Solved AXWIN Frame Window: svchost.exe - Application Error

lobo80 · 2010/08/28

[Solved] AXWIN Frame Window: svchost.exe - Application Error

Hello, I have a problem with my pc: an application error message appairs on monitor.
I try different malware-adaware software, but without luck.

My full error reads:
AXWIN Frame Window: svchost.exe - Application Error
The instruction as "0x4503df76" referenced memory at "0x00000013 ". The memory could not be "read ".

The only option I get is to click ok to terminate the program. I find that if I click OK then the computer hangs and I can hardly do anything.
If I just leave the error open then I can continue my work on trying to resolve the issue.

Thanks for you help, I ran the dds.exe and down you can read my dds.txt log...

DDS (Ver_10-03-17.01) - NTFSx86
Run by Vincenzo at 10.20.21,32 on 28/08/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2047.1236 [GMT 2:00]

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\ESET\ESET Smart Security\egui.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Media Player\WMPNSCFG.exe
C:\Programmi\Application Updater\ApplicationUpdater.exe
C:\Programmi\Desktop Media\mediadetect.exe
C:\Documents and Settings\Vincenzo\Documenti\apps\EventManager\EventManager.exe
C:\Documents and Settings\Vincenzo\Documenti\apps\Trasformare Xp\Lclock\LC162b\LClock.exe
C:\Programmi\UberIcon\UberIcon Manager.exe
C:\Documents and Settings\Vincenzo\Documenti\apps\Trasformare Xp\yzshdw22\YzShadow.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Programmi\IVT Corporation\BlueSoleil\BsMobileCS.exe
C:\Programmi\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Programmi\Java\jre6\bin\jqs.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programmi\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Programmi\Opera\opera.exe
C:\Documents and Settings\Vincenzo\Documenti\apps\mIRC Italiano\mirc.exe
C:\Documents and Settings\Vincenzo\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2420539
uInternet Settings,ProxyOverride = local
uURLSearchHooks: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\programmi\pdfforge toolbar\SearchSettings.dll
uURLSearchHooks: TVlinks Toolbar: {de7f8f69-d11f-4b97-9a00-b0e42dfdcc93} - c:\programmi\tvlinks\tbTVl1.dll
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\programmi\pdfforge toolbar\ie\1.1.2\pdfforgeToolbarIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programmi\java\jre6\bin\jp2ssv.dll
BHO: TVlinks Toolbar: {de7f8f69-d11f-4b97-9a00-b0e42dfdcc93} - c:\programmi\tvlinks\tbTVl1.dll
BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\programmi\pdfforge toolbar\SearchSettings.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programmi\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\programmi\pdfforge toolbar\ie\1.1.2\pdfforgeToolbarIE.dll
TB: TVlinks Toolbar: {de7f8f69-d11f-4b97-9a00-b0e42dfdcc93} - c:\programmi\tvlinks\tbTVl1.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\documents and settings\vincenzo\desktop\messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] c:\programmi\windows media player\WMPNSCFG.exe
mRun: [AtiPTA] atiptaxx.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [egui] "c:\programmi\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [SearchSettings] c:\programmi\pdfforge toolbar\SearchSettings.exe
mRun: [SunJavaUpdateSched] "c:\programmi\file comuni\java\java update\jusched.exe "
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
StartupFolder: c:\docume~1\vincenzo\menuav~1\progra~1\esecuz~1\eventm~1.lnk - c:\documents and settings\vincenzo\documenti\apps\eventmanager\EventManager.exe
StartupFolder: c:\docume~1\vincenzo\menuav~1\progra~1\esecuz~1\lclock.lnk - c:\documents and settings\vincenzo\documenti\apps\trasformare xp\lclock\lc162b\LClock.exe
StartupFolder: c:\docume~1\vincenzo\menuav~1\progra~1\esecuz~1\uberic~1.lnk - c:\programmi\ubericon\UberIcon Manager.exe
StartupFolder: c:\docume~1\vincenzo\menuav~1\progra~1\esecuz~1\yzshad~1.lnk - c:\documents and settings\vincenzo\documenti\apps\trasformare xp\yzshdw22\YzShadow.exe
StartupFolder: c:\docume~1\alluse~1\menuav~1\progra~1\esecuz~1\deskto~1.lnk - c:\programmi\desktop media\mediadetect.exe
uPolicies-explorer: NoSMHelp = 1 (0x1)
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: Invia tramite Bluetooth - c:\programmi\ivt corporation\bluesoleil\transsend\ie\tsinfo.htm
IE: Invia usando Messaggio(&M)... - c:\programmi\ivt corporation\bluesoleil\transsend\ie\tssms.htm
IE: Scarica con Mipony - file://c:\documents and settings\vincenzo\desktop\mipony-installer\browser\IEContext.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: {4819DFDF-ABC4-488C-A323-919848C51175}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: {BC30DBFF-02EE-4EDE-B2A2-18A349CE0C9D} = 172.16.1.131,172.16.1.132
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\windows\system32\skype4com.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {5C240589-711B-0CB8-073B-9AA5122C2F9C} - c:\programmi\winlog.exe\sploov.exe s

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\vincenzo\datiap~1\mozilla\firefox\profiles\8chtt890.default\
FF - plugin: c:\programmi\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programmi\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\programmi\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\programmi\opera\program\plugins\nppl3260.dll
FF - plugin: c:\programmi\opera\program\plugins\nprpjplug.dll
FF - plugin: c:\programmi\veetle\player\npvlc.dll
FF - plugin: c:\programmi\veetle\plugins\npVeetle.dll
FF - plugin: c:\programmi\veetle\vlcbroadcast\npvbp.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\programmi\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\programmi\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\programmi\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\programmi\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\programmi\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\programmi\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\programmi\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\programmi\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\programmi\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\programmi\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\programmi\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\programmi\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\programmi\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\programmi\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\programmi\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\programmi\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\programmi\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\programmi\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\programmi\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\programmi\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\programmi\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-1-21 20744]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-8-17 64288]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]
R1 SASDIFSV;SASDIFSV;c:\docume~1\vincenzo\impost~1\temp\sas_selfextract\SASDIFSV.SYS [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\docume~1\vincenzo\impost~1\temp\sas_selfextract\SASKUTIL.sys [2010-5-10 67656]
R2 Application Updater;Application Updater;c:\programmi\application updater\ApplicationUpdater.exe [2010-1-8 380928]
R2 BsMobileCS;BsMobileCS;c:\programmi\ivt corporation\bluesoleil\BsMobileCS.exe [2009-2-27 143467]
R2 ekrn;ESET Service;c:\programmi\eset\eset smart security\ekrn.exe [2009-5-14 731840]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\lavasoft\ad-aware\AAWService.exe [2010-7-12 1355416]
R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2009-6-17 30088]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-1-21 26248]
R3 TTTvTune;Cinergy 400 TV Tuner;c:\windows\system32\drivers\PhTvTune.sys [2010-3-15 16128]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\programmi\lavasoft\ad-aware\kernexplorer.sys [2010-8-18 15008]
S3 SASENUM;SASENUM;\??\c:\docume~1\vincenzo\impost~1\temp\sas_selfextract\sasenum.sys --> c:\docume~1\vincenzo\impost~1\temp\sas_selfextract\SASENUM.SYS [?]

=============== Created Last 30 ================

2010-08-18 11:00:00 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-18 09:50:31 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-17 15:45:34 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-17 15:39:00 0 dc-h--w- c:\docume~1\alluse~1\datiap~1\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-17 15:38:41 0 d-----w- c:\programmi\Lavasoft
2010-08-13 15:12:36 66 ---h--w- c:\windows\popcreg.dat
2010-08-13 15:00:30 43 ----a-w- c:\windows\popcinfot.dat
2010-08-13 14:37:13 0 d-----w- c:\docume~1\alluse~1\datiap~1\PopCap Games
2010-08-12 14:58:59 4 ----a-w- C:\Conf.Mer
2010-08-12 14:53:06 297472 ----a-w- c:\windows\uninst.exe
2010-08-07 15:05:54 0 d-----w- c:\documents and settings\vincenzo\Portable HexenII
2010-08-07 10:01:39 0 d-----w- c:\programmi\TeaTimer (Spybot - Search & Destroy)
2010-08-07 10:01:39 0 d-----w- c:\programmi\File Scanner Library (Spybot - Search & Destroy)
2010-08-07 10:01:36 0 d-----w- c:\programmi\SDHelper (Spybot - Search & Destroy)
2010-08-07 10:01:36 0 d-----w- c:\programmi\Misc. Support Library (Spybot - Search & Destroy)
2010-08-07 06:52:48 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-04 21:40:21 0 d-----w- c:\windows\system32\wbem\Repository
2010-08-04 19:14:37 5 ----a-w- C:\zrpt.xml
2010-08-03 20:54:14 4 ----a-w- c:\docume~1\vincenzo\datiap~1\avdrn.dat

==================== Find3M ====================

2010-07-17 03:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-02 11:14:45 79044 ----a-w- c:\windows\system32\perfc010.dat
2010-07-02 11:14:45 479366 ----a-w- c:\windows\system32\perfh010.dat
2009-10-17 16:26:10 32768 --sha-w- c:\windows\system32\config\systemprofile\impostazioni locali\cronologia\history.ie5\mshist012009101720091018\index.dat

============= FINISH: 10.21.42,03 ===============

PeteC · 2010/08/28

And the contents of Attach.txt, please - as instructed here

lobo80 · 2010/08/28

re:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 07/05/2005 17.24.05
System Uptime: 28/08/2010 7.00.27 (3 hours ago)

Motherboard: | | PM800-M2
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Socket 478 | 2795/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 379 GiB total, 82,912 GiB free.
D: is CDROM ()
E: is Removable
F: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP75: 27/05/2010 20.56.07 - Punto di arresto del sistema
RP76: 28/05/2010 22.35.58 - Punto di arresto del sistema
RP77: 29/05/2010 16.51.34 - Installed Rapidshare Auto Downloader 4.1
RP78: 31/05/2010 21.03.55 - Punto di arresto del sistema
RP79: 02/06/2010 11.23.50 - Punto di arresto del sistema
RP80: 03/06/2010 20.42.57 - Punto di arresto del sistema
RP81: 07/06/2010 20.49.38 - Punto di arresto del sistema
RP82: 09/06/2010 19.37.45 - Punto di arresto del sistema
RP83: 10/06/2010 18.46.41 - Software Distribution Service 3.0
RP84: 11/06/2010 12.27.38 - Software Distribution Service 3.0
RP85: 15/06/2010 21.22.30 - Punto di arresto del sistema
RP86: 15/06/2010 22.53.53 - Operazione di ripristino
RP87: 16/06/2010 18.50.55 - Software Distribution Service 3.0
RP88: 16/06/2010 20.48.12 - Installed Ashampoo Office 2010
RP89: 16/06/2010 21.13.26 - Removed Ashampoo Office 2010
RP90: 19/06/2010 21.58.46 - Punto di arresto del sistema
RP91: 22/06/2010 1.02.24 - Punto di arresto del sistema
RP92: 22/06/2010 23.01.22 - Removed Opera 10.53.
RP93: 22/06/2010 23.01.40 - Installed Opera 10.54.
RP94: 24/06/2010 1.13.54 - Punto di arresto del sistema
RP95: 27/06/2010 0.10.37 - Punto di arresto del sistema
RP96: 28/06/2010 1.03.37 - Punto di arresto del sistema
RP97: 01/07/2010 0.26.36 - Punto di arresto del sistema
RP98: 02/07/2010 10.32.24 - Punto di arresto del sistema
RP99: 02/07/2010 11.44.30 - Removed Opera 10.54.
RP100: 02/07/2010 11.44.47 - Installed Opera 10.60.
RP101: 02/07/2010 13.10.23 - Installed Windows XP WIC.
RP102: 02/07/2010 13.13.28 - Installed %1 %2.
RP103: 02/07/2010 13.13.34 - Driver della stampante Microsoft XPS Document Writer installato
RP104: 02/07/2010 13.16.14 - Installed %1 %2.
RP105: 03/07/2010 0.29.56 - Software Distribution Service 3.0
RP106: 03/07/2010 15.23.33 - Installed Zend Optimizer
RP107: 03/07/2010 15.25.07 - Removed Zend Optimizer
RP108: 15/07/2010 19.13.46 - Software Distribution Service 3.0
RP109: 19/07/2010 11.29.25 - Punto di arresto del sistema
RP110: 21/07/2010 22.06.02 - Punto di arresto del sistema
RP111: 25/07/2010 19.55.44 - Punto di arresto del sistema
RP112: 26/07/2010 22.35.51 - Installed MacDrive 8
RP113: 26/07/2010 22.55.15 - Removed MacDrive 8
RP114: 29/07/2010 17.58.47 - Punto di arresto del sistema
RP115: 01/08/2010 23.52.46 - Punto di arresto del sistema
RP116: 02/08/2010 22.33.19 - Software Distribution Service 3.0
RP117: 04/08/2010 21.23.50 - Removed Opera 10.60.
RP118: 04/08/2010 21.35.22 - Installed Opera 10.51.
RP119: 04/08/2010 23.39.34 - Operazione di ripristino
RP120: 04/08/2010 23.43.36 - Removed Opera 10.60.
RP121: 04/08/2010 23.44.23 - Installed Opera 10.51.
RP122: 05/08/2010 18.29.05 - Removed Opera 10.51.
RP123: 05/08/2010 18.29.23 - Installed Opera 10.60.
RP124: 07/08/2010 10.19.37 - Punto di arresto del sistema
RP125: 07/08/2010 18.10.31 - Operazione di ripristino
RP126: 11/08/2010 21.23.17 - Punto di arresto del sistema
RP127: 13/08/2010 1.01.24 - Punto di arresto del sistema
RP128: 14/08/2010 11.43.41 - Punto di arresto del sistema
RP129: 16/08/2010 23.32.13 - Punto di arresto del sistema
RP130: 17/08/2010 14.33.05 - Removed Opera 10.60.
RP131: 17/08/2010 14.33.22 - Installed Opera 10.61.
RP132: 23/08/2010 20.22.06 - Java(TM) 6 Update 21 installato
RP133: 25/08/2010 17.49.13 - Punto di arresto del sistema

