop\OTS.exe -> [2010/04/01 10.23.32 | 000,637,440 | ---- | C] (OldTimer Tools)
 Malwarebytes -> C:\Documents and Settings\Giorgia\Dati applicazioni\Malwarebytes -> [2010/03/31 18.25.50 | 000,000,000 | ---D | C]
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/03/31 18.25.32 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes -> C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes -> [2010/03/31 18.25.28 | 000,000,000 | ---D | C]
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/03/31 18.25.26 | 000,020,824 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\Programmi\Malwarebytes' Anti-Malware -> [2010/03/31 18.25.25 | 000,000,000 | ---D | C]
 mbam-setup.exe -> C:\Documents and Settings\Giorgia\Desktop\mbam-setup.exe -> [2010/03/31 18.24.06 | 005,918,720 | ---- | C] (Malwarebytes Corporation )
 _OTL -> C:\_OTL -> [2010/03/31 17.52.20 | 000,000,000 | ---D | C]
 OTL.exe -> C:\Documents and Settings\Giorgia\Desktop\OTL.exe -> [2010/03/31 17.51.05 | 000,555,520 | ---- | C] (OldTimer Tools)
 TrendMicro -> C:\Programmi\TrendMicro -> [2010/03/28 18.02.50 | 000,000,000 | ---D | C]
 Microsoft -> C:\Documents and Settings\NetworkService\Dati applicazioni\Microsoft -> [2010/03/28 16.04.35 | 000,000,000 | --SD | M]
 Microsoft -> C:\Documents and Settings\LocalService\Dati applicazioni\Microsoft -> [2010/03/28 16.04.35 | 000,000,000 | --SD | M]
 Microsoft -> C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft -> [2010/03/28 16.04.35 | 000,000,000 | ---D | M]
 AVG9 -> C:\Documents and Settings\Giorgia\Dati applicazioni\AVG9 -> [2010/03/28 15.25.10 | 000,000,000 | ---D | C]
 Spybot - Search & Destroy -> C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy -> [2010/03/26 12.44.10 | 000,000,000 | ---D | C]
 $AVG -> C:\$AVG -> [2010/03/26 10.42.39 | 000,000,000 | -H-D | C]
 avg9 -> C:\Documents and Settings\All Users\Dati applicazioni\avg9 -> [2010/03/26 10.27.57 | 000,000,000 | ---D | C]
 SxsCaPendDel -> C:\WINDOWS\SxsCaPendDel -> [2010/03/26 10.26.56 | 000,000,000 | ---D | C]
 Microsoft -> C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft -> [2010/03/26 10.23.44 | 000,000,000 | ---D | M]
 Non-Dedicated magazines -> C:\Documents and Settings\Giorgia\Desktop\Non-Dedicated magazines -> [2010/03/25 12.13.03 | 000,000,000 | ---D | C]
 Intermediate magazines -> C:\Documents and Settings\Giorgia\Desktop\Intermediate magazines -> [2010/03/25 12.12.52 | 000,000,000 | ---D | C]
 Dedicated magazines -> C:\Documents and Settings\Giorgia\Desktop\Dedicated magazines -> [2010/03/25 12.12.23 | 000,000,000 | ---D | C]
 Maximize Games -> C:\Documents and Settings\Giorgia\Maximize Games -> [2010/03/22 12.39.26 | 000,000,000 | ---D | C]
 antconc3.2.1w.exe -> C:\Documents and Settings\Giorgia\Desktop\antconc3.2.1w.exe -> [2010/03/19 16.00.12 | 003,850,306 | ---- | C] (Laurence Anthony)
 myBabylon_English -> C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\myBabylon_English -> [2009/06/05 17.40.54 | 000,000,000 | ---D | M]
 Apple -> C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple -> [2009/01/23 18.40.11 | 000,000,000 | ---D | M]
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
 