==== Installed Programs ======================

AAC Decoder
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Aggiornamento della protezione for Windows Media Player 9 Series (KB969878)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB938127-v2)
Aggiornamento della protezione per Windows Internet Explorer 7 (KB974455)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB971961)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB976325)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB978207)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB981332)
Aggiornamento della protezione per Windows Internet Explorer 8 (KB982381)
Aggiornamento della protezione per Windows Media Player (KB952069)
Aggiornamento della protezione per Windows Media Player (KB954155)
Aggiornamento della protezione per Windows Media Player (KB968816)
Aggiornamento della protezione per Windows Media Player (KB973540)
Aggiornamento della protezione per Windows Media Player (KB978695)
Aggiornamento della protezione per Windows Media Player 11 (KB954154)
Aggiornamento della protezione per Windows XP (KB923789)
Aggiornamento della protezione per Windows XP (KB941569)
Aggiornamento della protezione per Windows XP (KB950762)
Aggiornamento della protezione per Windows XP (KB950974)
Aggiornamento della protezione per Windows XP (KB951066)
Aggiornamento della protezione per Windows XP (KB951376-v2)
Aggiornamento della protezione per Windows XP (KB951748)
Aggiornamento della protezione per Windows XP (KB952004)
Aggiornamento della protezione per Windows XP (KB952954)
Aggiornamento della protezione per Windows XP (KB954459)
Aggiornamento della protezione per Windows XP (KB955069)
Aggiornamento della protezione per Windows XP (KB956572)
Aggiornamento della protezione per Windows XP (KB956744)
Aggiornamento della protezione per Windows XP (KB956802)
Aggiornamento della protezione per Windows XP (KB956803)
Aggiornamento della protezione per Windows XP (KB956844)
Aggiornamento della protezione per Windows XP (KB957097)
Aggiornamento della protezione per Windows XP (KB958644)
Aggiornamento della protezione per Windows XP (KB958687)
Aggiornamento della protezione per Windows XP (KB958869)
Aggiornamento della protezione per Windows XP (KB959426)
Aggiornamento della protezione per Windows XP (KB960225)
Aggiornamento della protezione per Windows XP (KB960803)
Aggiornamento della protezione per Windows XP (KB960859)
Aggiornamento della protezione per Windows XP (KB961371-v2)
Aggiornamento della protezione per Windows XP (KB961501)
Aggiornamento della protezione per Windows XP (KB968537)
Aggiornamento della protezione per Windows XP (KB969059)
Aggiornamento della protezione per Windows XP (KB969947)
Aggiornamento della protezione per Windows XP (KB970238)
Aggiornamento della protezione per Windows XP (KB970430)
Aggiornamento della protezione per Windows XP (KB971468)
Aggiornamento della protezione per Windows XP (KB971486)
Aggiornamento della protezione per Windows XP (KB971557)
Aggiornamento della protezione per Windows XP (KB971633)
Aggiornamento della protezione per Windows XP (KB971657)
Aggiornamento della protezione per Windows XP (KB971961)
Aggiornamento della protezione per Windows XP (KB972270)
Aggiornamento della protezione per Windows XP (KB973354)
Aggiornamento della protezione per Windows XP (KB973507)
Aggiornamento della protezione per Windows XP (KB973525)
Aggiornamento della protezione per Windows XP (KB973869)
Aggiornamento della protezione per Windows XP (KB973904)
Aggiornamento della protezione per Windows XP (KB974112)
Aggiornamento della protezione per Windows XP (KB974318)
Aggiornamento della protezione per Windows XP (KB974392)
Aggiornamento della protezione per Windows XP (KB974571)
Aggiornamento della protezione per Windows XP (KB975025)
Aggiornamento della protezione per Windows XP (KB975467)
Aggiornamento della protezione per Windows XP (KB975560)
Aggiornamento della protezione per Windows XP (KB975562)
Aggiornamento della protezione per Windows XP (KB975713)
Aggiornamento della protezione per Windows XP (KB977165)
Aggiornamento della protezione per Windows XP (KB977816)
Aggiornamento della protezione per Windows XP (KB977914)
Aggiornamento della protezione per Windows XP (KB978037)
Aggiornamento della protezione per Windows XP (KB978251)
Aggiornamento della protezione per Windows XP (KB978262)
Aggiornamento della protezione per Windows XP (KB978338)
Aggiornamento della protezione per Windows XP (KB978542)
Aggiornamento della protezione per Windows XP (KB978601)
Aggiornamento della protezione per Windows XP (KB978706)
Aggiornamento della protezione per Windows XP (KB979482)
Aggiornamento della protezione per Windows XP (KB979559)
Aggiornamento della protezione per Windows XP (KB979683)
Aggiornamento della protezione per Windows XP (KB980195)
Aggiornamento della protezione per Windows XP (KB980218)
Aggiornamento della protezione per Windows XP (KB980232)
Aggiornamento per Windows Internet Explorer 8 (KB975364)
Aggiornamento per Windows Internet Explorer 8 (KB976662)
Aggiornamento per Windows Internet Explorer 8 (KB980182)
Aggiornamento per Windows XP (KB898461)
Aggiornamento per Windows XP (KB951978)
Aggiornamento per Windows XP (KB955759)
Aggiornamento per Windows XP (KB967715)
Aggiornamento per Windows XP (KB968389)
Aggiornamento per Windows XP (KB971737)
Aggiornamento per Windows XP (KB973687)
Aggiornamento per Windows XP (KB973815)
Aggiornamento rapido per Windows Media Player 11 (KB939683)
Aggiornamento rapido per Windows XP (KB952287)
Aggiornamento rapido per Windows XP (KB970653-v3)
Aggiornamento rapido per Windows XP (KB976098-v2)
Aggiornamento rapido per Windows XP (KB979306)
Aggiornamento rapido per Windows XP (KB981793)
ATI Display Driver (Omega 3.8.252)
µTorrent
AutoUpdate
AVS Update Manager 1.0
AVS Video Editor 4 4.2.1.166
AVS Video Recorder 2.4 (Service Version)
AVS YouTube Uploader version 2.1
AVS4YOU Software Navigator 1.3
Battlefield 2(TM)
Bluesoleil 6.4.249.0
Conviva LivePass
Cool-Recorder v1.3
Cripty3000
Desktop Media 1.7
DivX Codec
DivX Converter
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
EPSON Scan
ESET Smart Security
H.264 Decoder
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB915865)
Image Resizer Powertoy Clone for Windows
Java Auto Updater
Java(TM) 6 Update 21
K-Lite Mega Codec Pack 5.4.4
LG USB Modem driver
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - ITA
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - ITA
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 - Language Pack (italiano)
Microsoft .NET Framework 3.5 Language Pack - ita
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
mIRC
MKV Splitter
Mozilla Firefox (3.6.3)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero
NodEnabler 3.4.1
Nokia Connectivity Cable Driver
Norton PartitionMagic
Norton PartitionMagic 8.0
OpenAL
Opera 10.61
Pacchetto driver Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
PC Connectivity Solution
PDFCreator
pdfforge Toolbar v1.1.2
Platform
QuickTime Alternative 3.0.0
Radeon Omega Drivers v3.8.252 Setup Files and Tools
Rapidshare Auto Downloader 4.1
Realtek AC'97 Audio
save2pc Pro 3.51
Simon the Sorcerer
Skypeâ„¢ 4.1
Trials 2 Second Edition
TVAnts 1.0
TVlinks Toolbar
UberIcon 1.0.4
Unlocker 1.8.7
UUSee
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.17
VIA Platform Device Manager
VIA Rhine-Family Fast-Ethernet Adapter
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Imaging Component
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR gestione archivi
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
XPort 360

==== End Of File ===========================

PeteC · 2010/08/28

I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them, and read the links above for educational value!

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

A Malware expert will have a look at your log in due course.

crunchie · 2010/08/28

Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Download the update from here if you have problems.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

Make sure that you restart the computer.

===============

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

lobo80 · 2010/08/28

re:

"crunchie said: ↑

Download Malwarebytes' Anti-Malware
...
[*] Post the log back here.
Click to expand...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4494

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28/08/2010 18.09.46
mbam-log-2010-08-28 (18-09-46).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 232723
Tempo trascorso: 46 minuti, 50 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 1
Voci infette nei dati di registro: 1
Cartelle infette: 0
File infetti: 28

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Voci infette nei dati di registro:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp (Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
C:\Documents and Settings\Vincenzo\Documenti\apps\Portable_Infix_PDF_Editor_v3.28.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vincenzo\Documenti\apps\IVT.BlueSoleil.v6.4.249.0.Incl.Keymaker-EMBRACE\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vincenzo\Documenti\apps\DVDFabPortable\App\DVDFab6\dbghelp.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vincenzo\Documenti\apps\Foxit Phantom v2 Portable\Portable Foxit Phantom v2.0.0.0424.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vincenzo\Documenti\apps\Portable PDF Suite 2010 v9.0.32.36863 by Birungueta\Portable PDF Suite 2010 v9.0.32.36863.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Programmi\Save2pc pro 3.5.1\save2pc.pro.3.5.1.0-patch.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A2B3C4D-5E6F-7G8H-9I1L-MERC25042006}\RP119\A0028464.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A2B3C4D-5E6F-7G8H-9I1L-MERC25042006}\RP119\A0028465.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A2B3C4D-5E6F-7G8H-9I1L-MERC25042006}\RP119\A0028467.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A2B3C4D-5E6F-7G8H-9I1L-MERC25042006}\RP119\A0028513.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A2B3C4D-5E6F-7G8H-9I1L-MERC25042006}\RP125\A0033073.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A2B3C4D-5E6F-7G8H-9I1L-MERC25042006}\RP127\A0036347.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A2B3C4D-5E6F-7G8H-9I1L-MERC25042006}\RP131\A0040455.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A2B3C4D-5E6F-7G8H-9I1L-MERC25042006}\RP131\A0040569.EXE (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A2B3C4D-5E6F-7G8H-9I1L-MERC25042006}\RP131\A0040570.EXE (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A2B3C4D-5E6F-7G8H-9I1L-MERC25042006}\RP133\A0043174.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A2B3C4D-5E6F-7G8H-9I1L-MERC25042006}\RP78\A0016313.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1A2B3C4D-5E6F-7G8H-9I1L-MERC25042006}\RP84\A0017791.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F9F5C298-414A-4BFB-9B49-4823DE5CD96B}\RP65\A0017012.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F9F5C298-414A-4BFB-9B49-4823DE5CD96B}\RP67\A0018406.exe (Trojan.Patch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F9F5C298-414A-4BFB-9B49-4823DE5CD96B}\RP74\A0022405.exe (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F9F5C298-414A-4BFB-9B49-4823DE5CD96B}\RP84\A0023902.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F9F5C298-414A-4BFB-9B49-4823DE5CD96B}\RP88\A0026285.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\C8IV46P6\sjnvpnidk[1].htm (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\IR12ZJU2\jjelg[1].htm (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\R56FCIDD\aaidkfmhfa[1].htm (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\R56FCIDD\bsvqbwql[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Vincenzo\Dati applicazioni\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

======================

"crunchie said: ↑

....
[*]Then click the [color= "#FF0000"]Run Fix[/color] button at the top.
[*]Let the program run unhindered, reboot the PC when it is done.
[*]Post log from this run.
[/list]
Click to expand...

All processes killed
========== FILES ==========
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Documenti

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 2525486 bytes
->Java cache emptied: 25654 bytes
->Flash cache emptied: 2221 bytes

User: Vincenzo
->Temp folder emptied: 76630413 bytes
->Temporary Internet Files folder emptied: 20365491 bytes
->Java cache emptied: 42332 bytes
->FireFox cache emptied: 44665510 bytes
->Opera cache emptied: 3578214 bytes
->Flash cache emptied: 8542 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2352329 bytes
%systemroot%\System32 .tmp files removed: 2885 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 85613500 bytes
RecycleBin emptied: 3424667206 bytes

Total Files Cleaned = 3.491,00 mb

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.10.0 log created on 08282010_184620

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

lobo80 · 2010/08/28

:logs continue

===============

"crunchie said: ↑

[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
[/list]
Click to expand...

OTL logfile created on: 28/08/2010 18.57.09 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Vincenzo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 378,91 Gb Total Space | 82,24 Gb Free Space | 21,70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FASTER
Current User Name: Vincenzo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/28 12.35.46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vincenzo\Desktop\OTL.exe
PRC - [2010/08/18 11.50.17 | 001,355,416 | ---- | M] (Lavasoft) -- C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/08/09 15.27.06 | 000,836,464 | ---- | M] (Opera Software) -- C:\Programmi\Opera\opera.exe
PRC - [2010/05/14 11.44.46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\File comuni\Java\Java Update\jusched.exe
PRC - [2010/01/08 00.51.02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Programmi\Application Updater\ApplicationUpdater.exe
PRC - [2009/05/14 15.47.54 | 000,731,840 | ---- | M] (ESET) -- C:\Programmi\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/05/14 15.47.08 | 002,029,640 | ---- | M] (ESET) -- C:\Programmi\ESET\ESET Smart Security\egui.exe
PRC - [2009/02/27 18.04.38 | 000,850,432 | ---- | M] () -- C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2009/02/27 17.42.20 | 000,098,407 | ---- | M] () -- C:\Programmi\IVT Corporation\BlueSoleil\BsHelpCS.exe
PRC - [2009/02/27 17.40.48 | 000,143,467 | ---- | M] () -- C:\Programmi\IVT Corporation\BlueSoleil\BsMobileCS.exe
PRC - [2009/02/04 19.38.32 | 000,180,224 | ---- | M] (Y'z) -- C:\Documents and Settings\Vincenzo\Documenti\apps\Trasformare Xp\yzshdw22\YzShadow.exe
PRC - [2008/07/22 12.18.44 | 000,163,840 | ---- | M] () -- C:\Programmi\Desktop Media\mediadetect.exe
PRC - [2008/04/13 19.14.08 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/17 20.10.04 | 000,159,744 | ---- | M] () -- C:\Programmi\UberIcon\UberIcon Manager.exe
PRC - [2007/04/01 22.51.52 | 000,599,040 | ---- | M] (www.RoteBetaSoftware.net) -- C:\Documents and Settings\Vincenzo\Documenti\apps\EventManager\EventManager.exe
PRC - [2006/11/17 05.42.52 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2004/09/19 20.27.44 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Documenti\apps\Trasformare Xp\Lclock\LC162b\LClock.exe

========== Modules (SafeList) ==========

MOD - [2010/08/28 12.35.46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vincenzo\Desktop\OTL.exe
MOD - [2010/01/14 18.10.31 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2009/02/04 19.26.26 | 000,061,440 | ---- | M] (Y'z) -- C:\Documents and Settings\Vincenzo\Documenti\apps\Trasformare Xp\yzshdw22\YzShadow.dll
MOD - [2008/04/13 19.12.36 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/03/10 07.39.02 | 000,090,112 | ---- | M] () -- C:\Programmi\UberIcon\UberIcon.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/08/28 12.53.31 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/18 11.50.17 | 001,355,416 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/08 00.51.02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programmi\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009/05/14 15.54.22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Programmi\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/05/14 15.47.54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Programmi\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/02/27 18.04.38 | 000,850,432 | ---- | M] () [Auto | Running] -- C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2009/02/27 17.42.20 | 000,098,407 | ---- | M] () [On_Demand | Running] -- C:\Programmi\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2009/02/27 17.40.48 | 000,143,467 | ---- | M] () [Auto | Running] -- C:\Programmi\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)
SRV - [2008/09/08 08.59.00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programmi\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2003/07/28 14.28.22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\Vincenzo\IMPOST~1\Temp\SAS_SelfExtract\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Vincenzo\IMPOST~1\Temp\SAS_SelfExtract\SASENUM.SYS -- (SASENUM)
DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\Vincenzo\IMPOST~1\Temp\SAS_SelfExtract\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Vincenzo\Desktop\Fresh-Diagnose-portable\FreshIO.sys -- (FreshIO)
DRV - [2010/08/18 11.50.26 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programmi\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/07/12 10.55.39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/01/04 19.39.13 | 000,611,064 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/05/14 15.49.26 | 000,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/05/14 15.49.26 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/05/14 15.49.22 | 000,133,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/05/14 15.47.14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/05/14 15.41.10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/01/08 03.20.04 | 000,031,880 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2009/01/08 00.39.36 | 000,020,744 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2009/01/03 17.40.12 | 000,039,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2008/12/07 13.44.54 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2008/12/07 13.44.18 | 000,014,088 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)
DRV - [2008/08/26 11.26.12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/21 09.52.00 | 000,074,112 | ---- | M] (EOS ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2008/07/02 15.58.48 | 000,026,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2008/01/21 20.27.50 | 000,014,856 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2007/01/25 16.37.16 | 004,027,456 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006/11/22 14.41.18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Programmi\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter)
DRV - [2006/05/03 18.50.42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/24 19.36.16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 12.01.36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 12.01.18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2004/05/06 00.43.54 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2002/02/12 18.44.16 | 000,419,584 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134)
DRV - [2002/02/12 18.44.14 | 000,016,128 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PhTvTune.sys -- (TTTvTune)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2420539
IE - HKCU\..\URLSearchHook: {de7f8f69-d11f-4b97-9a00-b0e42dfdcc93} - C:\Programmi\TVlinks\tbTVl1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programmi\pdfforge Toolbar\SearchSettings.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100823
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2010/05/22 19.26.34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2010/08/23 20.22.40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Programmi\ESET\ESET Smart Security\Mozilla Thunderbird [2009/10/18 10.14.51 | 000,000,000 | ---D | M]

[2010/08/28 09.28.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Mozilla\Extensions
[2010/08/28 09.28.34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/08/28 07.27.57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Mozilla\Firefox\Profiles\8chtt890.default\extensions
[2010/08/28 07.27.53 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Mozilla\Firefox\Profiles\8chtt890.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/08/28 07.27.53 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Mozilla\Firefox\Profiles\8chtt890.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/05/22 19.36.44 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Mozilla\Firefox\Profiles\8chtt890.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/08/28 07.27.54 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Mozilla\Firefox\Profiles\8chtt890.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/08/28 07.27.57 | 000,000,000 | ---D | M] -- C:\Programmi\Mozilla Firefox\extensions
[2010/08/23 20.22.41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05.00.04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/01 19.17.18 | 000,000,744 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml
[2010/04/01 19.17.18 | 000,000,825 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\hoepli.xml
[2010/04/01 19.17.18 | 000,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml
[2010/04/01 19.17.18 | 000,000,953 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2010/08/28 18.46.59 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programmi\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll File not found
O2 - BHO: (TVlinks Toolbar) - {de7f8f69-d11f-4b97-9a00-b0e42dfdcc93} - C:\Programmi\TVlinks\tbTVl1.dll (Conduit Ltd.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programmi\pdfforge Toolbar\SearchSettings.dll File not found
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programmi\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll File not found
O3 - HKLM\..\Toolbar: (TVlinks Toolbar) - {de7f8f69-d11f-4b97-9a00-b0e42dfdcc93} - C:\Programmi\TVlinks\tbTVl1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (TVlinks Toolbar) - {DE7F8F69-D11F-4B97-9A00-B0E42DFDCC93} - C:\Programmi\TVlinks\tbTVl1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [egui] C:\Programmi\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [SearchSettings] C:\Programmi\pdfforge Toolbar\SearchSettings.exe File not found
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmi\File comuni\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Documents and Settings\Vincenzo\Desktop\Messenger\msnmsgr.exe File not found
O4 - HKLM..\RunOnceEx: [TITLE] File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Desktop Media.lnk = C:\Programmi\Desktop Media\mediadetect.exe ()
O4 - Startup: C:\Documents and Settings\Vincenzo\Menu Avvio\Programmi\Esecuzione automatica\EventManager.lnk = C:\Documents and Settings\Vincenzo\Documenti\apps\EventManager\EventManager.exe (www.RoteBetaSoftware.net)
O4 - Startup: C:\Documents and Settings\Vincenzo\Menu Avvio\Programmi\Esecuzione automatica\LClock.lnk = C:\Documents and Settings\Vincenzo\Documenti\apps\Trasformare Xp\Lclock\LC162b\LClock.exe ()
O4 - Startup: C:\Documents and Settings\Vincenzo\Menu Avvio\Programmi\Esecuzione automatica\UberIcon Manager.lnk = C:\Programmi\UberIcon\UberIcon Manager.exe ()
O4 - Startup: C:\Documents and Settings\Vincenzo\Menu Avvio\Programmi\Esecuzione automatica\YzShadow.exe.lnk = C:\Documents and Settings\Vincenzo\Documenti\apps\Trasformare Xp\yzshdw22\YzShadow.exe (Y'z)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O8 - Extra context menu item: Invia tramite Bluetooth - C:\Programmi\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm ()
O8 - Extra context menu item: Invia usando Messaggio(&M)... - C:\Programmi\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm ()
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {4819DFDF-ABC4-488C-A323-919848C51175} Reg Error: Value error. (Conviva LivePass)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Vincenzo\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vincenzo\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/17 18.24.45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/28 18.46.20 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/28 18.40.38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Desktop\Mafia pc
[2010/08/28 16.50.11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Malwarebytes
[2010/08/28 16.50.01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/28 16.49.59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/28 16.49.59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
[2010/08/28 16.49.58 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware
[2010/08/28 12.53.31 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Macrovision Shared
[2010/08/28 12.53.05 | 000,000,000 | ---D | C] -- C:\Program Files
[2010/08/28 12.35.31 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vincenzo\Desktop\OTL.exe
[2010/08/28 12.32.50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Desktop\Rosetta stone
[2010/08/28 12.29.10 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Vincenzo\Desktop\mbam-setup-1.46.exe
[2010/08/28 09.24.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Desktop\ThunderbirdPortable
[2010/08/27 18.17.53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Desktop\Chuzzle Deluxe
[2010/08/24 18.45.14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Desktop\somud128
[2010/08/23 20.22.52 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Java
[2010/08/18 11.50.31 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/08/17 17.45.34 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/08/17 17.44.59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Impostazioni locali\Dati applicazioni\Sunbelt Software
[2010/08/17 17.39.00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/08/17 17.38.41 | 000,000,000 | ---D | C] -- C:\Programmi\Lavasoft
[2010/08/17 17.38.41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
[2010/08/13 17.07.29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Desktop\Universal Patches
[2010/08/13 16.37.13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\PopCap Games
[2010/08/12 16.53.06 | 000,297,472 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2010/08/11 19.48.41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Impostazioni locali\Dati applicazioni\Downloaded Installations
[2010/08/10 19.07.23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Desktop\temi e giochi xbox 360
[2010/08/07 17.05.54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Portable HexenII
[2010/08/07 12.31.58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Impostazioni locali\Dati applicazioni\Hot_MP3
[2010/08/07 12.01.39 | 000,000,000 | ---D | C] -- C:\Programmi\TeaTimer (Spybot - Search & Destroy)
[2010/08/07 12.01.39 | 000,000,000 | ---D | C] -- C:\Programmi\File Scanner Library (Spybot - Search & Destroy)
[2010/08/07 12.01.36 | 000,000,000 | ---D | C] -- C:\Programmi\SDHelper (Spybot - Search & Destroy)
[2010/08/07 12.01.36 | 000,000,000 | ---D | C] -- C:\Programmi\Misc. Support Library (Spybot - Search & Destroy)
[2010/08/07 10.46.58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Vincenzo\Recent
[2010/08/07 08.52.48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Sun
[2010/08/04 23.55.10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Adobe
[2010/08/04 21.32.22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Macromedia
[2010/07/26 22.32.49 | 000,000,000 | ---D | C] -- C:\klient
[2010/07/26 22.19.27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Documenti\myiHome Library
[2010/07/20 23.13.32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Desktop\catania e dintorni
[2010/07/03 15.22.42 | 000,000,000 | ---D | C] -- C:\root folder for web server
[2010/07/02 13.42.10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Impostazioni locali\Dati applicazioni\GameTuts
[2010/07/02 13.14.04 | 000,000,000 | ---D | C] -- C:\Programmi\MSBuild
[2010/07/02 13.14.00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/07/02 13.13.55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/07/02 13.13.54 | 000,000,000 | ---D | C] -- C:\Programmi\Reference Assemblies
[2010/07/02 12.06.56 | 000,000,000 | ---D | C] -- C:\Programmi\XPort 360
[2010/07/02 11.43.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Datel
[2010/07/02 10.05.37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Desktop\film hd
[2010/06/27 16.35.07 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\uusee
[2010/06/27 16.34.52 | 000,000,000 | ---D | C] -- C:\Programmi\UUSee
[2010/06/25 23.16.57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\mkvtoolnix
[2010/06/12 16.46.06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Documenti\Download
[2010/06/12 00.16.30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Documenti\RAD
[2010/06/11 09.39.03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Impostazioni locali\Dati applicazioni\TVlinks
[2010/06/11 09.39.02 | 000,000,000 | ---D | C] -- C:\Programmi\TVlinks
[2010/06/02 10.54.46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Desktop\Annunci subito