[Files/Folders - Modified Within 30 Days]
 OTS.exe -> C:\Documents and Settings\Giorgia\Desktop\OTS.exe -> [2010/04/01 10.23.32 | 000,637,440 | ---- | M] (OldTimer Tools)
 vtfkyhka.job -> C:\WINDOWS\tasks\vtfkyhka.job -> [2010/04/01 10.00.02 | 000,000,320 | ---- | M] ()
 incavi.avm -> C:\WINDOWS\System32\drivers\Avg\incavi.avm -> [2010/04/01 09.33.52 | 058,333,217 | ---- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/04/01 09.29.46 | 000,002,206 | ---- | M] ()
 SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/04/01 09.28.28 | 000,000,006 | -H-- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/04/01 09.28.24 | 000,002,048 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2010/04/01 09.28.21 | 267,964,416 | -HS- | M] ()
 ntuser.dat -> C:\Documents and Settings\Giorgia\ntuser.dat -> [2010/03/31 21.59.36 | 004,456,448 | ---- | M] ()
 ntuser.ini -> C:\Documents and Settings\Giorgia\ntuser.ini -> [2010/03/31 21.59.36 | 000,000,194 | -HS- | M] ()
 User_Feed_Synchronization-{A9DA7A23-CD4A-4ABC-8B76-499BB36F91B2}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{A9DA7A23-CD4A-4ABC-8B76-499BB36F91B2}.job -> [2010/03/31 19.32.30 | 000,000,418 | -H-- | M] ()
 GDIPFONTCACHEV1.DAT -> C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT -> [2010/03/31 18.49.56 | 000,069,616 | ---- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/03/31 18.25.38 | 000,000,676 | ---- | M] ()
 mbam-setup.exe -> C:\Documents and Settings\Giorgia\Desktop\mbam-setup.exe -> [2010/03/31 18.24.06 | 005,918,720 | ---- | M] (Malwarebytes Corporation )
 IconCache.db -> C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\IconCache.db -> [2010/03/31 17.56.09 | 005,324,756 | -H-- | M] ()
 OTL.exe -> C:\Documents and Settings\Giorgia\Desktop\OTL.exe -> [2010/03/31 17.51.05 | 000,555,520 | ---- | M] (OldTimer Tools)
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/03/31 17.41.44 | 000,266,208 | ---- | M] ()
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/03/29 15.24.58 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/03/29 15.24.46 | 000,020,824 | ---- | M] (Malwarebytes Corporation)
 HiJackThis.lnk -> C:\Documents and Settings\Giorgia\Desktop\HiJackThis.lnk -> [2010/03/28 18.24.27 | 000,002,423 | ---- | M] ()
 AVG Free 9.0.lnk -> C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk -> [2010/03/28 16.08.52 | 000,001,479 | ---- | M] ()
 perfh010.dat -> C:\WINDOWS\System32\perfh010.dat -> [2010/03/28 15.29.03 | 000,347,866 | ---- | M] ()
 PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI -> [2010/03/28 15.29.02 | 000,759,504 | ---- | M] ()
 perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010/03/28 15.29.02 | 000,314,508 | ---- | M] ()
 perfc010.dat -> C:\WINDOWS\System32\perfc010.dat -> [2010/03/28 15.29.02 | 000,048,568 | ---- | M] ()
 perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010/03/28 15.29.02 | 000,040,836 | ---- | M] ()
 AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2010/03/26 18.40.44 | 000,000,276 | ---- | M] ()
 avgtdix.sys -> C:\WINDOWS\System32\drivers\avgtdix.sys -> [2010/03/26 10.41.34 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.)
 avgldx86.sys -> C:\WINDOWS\System32\drivers\avgldx86.sys -> [2010/03/26 10.41.28 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.)
 avgmfx86.sys -> C:\WINDOWS\System32\drivers\avgmfx86.sys -> [2010/03/26 10.41.26 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.)
 avgrsstx.dll -> C:\WINDOWS\System32\avgrsstx.dll -> [2010/03/26 10.40.46 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.)
 iavichjw.avm -> C:\WINDOWS\System32\drivers\Avg\iavichjw.avm -> [2010/03/26 10.40.38 | 000,113,461 | ---- | M] ()
 d3d9caps.dat -> C:\WINDOWS\System32\d3d9caps.dat -> [2010/03/25 12.09.16 | 000,001,744 | ---- | M] ()
 antconc3.2.1w.exe -> C:\Documents and Settings\Giorgia\Desktop\antconc3.2.1w.exe -> [2010/03/19 16.00.12 | 003,850,306 | ---- | M] (Laurence Anthony)
 217 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
 