========== Files - Modified Within 90 Days ==========

[2080/10/08 13.09.48 | 000,083,365 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Documenti\Calendario perpetuo.pdf
[2010/08/28 18.49.50 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/28 18.48.17 | 000,001,028 | ---- | M] () -- C:\WINDOWS\System32\bscs.ini
[2010/08/28 18.48.09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/28 18.48.04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/28 18.47.17 | 008,388,608 | ---- | M] () -- C:\Documents and Settings\Vincenzo\ntuser.dat
[2010/08/28 18.47.15 | 000,000,306 | -HS- | M] () -- C:\Documents and Settings\Vincenzo\ntuser.ini
[2010/08/28 18.46.02 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{86246C64-CD55-448A-A092-B031C131E1A9}.job
[2010/08/28 18.42.24 | 009,089,216 | -H-- | M] () -- C:\Documents and Settings\Vincenzo\Impostazioni locali\Dati applicazioni\IconCache.db
[2010/08/28 18.35.03 | 100,431,872 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\Mf_CD2.part1.rar
[2010/08/28 15.46.27 | 000,003,585 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\anto e bene.eml
[2010/08/28 12.35.46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vincenzo\Desktop\OTL.exe
[2010/08/28 12.30.08 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Vincenzo\Desktop\mbam-setup-1.46.exe
[2010/08/28 11.21.08 | 733,377,752 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\Senza.Apparente.Motivo-Incendiary.(M.Williams-E.McGregor).DvdRip.[By.Caly-AsTrA].AC3.avi
[2010/08/28 11.04.27 | 000,000,667 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/28 10.44.23 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\gta4 codici.doc
[2010/08/28 10.19.48 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\dds.scr
[2010/08/28 09.55.40 | 000,075,562 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\dbxconv.zip
[2010/08/28 08.14.15 | 000,086,984 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\senza apparente motivo.jpg
[2010/08/28 08.10.27 | 013,613,346 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\gazzetta_20100828.pdf
[2010/08/26 17.18.18 | 072,031,857 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\WinMagazineSettembre2010.pdf
[2010/08/26 07.15.40 | 007,308,498 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\Portable_Lingoes_Translator_v2.7.1_Beta.zip
[2010/08/25 18.16.36 | 718,864,384 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\ubuntu-10.04.1-desktop-i386.iso
[2010/08/25 17.37.23 | 014,710,768 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\ZumaDeluxe.rar
[2010/08/25 17.28.11 | 000,000,066 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
[2010/08/25 17.28.11 | 000,000,043 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010/08/24 20.10.39 | 050,838,536 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\IdeaWEB Settembre 2010.pdf
[2010/08/23 21.15.41 | 000,001,300 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\PlantsVsZombies.lnk
[2010/08/23 16.52.16 | 002,102,887 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\Ubuntu-1004-guida-tascabile.pdf
[2010/08/23 16.46.53 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/18 11.50.29 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/08/14 09.49.05 | 003,816,958 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\ComboFix.exe
[2010/08/13 23.50.58 | 002,013,990 | ---- | M] () -- C:\Documents
[2010/08/13 17.20.29 | 046,527,528 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\EscapeRosecliffIslandSetup-it.exe
[2010/08/13 17.19.31 | 040,471,064 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\AALostTombSetup-it.exe
[2010/08/13 17.18.17 | 036,555,816 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\MysteryPINewYorkSetup-it.exe
[2010/08/13 16.32.03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/12 16.58.59 | 000,000,004 | ---- | M] () -- C:\Conf.Mer
[2010/08/08 01.23.43 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Menu Avvio\Programmi\Esecuzione automatica\EventManager.lnk
[2010/08/07 12.38.49 | 005,483,552 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\Keane, K_NAAN - Stop For A Minute.mp3
[2010/08/04 21.14.38 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010/08/02 19.52.00 | 007,574,599 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\Le nuove multe.pdf
[2010/07/20 22.40.44 | 000,003,991 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Documenti\Oficina-PDF-icon.png
[2010/07/12 10.55.39 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/07/12 10.55.38 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/07/06 20.22.23 | 000,065,871 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\air_i_breathe.jpg
[2010/07/03 15.02.33 | 000,052,270 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Documenti\abarth logo.png
[2010/07/02 13.42.00 | 000,016,712 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
[2010/07/02 13.39.13 | 000,116,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/02 13.14.45 | 000,479,366 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2010/07/02 13.14.45 | 000,079,044 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2010/07/02 13.14.44 | 001,066,462 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/02 13.14.44 | 000,433,250 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/02 13.14.44 | 000,067,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/13 16.45.28 | 000,000,361 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Dati applicazioni\JStreamTV.xml
[2010/06/11 16.21.18 | 264,548,352 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\13x09 - Le mignott-one di Butters.avi

========== Files Created - No Company Name ==========

[2010/08/28 17.59.48 | 100,431,872 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\Mf_CD2.part1.rar
[2010/08/28 15.46.27 | 000,003,585 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\anto e bene.eml
[2010/08/28 10.44.22 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\gta4 codici.doc
[2010/08/28 10.19.27 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\dds.scr
[2010/08/28 10.10.47 | 733,377,752 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\Senza.Apparente.Motivo-Incendiary.(M.Williams-E.McGregor).DvdRip.[By.Caly-AsTrA].AC3.avi
[2010/08/28 09.55.40 | 000,075,562 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\dbxconv.zip
[2010/08/28 08.14.15 | 000,086,984 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\senza apparente motivo.jpg
[2010/08/28 08.07.20 | 013,613,346 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\gazzetta_20100828.pdf
[2010/08/26 17.08.48 | 072,031,857 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\WinMagazineSettembre2010.pdf
[2010/08/26 07.15.04 | 007,308,498 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\Portable_Lingoes_Translator_v2.7.1_Beta.zip
[2010/08/25 17.32.45 | 014,710,768 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\ZumaDeluxe.rar
[2010/08/25 17.23.25 | 718,864,384 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\ubuntu-10.04.1-desktop-i386.iso
[2010/08/24 20.06.29 | 050,838,536 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\IdeaWEB Settembre 2010.pdf
[2010/08/23 21.15.41 | 000,001,300 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\PlantsVsZombies.lnk
[2010/08/23 16.52.12 | 002,102,887 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\Ubuntu-1004-guida-tascabile.pdf
[2010/08/18 13.00.00 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/08/18 11.42.14 | 000,000,492 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/14 09.48.42 | 003,816,958 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\ComboFix.exe
[2010/08/13 17.12.36 | 000,000,066 | -H-- | C] () -- C:\WINDOWS\popcreg.dat
[2010/08/13 17.10.19 | 040,471,064 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\AALostTombSetup-it.exe
[2010/08/13 17.10.05 | 046,527,528 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\EscapeRosecliffIslandSetup-it.exe
[2010/08/13 17.09.27 | 036,555,816 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\MysteryPINewYorkSetup-it.exe
[2010/08/13 17.00.30 | 000,000,043 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/08/12 16.58.59 | 000,000,004 | ---- | C] () -- C:\Conf.Mer
[2010/08/08 01.23.43 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Menu Avvio\Programmi\Esecuzione automatica\EventManager.lnk
[2010/08/07 12.38.23 | 005,483,552 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\Keane, K_NAAN - Stop For A Minute.mp3
[2010/08/07 08.57.04 | 007,574,599 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\Le nuove multe.pdf
[2010/08/07 08.52.48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/04 21.14.37 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010/08/01 23.52.43 | 008,388,608 | ---- | C] () -- C:\Documents and Settings\Vincenzo\ntuser.dat
[2010/07/26 22.17.11 | 264,486,912 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\12x06 - Internet dipendenti.avi
[2010/07/26 22.16.44 | 264,548,352 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\13x09 - Le mignott-one di Butters.avi
[2010/07/20 22.40.35 | 000,003,991 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Documenti\Oficina-PDF-icon.png
[2010/07/06 20.22.23 | 000,065,871 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\air_i_breathe.jpg
[2010/07/03 15.02.33 | 000,052,270 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Documenti\abarth logo.png
[2010/07/02 13.14.37 | 000,072,744 | ---- | C] () -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
[2010/06/13 16.30.37 | 000,000,361 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Dati applicazioni\JStreamTV.xml
[2010/05/18 20.38.09 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/03/17 19.58.58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BsMobileModel.ini
[2010/02/11 21.04.48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2010/02/11 21.04.47 | 000,002,410 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010/01/04 19.39.13 | 000,611,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/01/02 01.35.55 | 000,001,570 | ---- | C] () -- C:\WINDOWS\System32\SHORTCUT.INI
[2010/01/02 01.33.49 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\REMOTEDEVICE.INI
[2010/01/02 01.33.02 | 000,005,982 | ---- | C] () -- C:\WINDOWS\System32\LOCALSERVICE.INI
[2010/01/02 01.32.57 | 000,000,098 | ---- | C] () -- C:\WINDOWS\System32\LOCALDEVICE.INI
[2010/01/02 01.29.28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\BSPRINT.INI
[2009/12/12 20.52.14 | 000,000,123 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Dati applicazioni\streamrai.ini
[2009/12/02 11.34.58 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/12/02 11.34.48 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/02 11.34.46 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/12/02 11.34.43 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/12/02 11.34.42 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/30 18.05.37 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/16 21.24.28 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2009/11/10 12.48.17 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\bassmod.dll
[2009/10/18 10.12.21 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/10/17 21.06.58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/17 19.58.19 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009/10/17 19.54.51 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2009/10/17 19.48.04 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009/10/17 19.47.55 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/06/17 15.02.46 | 000,030,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys
[2009/02/27 18.04.46 | 000,001,028 | ---- | C] () -- C:\WINDOWS\System32\bscs.ini
[2009/02/27 17.45.16 | 000,405,589 | ---- | C] () -- C:\WINDOWS\System32\BsUI.dll
[2009/02/27 17.44.50 | 000,278,647 | ---- | C] () -- C:\WINDOWS\System32\outlookAddin.dll
[2009/02/27 17.44.28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\HtmPrintHelper.dll
[2009/02/27 17.44.10 | 000,622,693 | ---- | C] () -- C:\WINDOWS\System32\BSShell.dll
[2009/02/27 17.41.02 | 000,122,976 | ---- | C] () -- C:\WINDOWS\System32\BsMobileSDK.dll
[2009/02/27 17.40.50 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\BsMobileCSps.dll
[2009/02/27 17.38.40 | 000,106,595 | ---- | C] () -- C:\WINDOWS\System32\Bs2Res.dll
[2008/10/22 16.30.30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\BsVistaCommon.dll
[2008/05/04 18.08.32 | 000,000,505 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/03/20 00.44.38 | 000,000,128 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/03/07 14.54.22 | 017,907,824 | ---- | C] () -- C:\WINDOWS\System32\BsLangInDepRes.dll
[2006/03/31 22.00.35 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2003/01/07 17.05.08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/10/18 23.29.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\BBox
[2009/10/18 10.14.48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\ESET
[2009/10/24 17.50.57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\GoldWave
[2010/01/02 01.04.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Installations
[2010/03/15 22.13.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\InterVideo
[2010/02/13 09.26.13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\LGMOBILEAX
[2010/08/13 16.37.13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\PopCap Games
[2010/03/29 18.51.41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\SuperMP3Download
[2009/10/18 23.28.39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Temp
[2010/02/19 17.14.06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\vsosdk
[2010/08/17 17.39.03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/05/22 12.43.17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Conviva
[2010/07/02 11.43.05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Datel
[2009/11/30 18.02.21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\DeviceDoctorSoftware
[2009/11/19 21.47.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\EPSON
[2009/10/18 10.15.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\ESET
[2010/05/21 00.09.22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Foxit Software
[2010/03/14 12.28.51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\FreshDiagnose
[2010/04/24 12.03.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\GetRightToGo
[2010/01/03 17.56.49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Mipony
[2010/06/25 23.16.57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\mkvtoolnix
[2010/01/14 19.14.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\NwDocx
[2009/10/17 20.01.55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Opera
[2010/01/28 19.26.04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\ScummVM
[2010/03/29 18.48.51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\SuperMP3Download
[2009/12/02 18.54.06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\TeamViewer
[2010/08/12 07.14.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Thinstall
[2010/08/24 19.59.40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\uTorrent
[2010/01/03 17.50.20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\VitySoft
[2009/11/01 17.12.07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Vso
[2010/03/29 20.10.22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\xWeasel
[2010/08/28 18.49.50 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/08/28 18.46.02 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{86246C64-CD55-448A-A092-B031C131E1A9}.job