[Files - No Company Name]
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/03/31 18.25.38 | 000,000,676 | ---- | C] ()
 HiJackThis.lnk -> C:\Documents and Settings\Giorgia\Desktop\HiJackThis.lnk -> [2010/03/28 18.02.51 | 000,002,423 | ---- | C] ()
 AVG Free 9.0.lnk -> C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk -> [2010/03/28 16.08.52 | 000,001,479 | ---- | C] ()
 FCIC.INI -> C:\WINDOWS\FCIC.INI -> [2009/03/10 18.23.57 | 000,002,528 | ---- | C] ()
 vgugpoty.ini -> C:\WINDOWS\System32\vgugpoty.ini -> [2009/01/22 17.50.02 | 001,474,003 | -HS- | C] ()
 irgxqnts.ini -> C:\WINDOWS\System32\irgxqnts.ini -> [2009/01/21 20.23.00 | 001,474,003 | -HS- | C] ()
 vanujrwg.ini -> C:\WINDOWS\System32\vanujrwg.ini -> [2009/01/20 20.21.46 | 001,472,741 | -HS- | C] ()
 lvgdyqsv.ini -> C:\WINDOWS\System32\lvgdyqsv.ini -> [2009/01/19 19.24.29 | 001,472,741 | -HS- | C] ()
 rkelugjp.ini -> C:\WINDOWS\System32\rkelugjp.ini -> [2009/01/19 19.21.28 | 001,443,651 | -HS- | C] ()
 thvioosn.ini -> C:\WINDOWS\System32\thvioosn.ini -> [2009/01/17 17.41.29 | 001,442,941 | -HS- | C] ()
 dehPonmp.ini2 -> C:\WINDOWS\System32\dehPonmp.ini2 -> [2009/01/17 17.40.15 | 000,415,538 | -HS- | C] ()
 dehPonmp.ini -> C:\WINDOWS\System32\dehPonmp.ini -> [2009/01/17 17.40.14 | 000,415,538 | -HS- | C] ()
 pdfcmnnt.dll -> C:\WINDOWS\System32\pdfcmnnt.dll -> [2009/01/09 02.45.34 | 000,116,224 | ---- | C] ()
 cmirmdrv.dll -> C:\WINDOWS\System32\cmirmdrv.dll -> [2003/02/19 02.26.28 | 000,028,672 | ---- | C] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:D02FBAEC
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:C213B3C4
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:0D52F295
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:18BFD8F8
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:FA408F93
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:E8CB831A
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:D8F9D810
@Alternate Data Stream - 292 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:74A6F815
@Alternate Data Stream - 294 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:B9502C3B
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:CDAD96F5
@Alternate Data Stream - 307 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:0A085469
@Alternate Data Stream - 311 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:7A8B9BF3
@Alternate Data Stream - 335 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:07557E0B
< End of report >