========== Purity Check ==========

< End of report >

lobo80 · 2010/08/28

:continue with log "extras "

OTL Extras logfile created on: 28/08/2010 18.57.10 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Vincenzo\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 378,91 Gb Total Space | 82,24 Gb Free Space | 21,70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FASTER
Current User Name: Vincenzo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Programmi\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programmi\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Programmi\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k cd "%L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Servizio di condivisione in rete Windows Media Player
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Servizio di condivisione in rete Windows Media Player
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Servizio di condivisione in rete Windows Media Player
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Servizio di condivisione in rete Windows Media Player
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Servizio di condivisione in rete Windows Media Player
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Servizio di condivisione in rete Windows Media Player
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"46403:TCP" = 46403:TCP:*:Enabled:SPF Port 46403 TCP
"46403:UDP" = 46403:UDP:*:Enabledorta in uscita
"4662:UDP" = 4662:UDP:*:Enabled:SPF Port 4662 UDP
"4662:TCP" = 4662:TCP:*:Enabled:SPF Port 4662 TCP
"4663:UDP" = 4663:UDP:*:Enabled:SPF Port 4663 UDP
"4663:TCP" = 4663:TCP:*:Enabled:SPF Port 4663 TCP
"4664:UDP" = 4664:UDP:*:Enabled:SPF Port 4664 UDP
"4664:TCP" = 4664:TCP:*:Enabled:SPF Port 4664 TCP
"4665:UDP" = 4665:UDP:*:Enabled:SPF Port 4665 UDP
"4665:TCP" = 4665:TCP:*:Enabled:SPF Port 4665 TCP
"4666:UDP" = 4666:UDP:*:Enabled:SPF Port 4666 UDP
"4666:TCP" = 4666:TCP:*:Enabled:SPF Port 4666 TCP
"4667:UDP" = 4667:UDP:*:Enabled:SPF Port 4667 UDP
"4667:TCP" = 4667:TCP:*:Enabled:SPF Port 4667 TCP
"4668:UDP" = 4668:UDP:*:Enabled:SPF Port 4668 UDP
"4668:TCP" = 4668:TCP:*:Enabled:SPF Port 4668 TCP
"4669:UDP" = 4669:UDP:*:Enabled:SPF Port 4669 UDP
"4669:TCP" = 4669:TCP:*:Enabled:SPF Port 4669 TCP
"4670:UDP" = 4670:UDP:*:Enabled:SPF Port 4670 UDP
"4670:TCP" = 4670:TCP:*:Enabled:SPF Port 4670 TCP
"4671:UDP" = 4671:UDP:*:Enabled:SPF Port 4671 UDP
"4671:TCP" = 4671:TCP:*:Enabled:SPF Port 4671 TCP
"4672:UDP" = 4672:UDP:*:Enabled:SPF Port 4672 UDP
"4672:TCP" = 4672:TCP:*:Enabled:SPF Port 4672 TCP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Servizio di condivisione in rete Windows Media Player
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Servizio di condivisione in rete Windows Media Player
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Servizio di condivisione in rete Windows Media Player
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Servizio di condivisione in rete Windows Media Player
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Servizio di condivisione in rete Windows Media Player
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Servizio di condivisione in rete Windows Media Player
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programmi\Opera\opera.exe" = C:\Programmi\Opera\opera.exe:*:Enabled:Opera -- (Opera Software)
"C:\Programmi\uTorrent\uTorrent.exe" = C:\Programmi\uTorrent\uTorrent.exe:*:Enabled:uTorrent.exe -- (BitTorrent, Inc.)
"C:\Documents and Settings\Vincenzo\Documenti\apps\utorrent.exe" = C:\Documents and Settings\Vincenzo\Documenti\apps\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Vincenzo\Desktop\lphant\eLePhantClient.exe" = C:\Documents and Settings\Vincenzo\Desktop\lphant\eLePhantClient.exe:*:Enabled:Lphant -- File not found
"C:\Documents and Settings\Vincenzo\Documenti\apps\Skype 3.8.0.115 Portable\Skype.exe" = C:\Documents and Settings\Vincenzo\Documenti\apps\Skype 3.8.0.115 Portable\Skype.exe:*:Enabled:Skype -- File not found
"C:\Documents and Settings\Vincenzo\Documenti\apps\Skype 3.8.0.115 Portable\Plugin Manager\skypePM.exe" = C:\Documents and Settings\Vincenzo\Documenti\apps\Skype 3.8.0.115 Portable\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleilCS.exe" = C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS -- ()
"C:\Programmi\EA GAMES\Battlefield 2\BF2.exe" = C:\Programmi\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"C:\Documents and Settings\Vincenzo\Desktop\SkypePortable\App\Skype\Phone\Skype.exe" = C:\Documents and Settings\Vincenzo\Desktop\SkypePortable\App\Skype\Phone\Skype.exe:*:Enabled:Skype -- File not found
"C:\Documents and Settings\Vincenzo\Documenti\apps\Skype 3.8.0.115 Portable\Phone\Skype.exe" = C:\Documents and Settings\Vincenzo\Documenti\apps\Skype 3.8.0.115 Portable\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programmi\UUSee\UUSeePlayer.exe" = C:\Programmi\UUSee\UUSeePlayer.exe:*:Enabled:UUSEE -- ()
"C:\Programmi\myiHome\app\myiHome-server.exe" = C:\Programmi\myiHome\app\myiHome-server.exe:*:Enabled:myiHome-server -- File not found
"C:\Documents and Settings\Vincenzo\Documenti\apps\DreaMule 3.2\DreaMule.exe" = C:\Documents and Settings\Vincenzo\Documenti\apps\DreaMule 3.2\DreaMule.exe:*:Enabledreamule -- (http://www.dreamule.org)
"C:\Documents and Settings\Vincenzo\Documenti\apps\mIRC Italiano\mirc.exe" = C:\Documents and Settings\Vincenzo\Documenti\apps\mIRC Italiano\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Documents and Settings\Vincenzo\Desktop\eM0.50aPortable\emule.exe" = C:\Documents and Settings\Vincenzo\Desktop\eM0.50aPortable\emule.exe:*:Enabled:eMule -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E5F3CC6-D390-4393-A2AA-6CEC04F1705A}" = Image Resizer Powertoy Clone for Windows
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 21
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{59EC5F32-D8D7-3909-B0CB-255AD09F5993}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - ITA
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{70858C67-8761-4444-895A-0A8B2E9E144E}" = Opera 10.61
"{71CB2612-627C-3D58-8D82-B77444B27B6A}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - ITA
"{71CBF9BB-7E07-4A9D-BF30-84C11810B242}" = ESET Smart Security
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{83258E90-1F76-4E13-9F60-A0F8ED41E76F}" = PC Connectivity Solution
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9311A75A-D83D-37B5-8D49-88E7F5AB2762}" = Microsoft .NET Framework 3.5 Language Pack - ita
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B0B46A1F-EC96-44A4-A9FB-62FE33BAF7DE}" = Rapidshare Auto Downloader 4.1
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C0A871F9-D580-4404-9A69-A02CF3078C87}" = Bluesoleil 6.4.249.0
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"504244733D18C8F63FF584AEB290E3904E791693" = Pacchetto driver Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver (Omega 3.8.252)
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4 4.2.1.166
"AVS Video Recorder_is1" = AVS Video Recorder 2.4 (Service Version)
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"ConvivaProxyIE" = Conviva LivePass
"Cool-Recorder By CoolStreaming_is1" = Cool-Recorder v1.3
"Cripty3000" = Cripty3000
"Desktop Media_is1" = Desktop Media 1.7
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EPSON Scanner" = EPSON Scan
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.4.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Microsoft .NET Framework 3.5 Language Pack - ita" = Microsoft .NET Framework 3.5 - Language Pack (italiano)
"mIRC" = mIRC
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero9.4.26.0 Lite" = Nero
"NodEnabler" = NodEnabler 3.4.1
"OpenAL" = OpenAL
"QuicktimeAlt_is1" = QuickTime Alternative 3.0.0
"Radeon Omega Drivers for Windows 2k/XPv3.8.252" = Radeon Omega Drivers v3.8.252 Setup Files and Tools
"save2pc Pro_is1" = save2pc Pro 3.51
"Simon the Sorcerer" = Simon the Sorcerer
"Trials 2 SE" = Trials 2 Second Edition
"TVAnts 1.0" = TVAnts 1.0
"TVlinks Toolbar" = TVlinks Toolbar
"UberIcon_is1" = UberIcon 1.0.4
"Unlocker" = Unlocker 1.8.7
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.17
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR gestione archivi
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPort 360_is1" = XPort 360
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UUSee" = UUSee

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/07/2010 19.19.35 | Computer Name = FASTER | Source = EventSystem | ID = 4609
Description = Il sistema di gestione degli eventi COM+ ha rilevato un codice restituito
non valido durante l'elaborazione interna. Valore HRESULT 80070422 nella riga 44
di d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Comunicare il problema
al Servizio Supporto Tecnico Clienti Microsof

Error - 25/07/2010 19.19.35 | Computer Name = FASTER | Source = VSS | ID = 8193
Description = Errore del Servizio copia replicata del volume: errore inatteso durante
il richiamo della routine CoCreateInstance. hr = 0x80040206.

Error - 26/07/2010 2.25.21 | Computer Name = FASTER | Source = EventSystem | ID = 4609
Description = Il sistema di gestione degli eventi COM+ ha rilevato un codice restituito
non valido durante l'elaborazione interna. Valore HRESULT 80070422 nella riga 44
di d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Comunicare il problema
al Servizio Supporto Tecnico Clienti Microsof

Error - 26/07/2010 2.25.21 | Computer Name = FASTER | Source = VSS | ID = 8193
Description = Errore del Servizio copia replicata del volume: errore inatteso durante
il richiamo della routine CoCreateInstance. hr = 0x80040206.

Error - 26/07/2010 4.50.33 | Computer Name = FASTER | Source = EventSystem | ID = 4609
Description = Il sistema di gestione degli eventi COM+ ha rilevato un codice restituito
non valido durante l'elaborazione interna. Valore HRESULT 80070422 nella riga 44
di d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Comunicare il problema
al Servizio Supporto Tecnico Clienti Microsof

Error - 26/07/2010 4.50.33 | Computer Name = FASTER | Source = VSS | ID = 8193
Description = Errore del Servizio copia replicata del volume: errore inatteso durante
il richiamo della routine CoCreateInstance. hr = 0x80040206.

Error - 26/07/2010 5.23.13 | Computer Name = FASTER | Source = EventSystem | ID = 4609
Description = Il sistema di gestione degli eventi COM+ ha rilevato un codice restituito
non valido durante l'elaborazione interna. Valore HRESULT 80070422 nella riga 44
di d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Comunicare il problema
al Servizio Supporto Tecnico Clienti Microsof

Error - 26/07/2010 5.23.13 | Computer Name = FASTER | Source = VSS | ID = 8193
Description = Errore del Servizio copia replicata del volume: errore inatteso durante
il richiamo della routine CoCreateInstance. hr = 0x80040206.

Error - 26/07/2010 5.31.48 | Computer Name = FASTER | Source = EventSystem | ID = 4609
Description = Il sistema di gestione degli eventi COM+ ha rilevato un codice restituito
non valido durante l'elaborazione interna. Valore HRESULT 80070422 nella riga 44
di d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Comunicare il problema
al Servizio Supporto Tecnico Clienti Microsof

Error - 26/07/2010 5.31.48 | Computer Name = FASTER | Source = VSS | ID = 8193
Description = Errore del Servizio copia replicata del volume: errore inatteso durante
il richiamo della routine CoCreateInstance. hr = 0x80040206.

[ System Events ]
Error - 28/08/2010 12.46.31 | Computer Name = FASTER | Source = Service Control Manager | ID = 7031
Description = Il servizio Lavasoft Ad-Aware Service Ã¨ terminato in modo imprevisto.
Questo problema si Ã¨ verificato 1 volta/e. Le seguenti azioni di correzione saranno
eseguite tra 5000 millisecondi: Riavvia il servizio.

Error - 28/08/2010 12.46.31 | Computer Name = FASTER | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio BsMobileCS. Questo evento si
Ã¨ giÃ verificato 1 volta(e).

Error - 28/08/2010 12.46.31 | Computer Name = FASTER | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio Java Quick Starter. Questo evento
si Ã¨ giÃ verificato 1 volta(e).

Error - 28/08/2010 12.46.31 | Computer Name = FASTER | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio BlueSoleilCS. Questo evento si
Ã¨ giÃ verificato 1 volta(e).

Error - 28/08/2010 12.46.31 | Computer Name = FASTER | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio BsHelpCS. Questo evento si Ã¨
giÃ verificato 1 volta(e).

Error - 28/08/2010 12.47.04 | Computer Name = FASTER | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare
il servizio EventSystem con gli argomenti " " per eseguire il server {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 28/08/2010 12.48.21 | Computer Name = FASTER | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare
il servizio EventSystem con gli argomenti " " per eseguire il server {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 28/08/2010 12.48.37 | Computer Name = FASTER | Source = Service Control Manager | ID = 7001
Description = Il servizio Notifica eventi di sistema dipende dal servizio Sistema
di eventi COM+ che non Ã¨ stato avviato per il seguente errore: %%1058

Error - 28/08/2010 12.48.37 | Computer Name = FASTER | Source = Service Control Manager | ID = 7026
Description = All'avvio non Ã¨ stato possibile caricare i seguenti driver: SASDIFSV
SASKUTIL

Error - 28/08/2010 12.48.45 | Computer Name = FASTER | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1058" durante il tentativo di avviare
il servizio EventSystem con gli argomenti " " per eseguire il server {1BE1F766-5536-11D1-B726-00C04FB926AF}

< End of report >

crunchie · 2010/08/28

Run OTL

Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

Code:


:OTL
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\Vincenzo\IMPOST~1\Temp\SAS_SelfExtract\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Vincenzo\IMPOST~1\Temp\SAS_SelfExtract\SASENUM.SYS -- (SASENUM)
DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\Vincenzo\IMPOST~1\Temp\SAS_SelfExtract\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Vincenzo\Desktop\Fresh-Diagnose-portable\FreshIO.sys -- (FreshIO)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programmi\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll File not found
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programmi\pdfforge Toolbar\SearchSettings.dll File not found
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programmi\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll File not found
O4 - HKLM..\Run: [SearchSettings] C:\Programmi\pdfforge Toolbar\SearchSettings.exe File not found
O4 - HKCU..\Run: [msnmsgr] C:\Documents and Settings\Vincenzo\Desktop\Messenger\msnmsgr.exe File not found
O4 - HKLM..\RunOnceEx: [TITLE] File not found
:Commands
[Reboot]

Then click the [color= "#FF0000"]Run Fix[/color] button at the top.
Let the program run unhindered, reboot the PC when it is done.
Post log from this run.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

==

How is the PC now?

lobo80 · 2010/08/29

re:

I have not seen that you edited your previous post, so I dind't yet what you say:

"crunchie said: ↑

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Click to expand...

I seen only your last post, when you say:

"crunchie said: ↑

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\Vincenzo\IMPOST~1\Temp\SAS_SelfExtract\SASKUTIL.sys -- (SASKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Vincenzo\IMPOST~1\Temp\SAS_SelfExtract\SASENUM.SYS -- (SASENUM)
DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\Vincenzo\IMPOST~1\Temp\SAS_SelfExtract\SASDIFSV.SYS -- (SASDIFSV)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Vincenzo\Desktop\Fresh-Diagnose-portable\FreshIO.sys -- (FreshIO)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programmi\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll File not found
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programmi\pdfforge Toolbar\SearchSettings.dll File not found
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programmi\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll File not found
O4 - HKLM..\Run: [SearchSettings] C:\Programmi\pdfforge Toolbar\SearchSettings.exe File not found
O4 - HKCU..\Run: [msnmsgr] C:\Documents and Settings\Vincenzo\Desktop\Messenger\msnmsgr.exe File not found
O4 - HKLM..\RunOnceEx: [TITLE] File not found
:Commands
[Reboot]
Then click the Run Fix button at the top.
Let the program run unhindered, reboot the PC when it is done.
Post log from this run.
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

==

How is the PC now?
Click to expand...

...and so I did only it for moment, but during the reboot the system blocked in the blue screen with the white "windows xp" words and i had to reboot manually pressing the button on the pc front panel case.
When xp started correctly, OTL didn't give me any log as the first time,
so now i don't continue until you replay.

I hope I have been clear in the description of events.
What i have to do now?
Thanks

crunchie · 2010/08/29

If you just run OTL again (quick scan) and post the log, that will be fine.

lobo80 · 2010/08/29

:re

"crunchie said: ↑

If you just run OTL again (quick scan) and post the log, that will be fine.
Click to expand...

OTL logfile created on: 29/08/2010 10.33.19 - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Vincenzo\Desktop\logs vari
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 378,91 Gb Total Space | 77,09 Gb Free Space | 20,34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FASTER
Current User Name: Vincenzo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/28 12.35.46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vincenzo\Desktop\logs vari\OTL.exe
PRC - [2010/08/18 11.50.17 | 001,355,416 | ---- | M] (Lavasoft) -- C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/08/09 15.27.06 | 000,836,464 | ---- | M] (Opera Software) -- C:\Programmi\Opera\opera.exe
PRC - [2010/05/14 11.44.46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\File comuni\Java\Java Update\jusched.exe
PRC - [2010/01/08 00.51.02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Programmi\Application Updater\ApplicationUpdater.exe
PRC - [2009/05/14 15.47.54 | 000,731,840 | ---- | M] (ESET) -- C:\Programmi\ESET\ESET Smart Security\ekrn.exe
PRC - [2009/05/14 15.47.08 | 002,029,640 | ---- | M] (ESET) -- C:\Programmi\ESET\ESET Smart Security\egui.exe
PRC - [2009/02/27 18.04.38 | 000,850,432 | ---- | M] () -- C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2009/02/27 17.42.20 | 000,098,407 | ---- | M] () -- C:\Programmi\IVT Corporation\BlueSoleil\BsHelpCS.exe
PRC - [2009/02/27 17.40.48 | 000,143,467 | ---- | M] () -- C:\Programmi\IVT Corporation\BlueSoleil\BsMobileCS.exe
PRC - [2009/02/04 19.38.32 | 000,180,224 | ---- | M] (Y'z) -- C:\Documents and Settings\Vincenzo\Documenti\apps\Trasformare Xp\yzshdw22\YzShadow.exe
PRC - [2008/07/22 12.18.44 | 000,163,840 | ---- | M] () -- C:\Programmi\Desktop Media\mediadetect.exe
PRC - [2008/04/13 19.14.14 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Outlook Express\msimn.exe
PRC - [2008/04/13 19.14.08 | 001,036,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/17 20.10.04 | 000,159,744 | ---- | M] () -- C:\Programmi\UberIcon\UberIcon Manager.exe
PRC - [2007/04/01 22.51.52 | 000,599,040 | ---- | M] (www.RoteBetaSoftware.net) -- C:\Documents and Settings\Vincenzo\Documenti\apps\EventManager\EventManager.exe
PRC - [2006/11/17 05.42.52 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2004/09/19 20.27.44 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Documenti\apps\Trasformare Xp\Lclock\LC162b\LClock.exe

========== Modules (SafeList) ==========

MOD - [2010/08/28 12.35.46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vincenzo\Desktop\logs vari\OTL.exe
MOD - [2010/01/14 18.10.31 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll
MOD - [2009/02/04 19.26.26 | 000,061,440 | ---- | M] (Y'z) -- C:\Documents and Settings\Vincenzo\Documenti\apps\Trasformare Xp\yzshdw22\YzShadow.dll
MOD - [2008/04/13 19.12.36 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/03/10 07.39.02 | 000,090,112 | ---- | M] () -- C:\Programmi\UberIcon\UberIcon.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/08/28 12.53.31 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/18 11.50.17 | 001,355,416 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/08 00.51.02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programmi\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009/05/14 15.54.22 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Programmi\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/05/14 15.47.54 | 000,731,840 | ---- | M] (ESET) [Auto | Running] -- C:\Programmi\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009/02/27 18.04.38 | 000,850,432 | ---- | M] () [Auto | Running] -- C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2009/02/27 17.42.20 | 000,098,407 | ---- | M] () [On_Demand | Running] -- C:\Programmi\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2009/02/27 17.40.48 | 000,143,467 | ---- | M] () [Auto | Running] -- C:\Programmi\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)
SRV - [2008/09/08 08.59.00 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programmi\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2003/07/28 14.28.22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Driver Services (SafeList) ==========

DRV - [2010/08/18 11.50.26 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programmi\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/07/12 10.55.39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/01/04 19.39.13 | 000,611,064 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/05/14 15.49.26 | 000,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009/05/14 15.49.26 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009/05/14 15.49.22 | 000,133,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009/05/14 15.47.14 | 000,107,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/05/14 15.41.10 | 000,114,472 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/01/08 03.20.04 | 000,031,880 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2009/01/08 00.39.36 | 000,020,744 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2009/01/03 17.40.12 | 000,039,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2008/12/07 13.44.54 | 000,030,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetBus.sys -- (btnetBUs)
DRV - [2008/12/07 13.44.18 | 000,014,088 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)
DRV - [2008/08/26 11.26.12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/21 09.52.00 | 000,074,112 | ---- | M] (EOS ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2008/07/02 15.58.48 | 000,026,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2008/01/21 20.27.50 | 000,014,856 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2007/01/25 16.37.16 | 004,027,456 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2006/11/22 14.41.18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Programmi\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter)
DRV - [2006/05/03 18.50.42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/06/24 19.36.16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 12.01.36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 12.01.18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2004/05/06 00.43.54 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2002/02/12 18.44.16 | 000,419,584 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134)
DRV - [2002/02/12 18.44.14 | 000,016,128 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PhTvTune.sys -- (TTTvTune)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2420539
IE - HKCU\..\URLSearchHook: {de7f8f69-d11f-4b97-9a00-b0e42dfdcc93} - C:\Programmi\TVlinks\tbTVl1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100823
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2010/05/22 19.26.34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2010/08/23 20.22.40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Programmi\ESET\ESET Smart Security\Mozilla Thunderbird [2009/10/18 10.14.51 | 000,000,000 | ---D | M]