Hope it helps.
Bye
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Problems with my internet connection and AV7
« Reply #13 on: April 01, 2010, 08:57:06 AM »
Double-click on OTS.exe to start the program
Copy/Paste the information in the codebox below into the pane where it says "Paste Fix Here" and then click the green Run Fix button.
Code: [Select]
[Kill Explorer]
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > ->
YN -> HKEY_CURRENT_USER\: URLSearchHooks\\"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< HOSTS File > ([2009/06/03 19.57.08 | 000,000,804 | ---- | M] - 21 lines) -> C:\WINDOWS\system32\drivers\etc\hosts
YN -> 127.0.0.1  local.subssearch.com ->
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {F52F46FA-0980-485A-A724-332A0946C80D} [HKLM] -> C:\WINDOWS\System32\pmnoPhed.dll [Reg Error: Value error.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
*AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls
YN -> njfjxf.dll ->
< AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
*LSA Authentication Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
YN -> C:\WINDOWS\system32\pmnoPhed ->
< LSA Authentication Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
YN -> "D:\SetupWizard.exe" -> D:\SetupWizard.exe [D:\SetupWizard.exe:*:Enabled:SetupWizard]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YN -> "C:\Programmi\TorrentsDownloadBin\SubsSearch.exe" -> C:\Programmi\TorrentsDownloadBin\SubsSearch.exe [C:\Programmi\TorrentsDownloadBin\SubsSearch.exe:*:Enabled:UniFS Media - SubsSearch.exe]
YN -> "C:\WINDOWS\Temp\NavBrowser.exe" -> C:\WINDOWS\Temp\NavBrowser.exe [C:\WINDOWS\Temp\NavBrowser.exe:*:Enabled:NAVBrowser]
YN -> "D:\SetupWizard.exe" -> D:\SetupWizard.exe [D:\SetupWizard.exe:*:Enabled:SetupWizard]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> \{1b69c2c0-3770-11df-ae34-000476d12534} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell ->
YN -> \{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\1\Command ->
YN -> \{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\1\Command\\"" -> [.\RECYCLER\RECYCLER\autorun.exe]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\2\Command ->
YN -> \{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\2\Command\\"" -> [.\RECYCLER\RECYCLER\autorun.exe]
[Files/Folders - Modified Within 30 Days]
NY -> vtfkyhka.job -> C:\WINDOWS\tasks\vtfkyhka.job
[Files - No Company Name]
NY -> vgugpoty.ini -> C:\WINDOWS\System32\vgugpoty.ini
NY -> irgxqnts.ini -> C:\WINDOWS\System32\irgxqnts.ini
NY -> vanujrwg.ini -> C:\WINDOWS\System32\vanujrwg.ini
NY -> lvgdyqsv.ini -> C:\WINDOWS\System32\lvgdyqsv.ini
NY -> rkelugjp.ini -> C:\WINDOWS\System32\rkelugjp.ini
NY -> thvioosn.ini -> C:\WINDOWS\System32\thvioosn.ini
NY -> dehPonmp.ini2 -> C:\WINDOWS\System32\dehPonmp.ini2
NY -> dehPonmp.ini -> C:\WINDOWS\System32\dehPonmp.ini
[Empty Temp Folders]
[Start Explorer]
[Reboot]The fix should only take a very short time. When the fix is completed either a message box will popup telling you that it is finished or you will be asked to reboot to finish the fix. If it is finished, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here.
If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTS.exe will finish moving any files that could not be moved during the fix and Notepad will open with the final results at that time. Post that information back here.
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline joy

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
    • http://
Problems with my internet connection and AV7
« Reply #14 on: April 01, 2010, 10:49:20 AM »
OTS only asked me to reboot. I clicked Yes. After reboot the following logfile opened.

Here the logfile:

All Processes Killed
No active process named Explorer.EXE was found!
[Registry - Safe List]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\ not found.
127.0.0.1 local.subssearch.com removed from HOSTS file successfully
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F52F46FA-0980-485A-A724-332A0946C80D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F52F46FA-0980-485A-A724-332A0946C80D}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:njfjxf.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\pmnoPhed deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List\\D:\SetupWizard.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Programmi\TorrentsDownloadBin\SubsSearch.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\Temp\NavBrowser.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\D:\SetupWizard.exe deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b69c2c0-3770-11df-ae34-000476d12534}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\1\Command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\1\Command not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\2\Command\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b69c2c0-3770-11df-ae34-000476d12534}\Shell\2\Command not found.
[Files/Folders - Modified Within 30 Days]
C:\WINDOWS\tasks\vtfkyhka.job moved successfully.
[Files - No Company Name]
C:\WINDOWS\System32\vgugpoty.ini moved successfully.
C:\WINDOWS\System32\irgxqnts.ini moved successfully.
C:\WINDOWS\System32\vanujrwg.ini moved successfully.
C:\WINDOWS\System32\lvgdyqsv.ini moved successfully.
C:\WINDOWS\System32\rkelugjp.ini moved successfully.
C:\WINDOWS\System32\thvioosn.ini moved successfully.
C:\WINDOWS\System32\dehPonmp.ini2 moved successfully.
C:\WINDOWS\System32\dehPonmp.ini moved successfully.
[Empty Temp Folders]
 
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
 
User: Giorgia
->Temp folder emptied: 111169935 bytes
->Temporary Internet Files folder emptied: 206094161 bytes
->Java cache emptied: 69509617 bytes
->Google Chrome cache emptied: 6398159 bytes
->Flash cache emptied: 437814 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 4134372 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1955761 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 60 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 64655 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 381,00 mb
 
< End of fix log >
OTS by OldTimer - Version 3.1.27.1 fix logfile created on 04012010_173545

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Giorgia\Impostazioni locali\Temp\~DF2A3.tmp not found!
File\Folder C:\Documents and Settings\Giorgia\Impostazioni locali\Temp\~DF329.tmp not found!
C:\Documents and Settings\Giorgia\Impostazioni locali\Temporary Internet Files\Content.IE5\ZLA3KWUT\iframe[1].htm moved successfully.
C:\Documents and Settings\Giorgia\Impostazioni locali\Temporary Internet Files\Content.IE5\PBF9UZXY\index[4].htm moved successfully.
C:\Documents and Settings\Giorgia\Impostazioni locali\Temporary Internet Files\Content.IE5\FPOVFGNR\IYVDB6CAMZCOD8CASVVY4BCA3Q3813CA8VN2YICAVQ9ZU5CAULMYMVCAQUDN8QCA6XQD9FCAQFG
ZYUCAQQRH77CAYG8Q6TCA1243VJCA8ETO6PCADRDRA7CA6U6UADCAGVYF38CA1W20LQCAARJE2F.htm moved successfully.
C:\Documents and Settings\Giorgia\Impostazioni locali\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.

Registry entries deleted on Reboot...


Bye
« Last Edit: April 01, 2010, 10:53:13 AM by joy »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Problems with my internet connection and AV7
« Reply #15 on: April 02, 2010, 12:23:49 PM »
Reopen MalwareByte's Anti-Malware
open the UPDATE tab, check for Updates, install the new updated version
Reopen MBAM, again check for updates to ensure the database is totally up to date
Then run another Quick Scan and post back the latest log that opens when done

Can you reopen OTL.exe and click on Run Scan
When the scan is done post the log that opens, in addition keep me informed how things are now running
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline joy

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
    • http://
Problems with my internet connection and AV7
« Reply #16 on: April 03, 2010, 06:28:16 AM »
Hi...
Unfortunately I still have problems with my connection to internet.
Sometimes it falls and put me directly in off line, so I have to keep open Outlook.
When the connection falls, it opens the pop-up for connecting to internet, as I click on 'connect' it displays an error message: error 678,
[Error 678. The remote computer is not responding (in general lack of dialogue between the PC and ADSL modem or no signal)].
However, if I open Outlook then the connection is restablished.


Here MBAM logfile:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3948

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

03/04/2010 13.04.34
mbam-log-2010-04-03 (13-04-34).txt

Scan type: Quick scan
Objects scanned: 98949
Time elapsed: 10 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Here OTL logfile:

OTL logfile created on: 03/04/2010 13.17.27 - Run 4
OTL by OldTimer - Version 3.1.37.3     Folder = C:\Documents and Settings\Giorgia\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
255,00 Mb Total Physical Memory | 119,00 Mb Available Physical Memory | 46,00% Memory free
618,00 Mb Paging File | 272,00 Mb Available in Paging File | 44,00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 38,28 Gb Total Space | 27,88 Gb Free Space | 72,84% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: PC-GIORGIA
Current User Name: Giorgia
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=\"#E56717\"]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/04/02 10.13.11 | 002,064,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgtray.exe
PRC - [2010/04/02 10.12.51 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/31 17.51.05 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Giorgia\Desktop\OTL.exe
PRC - [2010/03/26 10.37.56 | 000,617,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgnsx.exe
PRC - [2010/03/26 10.37.51 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgrsx.exe
PRC - [2010/03/26 10.37.44 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/26 10.35.04 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG9\avgwdsvc.exe
PRC - [2009/03/06 00.04.30 | 000,132,424 | ---- | M] (Apple Inc.) -- C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/04/14 04.14.07 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/13 19.36.40 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msfeedssync.exe
PRC - [2006/10/27 16.16.48 | 012,813,096 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2004/03/16 14.49.16 | 000,184,320 | ---- | M] () -- C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
PRC - [2002/07/01 05.05.00 | 000,074,752 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE
 