[2010/08/28 09.28.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Mozilla\Extensions
[2010/08/28 09.28.34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/08/28 07.27.57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Mozilla\Firefox\Profiles\8chtt890.default\extensions
[2010/08/28 07.27.53 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Mozilla\Firefox\Profiles\8chtt890.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/08/28 07.27.53 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Mozilla\Firefox\Profiles\8chtt890.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/05/22 19.36.44 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Mozilla\Firefox\Profiles\8chtt890.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/08/28 07.27.54 | 000,000,000 | ---D | M] (FoxTab) -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Mozilla\Firefox\Profiles\8chtt890.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/08/28 07.27.57 | 000,000,000 | ---D | M] -- C:\Programmi\Mozilla Firefox\extensions
[2010/08/23 20.22.41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05.00.04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/01 19.17.18 | 000,000,744 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml
[2010/04/01 19.17.18 | 000,000,825 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\hoepli.xml
[2010/04/01 19.17.18 | 000,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml
[2010/04/01 19.17.18 | 000,000,953 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2010/08/28 18.46.59 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (TVlinks Toolbar) - {de7f8f69-d11f-4b97-9a00-b0e42dfdcc93} - C:\Programmi\TVlinks\tbTVl1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (TVlinks Toolbar) - {de7f8f69-d11f-4b97-9a00-b0e42dfdcc93} - C:\Programmi\TVlinks\tbTVl1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (TVlinks Toolbar) - {DE7F8F69-D11F-4B97-9A00-B0E42DFDCC93} - C:\Programmi\TVlinks\tbTVl1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [egui] C:\Programmi\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmi\File comuni\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Desktop Media.lnk = C:\Programmi\Desktop Media\mediadetect.exe ()
O4 - Startup: C:\Documents and Settings\Vincenzo\Menu Avvio\Programmi\Esecuzione automatica\EventManager.lnk = C:\Documents and Settings\Vincenzo\Documenti\apps\EventManager\EventManager.exe (www.RoteBetaSoftware.net)
O4 - Startup: C:\Documents and Settings\Vincenzo\Menu Avvio\Programmi\Esecuzione automatica\LClock.lnk = C:\Documents and Settings\Vincenzo\Documenti\apps\Trasformare Xp\Lclock\LC162b\LClock.exe ()
O4 - Startup: C:\Documents and Settings\Vincenzo\Menu Avvio\Programmi\Esecuzione automatica\UberIcon Manager.lnk = C:\Programmi\UberIcon\UberIcon Manager.exe ()
O4 - Startup: C:\Documents and Settings\Vincenzo\Menu Avvio\Programmi\Esecuzione automatica\YzShadow.exe.lnk = C:\Documents and Settings\Vincenzo\Documenti\apps\Trasformare Xp\yzshdw22\YzShadow.exe (Y'z)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O8 - Extra context menu item: Invia tramite Bluetooth - C:\Programmi\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm ()
O8 - Extra context menu item: Invia usando Messaggio(&M)... - C:\Programmi\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm ()
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {4819DFDF-ABC4-488C-A323-919848C51175} Reg Error: Value error. (Conviva LivePass)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Vincenzo\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vincenzo\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/17 18.24.45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/28 19.12.40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Desktop\logs vari
[2010/08/28 18.46.20 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/28 18.40.38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Desktop\Mafia pc
[2010/08/28 16.50.11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Malwarebytes
[2010/08/28 16.50.01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/28 16.49.59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/28 16.49.59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
[2010/08/28 16.49.58 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware
[2010/08/28 12.53.31 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Macrovision Shared
[2010/08/28 12.53.05 | 000,000,000 | ---D | C] -- C:\Program Files
[2010/08/28 12.32.50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Desktop\Rosetta stone
[2010/08/28 09.24.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Desktop\ThunderbirdPortable
[2010/08/27 18.17.53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Desktop\Chuzzle Deluxe
[2010/08/24 18.45.14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Desktop\somud128
[2010/08/23 20.22.52 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Java
[2010/08/18 11.50.31 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/08/17 17.45.34 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/08/17 17.44.59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Impostazioni locali\Dati applicazioni\Sunbelt Software
[2010/08/17 17.39.00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/08/17 17.38.41 | 000,000,000 | ---D | C] -- C:\Programmi\Lavasoft
[2010/08/17 17.38.41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
[2010/08/13 17.07.29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Desktop\Universal Patches
[2010/08/13 16.37.13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\PopCap Games
[2010/08/12 16.53.06 | 000,297,472 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2010/08/11 19.48.41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Impostazioni locali\Dati applicazioni\Downloaded Installations
[2010/08/10 19.07.23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Desktop\temi e giochi xbox 360
[2010/08/07 17.05.54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Portable HexenII
[2010/08/07 12.31.58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Impostazioni locali\Dati applicazioni\Hot_MP3
[2010/08/07 12.01.39 | 000,000,000 | ---D | C] -- C:\Programmi\TeaTimer (Spybot - Search & Destroy)
[2010/08/07 12.01.39 | 000,000,000 | ---D | C] -- C:\Programmi\File Scanner Library (Spybot - Search & Destroy)
[2010/08/07 12.01.36 | 000,000,000 | ---D | C] -- C:\Programmi\SDHelper (Spybot - Search & Destroy)
[2010/08/07 12.01.36 | 000,000,000 | ---D | C] -- C:\Programmi\Misc. Support Library (Spybot - Search & Destroy)
[2010/08/07 10.46.58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Vincenzo\Recent
[2010/08/07 08.52.48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Sun
[2010/08/04 23.55.10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Adobe
[2010/08/04 21.32.22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Dati applicazioni\Macromedia
[2010/07/26 22.32.49 | 000,000,000 | ---D | C] -- C:\klient
[2010/07/26 22.19.27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Documenti\myiHome Library
[2010/07/20 23.13.32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Desktop\catania e dintorni
[2010/07/03 15.22.42 | 000,000,000 | ---D | C] -- C:\root folder for web server
[2010/07/02 13.42.10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Impostazioni locali\Dati applicazioni\GameTuts
[2010/07/02 13.14.04 | 000,000,000 | ---D | C] -- C:\Programmi\MSBuild
[2010/07/02 13.14.00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/07/02 13.13.55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/07/02 13.13.54 | 000,000,000 | ---D | C] -- C:\Programmi\Reference Assemblies
[2010/07/02 12.06.56 | 000,000,000 | ---D | C] -- C:\Programmi\XPort 360
[2010/07/02 11.43.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Datel
[2010/07/02 10.05.37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Desktop\film hd
[2010/06/27 16.35.07 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\uusee
[2010/06/27 16.34.52 | 000,000,000 | ---D | C] -- C:\Programmi\UUSee
[2010/06/25 23.16.57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\mkvtoolnix
[2010/06/12 16.46.06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Documenti\Download
[2010/06/12 00.16.30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Documenti\RAD
[2010/06/11 09.39.03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Impostazioni locali\Dati applicazioni\TVlinks
[2010/06/11 09.39.02 | 000,000,000 | ---D | C] -- C:\Programmi\TVlinks
[2010/06/02 10.54.46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vincenzo\Desktop\Annunci subito

========== Files - Modified Within 90 Days ==========

[2080/10/08 13.09.48 | 000,083,365 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Documenti\Calendario perpetuo.pdf
[2010/08/29 10.32.22 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{86246C64-CD55-448A-A092-B031C131E1A9}.job
[2010/08/29 10.25.04 | 022,825,490 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\SPIN_Magazine_2010-09.pdf
[2010/08/29 10.20.36 | 000,037,969 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\Soundgarden_reunion_show_April_16__2010.torrent
[2010/08/29 09.30.14 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/29 09.28.44 | 000,001,028 | ---- | M] () -- C:\WINDOWS\System32\bscs.ini
[2010/08/29 09.28.36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/29 09.28.31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/29 09.25.16 | 008,388,608 | ---- | M] () -- C:\Documents and Settings\Vincenzo\ntuser.dat
[2010/08/29 09.25.16 | 000,000,306 | -HS- | M] () -- C:\Documents and Settings\Vincenzo\ntuser.ini
[2010/08/29 09.25.15 | 009,621,642 | -H-- | M] () -- C:\Documents and Settings\Vincenzo\Impostazioni locali\Dati applicazioni\IconCache.db
[2010/08/28 22.38.09 | 008,938,016 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\Thinstall Tutorial How To Make Portable Appz.flv
[2010/08/28 22.35.35 | 017,376,765 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\VMWARE Thinstall Portable Apps Tutorial.flv
[2010/08/28 22.28.42 | 011,077,329 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\COME CREARE UN PROGRAMMA PORTATILE.flv
[2010/08/28 22.18.52 | 002,694,534 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\Thinstall in 50 seconds (tutorial).flv
[2010/08/28 22.14.13 | 005,414,432 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\Thinstall Tutorial How To Make Portable Appz.mp3
[2010/08/28 15.46.27 | 000,003,585 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\anto e bene.eml
[2010/08/28 11.21.08 | 733,377,752 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\Senza.Apparente.Motivo-Incendiary.(M.Williams-E.McGregor).DvdRip.[By.Caly-AsTrA].AC3.avi
[2010/08/28 11.04.27 | 000,000,667 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/28 10.44.23 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\gta4 codici.doc
[2010/08/28 09.55.40 | 000,075,562 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\dbxconv.zip
[2010/08/28 08.14.15 | 000,086,984 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\senza apparente motivo.jpg
[2010/08/28 08.10.27 | 013,613,346 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\gazzetta_20100828.pdf
[2010/08/26 17.18.18 | 072,031,857 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\WinMagazineSettembre2010.pdf
[2010/08/26 07.15.40 | 007,308,498 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\Portable_Lingoes_Translator_v2.7.1_Beta.zip
[2010/08/25 18.16.36 | 718,864,384 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\ubuntu-10.04.1-desktop-i386.iso
[2010/08/25 17.37.23 | 014,710,768 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\ZumaDeluxe.rar
[2010/08/25 17.28.11 | 000,000,066 | -H-- | M] () -- C:\WINDOWS\popcreg.dat
[2010/08/25 17.28.11 | 000,000,043 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2010/08/24 20.10.39 | 050,838,536 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\IdeaWEB Settembre 2010.pdf
[2010/08/23 21.15.41 | 000,001,300 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\PlantsVsZombies.lnk
[2010/08/23 16.52.16 | 002,102,887 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\Ubuntu-1004-guida-tascabile.pdf
[2010/08/23 16.46.53 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/18 11.50.29 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/08/14 09.49.05 | 003,816,958 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\ComboFix.exe
[2010/08/13 23.50.58 | 002,013,990 | ---- | M] () -- C:\Documents
[2010/08/13 17.20.29 | 046,527,528 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\EscapeRosecliffIslandSetup-it.exe
[2010/08/13 17.19.31 | 040,471,064 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\AALostTombSetup-it.exe
[2010/08/13 17.18.17 | 036,555,816 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\MysteryPINewYorkSetup-it.exe
[2010/08/13 16.32.03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/12 16.58.59 | 000,000,004 | ---- | M] () -- C:\Conf.Mer
[2010/08/08 01.23.43 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Menu Avvio\Programmi\Esecuzione automatica\EventManager.lnk
[2010/08/07 12.38.49 | 005,483,552 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\Keane, K_NAAN - Stop For A Minute.mp3
[2010/08/04 21.14.38 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010/08/02 19.52.00 | 007,574,599 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\Le nuove multe.pdf
[2010/07/20 22.40.44 | 000,003,991 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Documenti\Oficina-PDF-icon.png
[2010/07/12 10.55.39 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/07/12 10.55.38 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/07/06 20.22.23 | 000,065,871 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\air_i_breathe.jpg
[2010/07/03 15.02.33 | 000,052,270 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Documenti\abarth logo.png
[2010/07/02 13.42.00 | 000,016,712 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
[2010/07/02 13.39.13 | 000,116,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/02 13.14.45 | 000,479,366 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2010/07/02 13.14.45 | 000,079,044 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2010/07/02 13.14.44 | 001,066,462 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/02 13.14.44 | 000,433,250 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/02 13.14.44 | 000,067,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/13 16.45.28 | 000,000,361 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Dati applicazioni\JStreamTV.xml
[2010/06/11 16.21.18 | 264,548,352 | ---- | M] () -- C:\Documents and Settings\Vincenzo\Desktop\13x09 - Le mignott-one di Butters.avi