 
[color=\"#E56717\"]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/03/31 17.51.05 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Giorgia\Desktop\OTL.exe
 
 
[color=\"#E56717\"]========== Win32 Services (SafeList) ==========[/color]
 
SRV - [2010/03/26 10.35.04 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programmi\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/03/06 00.04.30 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/01/09 14.37.51 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006/10/26 20.49.34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14.03.08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002/07/17 02.03.00 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
 
 
[color=\"#E56717\"]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2010/03/26 10.41.34 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/26 10.41.28 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/03/26 10.41.26 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/04/13 20.53.09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 20.45.29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 20.36.39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/10/05 18.41.52 | 000,052,864 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CnxTrUsb.sys -- (CnxTrUsb)
DRV - [2004/10/05 18.41.52 | 000,025,984 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CnxTrLan.sys -- (CnxTrLan)
DRV - [2004/08/04 00.29.56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/18 00.00.04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 22.11.06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
 
 
[color=\"#E56717\"]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=\"#E56717\"]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.Google.com/
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
 
 
 
O1 HOSTS File: ([2010/04/01 17.35.56 | 000,001,542 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programmi\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Cmaudio]  File not found
O4 - HKLM..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [SSC Service Utility] C:\Programmi\SSC Service Utility\ssc_serv.exe File not found
O4 - HKCU..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\Giorgia\Menu Avvio\Programmi\Esecuzione automatica\Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programmi\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmi\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1231415365683 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D1548A26-B8F6-4E86-AE74-E7062CCC2E2A} http://www.miniclip.com/igloader/igloader.CAB (igLoader Content on Demand)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {ECD97A8A-7B1A-428D-B696-3ED29826CE55} http://www.pointworld.kr/ocx/PointWorldXZ.ocx (PointWorld)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/08 01.38.37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=\"#E56717\"]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/04/01 17.35.45 | 000,000,000 | ---D | C] -- C:\_OTS
[2010/04/01 10.23.32 | 000,637,440 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Giorgia\Desktop\OTS.exe
[2010/03/31 18.25.50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Dati applicazioni\Malwarebytes
[2010/03/31 18.25.32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/31 18.25.28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
[2010/03/31 18.25.26 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/31 18.25.25 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware
[2010/03/31 18.24.06 | 005,918,720 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Giorgia\Desktop\mbam-setup.exe
[2010/03/31 17.52.20 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/31 17.51.05 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Giorgia\Desktop\OTL.exe
[2010/03/28 18.02.50 | 000,000,000 | ---D | C] -- C:\Programmi\TrendMicro
[2010/03/28 16.04.35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Microsoft
[2010/03/28 16.04.35 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Dati applicazioni\Microsoft
[2010/03/28 16.04.35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft
[2010/03/28 15.25.10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Dati applicazioni\AVG9
[2010/03/26 12.44.10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
[2010/03/26 10.42.39 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/03/26 10.27.57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\avg9
[2010/03/26 10.26.56 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/03/26 10.23.44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft
[2010/03/25 12.13.03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Desktop\Non-Dedicated magazines
[2010/03/25 12.12.52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Desktop\Intermediate magazines
[2010/03/25 12.12.23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Desktop\Dedicated magazines
[2010/03/22 12.39.26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Giorgia\Maximize Games
[2010/03/19 16.00.12 | 003,850,306 | ---- | C] (Laurence Anthony) -- C:\Documents and Settings\Giorgia\Desktop\antconc3.2.1w.exe
[2009/06/05 17.40.54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\myBabylon_English
[2009/01/23 18.40.11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Apple
 