========== Files Created - No Company Name ==========

[2010/08/29 10.20.36 | 000,037,969 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\Soundgarden_reunion_show_April_16__2010.torrent
[2010/08/29 10.19.29 | 022,825,490 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\SPIN_Magazine_2010-09.pdf
[2010/08/28 22.38.09 | 008,938,016 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\Thinstall Tutorial How To Make Portable Appz.flv
[2010/08/28 22.35.35 | 017,376,765 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\VMWARE Thinstall Portable Apps Tutorial.flv
[2010/08/28 22.28.42 | 011,077,329 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\COME CREARE UN PROGRAMMA PORTATILE.flv
[2010/08/28 22.18.56 | 002,694,534 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\Thinstall in 50 seconds (tutorial).flv
[2010/08/28 22.13.58 | 005,414,432 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\Thinstall Tutorial How To Make Portable Appz.mp3
[2010/08/28 15.46.27 | 000,003,585 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\anto e bene.eml
[2010/08/28 10.44.22 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\gta4 codici.doc
[2010/08/28 10.10.47 | 733,377,752 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\Senza.Apparente.Motivo-Incendiary.(M.Williams-E.McGregor).DvdRip.[By.Caly-AsTrA].AC3.avi
[2010/08/28 09.55.40 | 000,075,562 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\dbxconv.zip
[2010/08/28 08.14.15 | 000,086,984 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\senza apparente motivo.jpg
[2010/08/28 08.07.20 | 013,613,346 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\gazzetta_20100828.pdf
[2010/08/26 17.08.48 | 072,031,857 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\WinMagazineSettembre2010.pdf
[2010/08/26 07.15.04 | 007,308,498 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\Portable_Lingoes_Translator_v2.7.1_Beta.zip
[2010/08/25 17.32.45 | 014,710,768 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\ZumaDeluxe.rar
[2010/08/25 17.23.25 | 718,864,384 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\ubuntu-10.04.1-desktop-i386.iso
[2010/08/24 20.06.29 | 050,838,536 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\IdeaWEB Settembre 2010.pdf
[2010/08/23 21.15.41 | 000,001,300 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\PlantsVsZombies.lnk
[2010/08/23 16.52.12 | 002,102,887 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\Ubuntu-1004-guida-tascabile.pdf
[2010/08/18 13.00.00 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/08/18 11.42.14 | 000,000,492 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/14 09.48.42 | 003,816,958 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\ComboFix.exe
[2010/08/13 17.12.36 | 000,000,066 | -H-- | C] () -- C:\WINDOWS\popcreg.dat
[2010/08/13 17.10.19 | 040,471,064 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\AALostTombSetup-it.exe
[2010/08/13 17.10.05 | 046,527,528 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\EscapeRosecliffIslandSetup-it.exe
[2010/08/13 17.09.27 | 036,555,816 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\MysteryPINewYorkSetup-it.exe
[2010/08/13 17.00.30 | 000,000,043 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010/08/12 16.58.59 | 000,000,004 | ---- | C] () -- C:\Conf.Mer
[2010/08/08 01.23.43 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Menu Avvio\Programmi\Esecuzione automatica\EventManager.lnk
[2010/08/07 12.38.23 | 005,483,552 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\Keane, K_NAAN - Stop For A Minute.mp3
[2010/08/07 08.57.04 | 007,574,599 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\Le nuove multe.pdf
[2010/08/07 08.52.48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/04 21.14.37 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010/08/01 23.52.43 | 008,388,608 | ---- | C] () -- C:\Documents and Settings\Vincenzo\ntuser.dat
[2010/07/26 22.17.11 | 264,486,912 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\12x06 - Internet dipendenti.avi
[2010/07/26 22.16.44 | 264,548,352 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\13x09 - Le mignott-one di Butters.avi
[2010/07/20 22.40.35 | 000,003,991 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Documenti\Oficina-PDF-icon.png
[2010/07/06 20.22.23 | 000,065,871 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Desktop\air_i_breathe.jpg
[2010/07/03 15.02.33 | 000,052,270 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Documenti\abarth logo.png
[2010/07/02 13.14.37 | 000,072,744 | ---- | C] () -- C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\FontCache3.0.0.0.dat
[2010/06/13 16.30.37 | 000,000,361 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Dati applicazioni\JStreamTV.xml
[2010/05/18 20.38.09 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/03/17 19.58.58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BsMobileModel.ini
[2010/02/11 21.04.48 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2010/02/11 21.04.47 | 000,002,410 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010/01/04 19.39.13 | 000,611,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/01/02 01.35.55 | 000,001,570 | ---- | C] () -- C:\WINDOWS\System32\SHORTCUT.INI
[2010/01/02 01.33.49 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\REMOTEDEVICE.INI
[2010/01/02 01.33.02 | 000,005,982 | ---- | C] () -- C:\WINDOWS\System32\LOCALSERVICE.INI
[2010/01/02 01.32.57 | 000,000,098 | ---- | C] () -- C:\WINDOWS\System32\LOCALDEVICE.INI
[2010/01/02 01.29.28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\BSPRINT.INI
[2009/12/12 20.52.14 | 000,000,123 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Dati applicazioni\streamrai.ini
[2009/12/02 11.34.58 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/12/02 11.34.48 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/02 11.34.46 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/12/02 11.34.43 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/12/02 11.34.42 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/30 18.05.37 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Vincenzo\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/16 21.24.28 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2009/11/10 12.48.17 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\bassmod.dll
[2009/10/18 10.12.21 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/10/17 21.06.58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/17 19.58.19 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009/10/17 19.54.51 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2009/10/17 19.48.04 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009/10/17 19.47.55 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/06/17 15.02.46 | 000,030,088 | ---- | C] () -- C:\WINDOWS\System32\drivers\btnetBus.sys
[2009/02/27 18.04.46 | 000,001,028 | ---- | C] () -- C:\WINDOWS\System32\bscs.ini
[2009/02/27 17.45.16 | 000,405,589 | ---- | C] () -- C:\WINDOWS\System32\BsUI.dll
[2009/02/27 17.44.50 | 000,278,647 | ---- | C] () -- C:\WINDOWS\System32\outlookAddin.dll
[2009/02/27 17.44.28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\HtmPrintHelper.dll
[2009/02/27 17.44.10 | 000,622,693 | ---- | C] () -- C:\WINDOWS\System32\BSShell.dll
[2009/02/27 17.41.02 | 000,122,976 | ---- | C] () -- C:\WINDOWS\System32\BsMobileSDK.dll
[2009/02/27 17.40.50 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\BsMobileCSps.dll
[2009/02/27 17.38.40 | 000,106,595 | ---- | C] () -- C:\WINDOWS\System32\Bs2Res.dll
[2008/10/22 16.30.30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\BsVistaCommon.dll
[2008/05/04 18.08.32 | 000,000,505 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/03/20 00.44.38 | 000,000,128 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/03/07 14.54.22 | 017,907,824 | ---- | C] () -- C:\WINDOWS\System32\BsLangInDepRes.dll
[2006/03/31 22.00.35 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2003/01/07 17.05.08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/10/18 23.29.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\BBox
[2009/10/18 10.14.48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\ESET
[2009/10/24 17.50.57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\GoldWave
[2010/01/02 01.04.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Installations
[2010/03/15 22.13.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\InterVideo
[2010/02/13 09.26.13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\LGMOBILEAX
[2010/08/13 16.37.13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\PopCap Games
[2010/03/29 18.51.41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\SuperMP3Download
[2009/10/18 23.28.39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Temp
[2010/02/19 17.14.06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\vsosdk
[2010/08/17 17.39.03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/05/22 12.43.17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Conviva
[2010/07/02 11.43.05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Datel
[2009/11/30 18.02.21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\DeviceDoctorSoftware
[2009/11/19 21.47.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\EPSON
[2009/10/18 10.15.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\ESET
[2010/05/21 00.09.22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Foxit Software
[2010/03/14 12.28.51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\FreshDiagnose
[2010/04/24 12.03.18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\GetRightToGo
[2010/01/03 17.56.49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Mipony
[2010/06/25 23.16.57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\mkvtoolnix
[2010/01/14 19.14.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\NwDocx
[2009/10/17 20.01.55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Opera
[2010/01/28 19.26.04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\ScummVM
[2010/03/29 18.48.51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\SuperMP3Download
[2009/12/02 18.54.06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\TeamViewer
[2010/08/12 07.14.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Thinstall
[2010/08/24 19.59.40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\uTorrent
[2010/01/03 17.50.20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\VitySoft
[2009/11/01 17.12.07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\Vso
[2010/03/29 20.10.22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vincenzo\Dati applicazioni\xWeasel
[2010/08/29 09.30.14 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/08/29 10.32.22 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{86246C64-CD55-448A-A092-B031C131E1A9}.job

========== Purity Check ==========

< End of report >

crunchie · 2010/08/29

Looks ok. How is the PC now?

lobo80 · 2010/08/29

:continue..

This time OTL dind't generate the file extra.txt

As I told you, I didn't it:

"crunchie said: ↑

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Click to expand...

What do you think?
If it's necessary, I can do it now.
I'll wait your replay.

lobo80 · 2010/08/29

:re

"crunchie said: ↑

Looks ok. How is the PC now?
Click to expand...

The problem concerned the topic was presented randomly during my sessions of Windows XP.
To know exactly if everything is ok, I should test the PC using it for several days.
If you want, I'll try it in the next few days and I will write my results in my next replay.

crunchie · 2010/08/29

No worries. Do that and let me know how the PC is.

lobo80 · 2010/08/29

:re

ok, i'll tell you in the next days.

what do you think taht caused all the errors?
a kind of malware?

bye

crunchie · 2010/08/30

Yes, but looks like we have got rid of it .

lobo80 · 2010/08/30

:re

bad news:
ten minutes ago the famous message released again

what can i do now?

lobo80 · 2010/08/30

:another error!

i turn on my pc ten minutes ago, and another error appairs on the display.
I also saw it in last 3 weeks (when the first error didn't appair).

My full error reads:
"svchost.exe - application error "
The instruction as "0x4503df76" referenced memory at "0x00000013 ". The memory could not be "read ".

it's the same of the first error, but in this case it doesn't say "AXWIN Frame Window ".

Log in or Sign up

Solved AXWIN Frame Window: svchost.exe - Application Error

lobo80 Inactive Thread Starter

PeteC SuperGeek Staff

lobo80 Inactive Thread Starter

PeteC SuperGeek Staff

crunchie Inactive

lobo80 Inactive Thread Starter

lobo80 Inactive Thread Starter

lobo80 Inactive Thread Starter

crunchie Inactive

lobo80 Inactive Thread Starter

crunchie Inactive

lobo80 Inactive Thread Starter

crunchie Inactive

lobo80 Inactive Thread Starter

lobo80 Inactive Thread Starter

crunchie Inactive

lobo80 Inactive Thread Starter

crunchie Inactive

lobo80 Inactive Thread Starter

lobo80 Inactive Thread Starter

Share This Page

Log in or Sign up

Solved AXWIN Frame Window: svchost.exe - Application Error

lobo80 Inactive Thread Starter

PeteC SuperGeek Staff

lobo80 Inactive Thread Starter

PeteC SuperGeek Staff

crunchie Inactive

lobo80 Inactive Thread Starter

lobo80 Inactive Thread Starter

lobo80 Inactive Thread Starter

crunchie Inactive

lobo80 Inactive Thread Starter

crunchie Inactive

lobo80 Inactive Thread Starter

crunchie Inactive

lobo80 Inactive Thread Starter

lobo80 Inactive Thread Starter

crunchie Inactive

lobo80 Inactive Thread Starter

crunchie Inactive

lobo80 Inactive Thread Starter

lobo80 Inactive Thread Starter

Share This Page

Useful Searches