[color=\"#E56717\"]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/04/03 12.41.54 | 058,476,103 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/03 12.35.33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/03 12.35.02 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A9DA7A23-CD4A-4ABC-8B76-499BB36F91B2}.job
[2010/04/03 12.34.13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/03 12.34.08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/03 12.34.06 | 267,964,416 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/02 19.17.38 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Giorgia\ntuser.dat
[2010/04/02 19.17.38 | 000,000,194 | -HS- | M] () -- C:\Documents and Settings\Giorgia\ntuser.ini
[2010/04/02 13.50.12 | 005,326,442 | -H-- | M] () -- C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\IconCache.db
[2010/04/01 10.23.32 | 000,637,440 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Giorgia\Desktop\OTS.exe
[2010/03/31 18.49.56 | 000,069,616 | ---- | M] () -- C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
[2010/03/31 18.25.38 | 000,000,676 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/31 18.24.06 | 005,918,720 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\Giorgia\Desktop\mbam-setup.exe
[2010/03/31 17.51.05 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Giorgia\Desktop\OTL.exe
[2010/03/31 17.41.44 | 000,266,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/29 15.24.58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/29 15.24.46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 18.24.27 | 000,002,423 | ---- | M] () -- C:\Documents and Settings\Giorgia\Desktop\HiJackThis.lnk
[2010/03/28 16.08.52 | 000,001,479 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/03/28 15.29.03 | 000,347,866 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2010/03/28 15.29.02 | 000,759,504 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/28 15.29.02 | 000,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/28 15.29.02 | 000,048,568 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2010/03/28 15.29.02 | 000,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/26 18.40.44 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/26 10.41.34 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/03/26 10.41.28 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/03/26 10.41.26 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/03/26 10.40.46 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/03/26 10.40.38 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/03/25 12.09.16 | 000,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/19 16.00.12 | 003,850,306 | ---- | M] (Laurence Anthony) -- C:\Documents and Settings\Giorgia\Desktop\antconc3.2.1w.exe
 
[color=\"#E56717\"]========== Files Created - No Company Name ==========[/color]
 
[2010/03/31 18.25.38 | 000,000,676 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/28 18.02.51 | 000,002,423 | ---- | C] () -- C:\Documents and Settings\Giorgia\Desktop\HiJackThis.lnk
[2010/03/28 16.08.52 | 000,001,479 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2009/10/05 13.40.24 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Giorgia\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/10 18.23.57 | 000,002,528 | ---- | C] () -- C:\WINDOWS\FCIC.INI
[2009/01/09 02.45.34 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2003/02/19 02.26.28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
 
[color=\"#E56717\"]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 335 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:07557E0B
@Alternate Data Stream - 311 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:7A8B9BF3
@Alternate Data Stream - 307 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:0A085469
@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:CDAD96F5
@Alternate Data Stream - 294 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:B9502C3B
@Alternate Data Stream - 292 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:74A6F815
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:D8F9D810
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:E8CB831A
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:FA408F93
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:18BFD8F8
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:0D52F295
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:C213B3C4
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:D02FBAEC
< End of report >


Bye
Logged

Offline joy

  • Jr. Member
  • **
  • Posts: 93
  • Karma: +0/-0
    • View Profile
    • http://
Problems with my internet connection and AV7
« Reply #17 on: April 03, 2010, 09:11:16 AM »
I'm trying to understand what can be wrong...
I mean, I changed my modem a couple of weeks ago. My old modem was broken.
I installed Linksys AM200 model for adsl with Ethernet. I did the online configuration as explained on the packaging.
I put in the data (PPPoA, automatic IP address).

Maybe I have problems with that thing...I don't know,I'm just trying to understand...

Thanks
Bye
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Problems with my internet connection and AV7
« Reply #18 on: April 04, 2010, 12:05:54 AM »
Download ComboFix from only this location:

[color=\"#0000FF\"]Link [/color]
[color=\"#FF0000\"]Save it ONLY to your Desktop[/color]

      --------------------------------------------------------------------
[color=\"#2E8B57\"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]
Instructions for AVG9
To disable the Resident Shield, please:
    * Open AVG User Interface.
    * Double-click on the Resident Shield.
    * Un-tick the option Resident Shield active.
    * Save the changes.

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

Reenable protection with AVG
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »