Jump to content

MathiasT

Honorary Members
 View Profile  See their activity

  • Posts

    23

  • Joined

  • Last visited

Reputation

0 Neutral
  1. MathiasT
    Hello! hmmm no, that id address doesn't look familiar at all... I'm typing this from my netbook, unfortunately my pc kept on crashing and I had a hard time trying to make it start again, so a friend offered to take it and check the hardware components. If he brings it back soon it would be great to try to sort out the combofix issue (I've already tried running it in safe mode btw, and with avira realtime protection turned off); if he doesn't, thanks a lot for helping me clarify the situation!
  2. MathiasT
    ah sorry i forgot to ask you: should i fix the "suspicious paths" Roguekiller found?
  3. MathiasT
    I still get the same warning from combofix but the computer's been working fine so far! Thank you for your time and help
  4. MathiasT
    AdwCleaner: # AdwCleaner v2.009 - Logfile creato il 25/11/2012 alle 15:36:23 # Aggiornamento 24/11/2012 by Xplode # Sistema Operativo : Windows 7 Ultimate (64 bits) # Utente : Mario - MARIO-PC # Modalità Avvio : Modalità Normale # Eseguito da : C:\Users\Mario\Desktop\adwcleaner.exe # Opzioni [Elimina] ***** [servizi] ***** ***** [File / Cartelle] ***** File Eliminato : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml ***** [Registro] ***** Chiave Eliminata : HKCU\Software\AppDataLow\Software\free-downloads.net Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4CB81F3C-37A1-4B5E-A339-16ACEC4FE5E4} Chiave Eliminata : HKCU\Software\OpenCandy Chiave Eliminata : HKCU\Software\Softonic Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A} Chiave Eliminata : HKLM\SOFTWARE\Classes\Conduit.Engine Chiave Eliminata : HKLM\SOFTWARE\Classes\Toolbar.CT1098640 Chiave Eliminata : HKLM\Software\free-downloads.net Chiave Eliminata : HKLM\Software\Iminent Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44E905B9-96F9-41D3-A329-0AC142025BFA} Valore Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{ECDEE021-0D17-467F-A1FF-C7A115230949}] ***** [browser Internet] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registro Pulito. -\\ Google Chrome v23.0.1271.64 File : C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File Pulito. ************************* AdwCleaner[s1].txt - [1592 octets] - [25/11/2012 15:36:23] ########## EOF - C:\AdwCleaner[s1].txt - [1652 octets] ########## Junkware removal tool: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 3.5.0 (11.25.2012) OS: Windows 7 Ultimate x64 Ran by Mario on 25/11/2012 at 15:43:12,87 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page Successfully repaired: [Registry Value] hkey_users\S-1-5-21-2004097902-3782746141-3115611571-1000\software\microsoft\internet explorer\main\\Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{3bd44f0e-0596-4008-aee0-45d47e3a8f0e} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Mario\appdata\locallow\myashampoo" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 25/11/2012 at 15:46:27,83 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  5. MathiasT
    sorry for the late reply! I ran the complete scan and it didn't find any malware.
  6. MathiasT
    Looks like it'll take a while to complete...again thanks and i'll get back to you as soon as it's finished scanning
  7. MathiasT
    the quick scan didn't detect anything...should I try with the complete one?
  8. MathiasT
    The issue with malwarebytes blocking my internet connection has stopped. System looks fine to me now, maybe the crashes are hardware related...I'll check the power supply if there's no infection going on... RKreport2_S_11242012_02d1712.txt
  9. MathiasT
    It still won't run
  10. MathiasT
    the crashes I mean
  11. MathiasT
    Good news, i fixed the issue with malwarebytes by deleting these: 176.31.229.24 and 176.31.229.25, which were my primary and secondary DNS addresses in both my desktop pc and netbook. I have no idea where these addresses came from. At this is point IF the logs showed a clean system, could it be a hardware related issue?
  12. MathiasT
    *Trend Micro
  13. MathiasT
    Hello! I uninstalled Ad-Aware and myPcCleaner, I tried to unistall Trendo Micro (no idea what it is) too, but it doesn't show up using the search box...here are the results All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-2004097902-3782746141-3115611571-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ not found. Registry value HKEY_USERS\S-1-5-21-2004097902-3782746141-3115611571-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ecdee021-0d17-467f-a1ff-c7a115230949} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecdee021-0d17-467f-a1ff-c7a115230949}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecdee021-0d17-467f-a1ff-c7a115230949}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ecdee021-0d17-467f-a1ff-c7a115230949} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ecdee021-0d17-467f-a1ff-c7a115230949}\ not found. 64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&sporta in Microsoft Excel\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&sporta in Microsoft Excel\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully. File Protocol\Handler\grooveLocalGWS - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully. File Protocol\Handler\ms-help - No CLSID value found not found. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. ADS C:\ProgramData\TEMP:E8BE05FA deleted successfully. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: AppData User: Default User: Default User User: Mario ->Java cache emptied: 663742 bytes User: Public Total Java Files Cleaned = 1,00 mb [EMPTYTEMP] User: All Users User: AppData User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Mario ->Temp folder emptied: 280329488 bytes ->Temporary Internet Files folder emptied: 73617565 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 332709474 bytes ->Flash cache emptied: 687 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 5935104 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67874 bytes RecycleBin emptied: 1996300 bytes Total Files Cleaned = 662,00 mb [EMPTYFLASH] User: All Users User: AppData User: Default User: Default User User: Mario ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 11242012_030205
  14. MathiasT
    Oh no, looks like the Extras log is not in english. I will of course translate if needed.
  15. MathiasT
    OTL OTL logfile created on: 24/11/2012 01:57:41 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mario\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy 4,00 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 61,91% Memory free 8,00 Gb Paging File | 6,19 Gb Available in Paging File | 77,46% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 827,39 Gb Free Space | 88,83% Space Free | Partition Type: NTFS Drive E: | 298,08 Gb Total Space | 90,51 Gb Free Space | 30,36% Space Free | Partition Type: NTFS Computer Name: MARIO-PC | User Name: Mario | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/11/24 01:37:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mario\Desktop\OTL.exe PRC - [2012/11/21 20:32:30 | 001,236,368 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe PRC - [2012/11/21 20:32:26 | 018,877,320 | ---- | M] (Lavasoft Limited) -- C:\PROGRA~2\AD-AWA~1\AdAware.exe PRC - [2012/11/16 10:09:00 | 000,542,104 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe PRC - [2012/11/12 12:00:39 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/11/07 09:27:40 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012/11/07 09:27:26 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012/11/06 22:16:50 | 000,485,272 | ---- | M] (Lavasoft.) -- C:\ProgramData\Search Protection\SearchProtection.exe PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe PRC - [2011/12/16 18:44:50 | 000,762,368 | ---- | M] (PService) -- C:\Users\Public\Documents\AppData\PoApp\PService.exe PRC - [2011/12/09 18:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2011/11/01 21:03:23 | 000,181,312 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe PRC - [2011/08/30 17:18:30 | 008,093,056 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe PRC - [2011/08/30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2010/03/25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2009/12/23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe ========== Modules (No Company Name) ========== MOD - [2012/10/31 23:15:05 | 000,460,312 | ---- | M] () -- C:\Users\Mario\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll MOD - [2012/10/31 23:15:04 | 012,455,448 | ---- | M] () -- C:\Users\Mario\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll MOD - [2012/10/31 23:15:02 | 004,007,448 | ---- | M] () -- C:\Users\Mario\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll MOD - [2012/10/31 23:13:47 | 000,587,288 | ---- | M] () -- C:\Users\Mario\AppData\Local\Google\Chrome\Application\23.0.1271.64\libglesv2.dll MOD - [2012/10/31 23:13:46 | 000,123,928 | ---- | M] () -- C:\Users\Mario\AppData\Local\Google\Chrome\Application\23.0.1271.64\libegl.dll MOD - [2012/10/31 23:13:35 | 000,156,712 | ---- | M] () -- C:\Users\Mario\AppData\Local\Google\Chrome\Application\23.0.1271.64\avutil-51.dll MOD - [2012/10/31 23:13:34 | 000,274,984 | ---- | M] () -- C:\Users\Mario\AppData\Local\Google\Chrome\Application\23.0.1271.64\avformat-54.dll MOD - [2012/10/31 23:13:32 | 002,168,360 | ---- | M] () -- C:\Users\Mario\AppData\Local\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll MOD - [2012/06/15 12:17:28 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3eaec5bc57c67c3b24ca2bb281ca249d\Microsoft.VisualBasic.ni.dll MOD - [2012/06/15 11:56:52 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll MOD - [2012/06/15 11:56:46 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll MOD - [2012/05/10 17:30:03 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll MOD - [2012/05/10 17:30:02 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll MOD - [2012/05/10 17:29:21 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll MOD - [2012/05/10 17:29:19 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll MOD - [2012/05/10 17:29:17 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll MOD - [2012/05/10 17:29:04 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll MOD - [2009/07/19 10:05:12 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll MOD - [2009/06/10 22:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ========== Services (SafeList) ========== SRV:64bit: - [2011/07/28 22:35:34 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/11/21 20:32:30 | 001,236,368 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service) SRV - [2012/11/07 09:27:40 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/11/07 09:27:26 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/09/20 05:39:12 | 003,677,000 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc) SRV - [2012/06/14 17:52:34 | 000,161,280 | ---- | M] (SoftwareUpdService) [Auto | Stopped] -- C:\Users\Mario\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe -- (SoftwareUpd) SRV - [2012/04/03 19:59:46 | 000,169,472 | ---- | M] (PowerOfferService) [Auto | Stopped] -- C:\Users\Mario\AppData\Local\PosService\Pos.exe -- (PowerOffer Service) SRV - [2011/12/16 18:44:48 | 000,156,160 | ---- | M] (ServiceUpd) [Auto | Stopped] -- C:\Users\Mario\AppData\Local\ServUpdater\ServiceUpd.exe -- (ServUpdater) SRV - [2011/11/01 21:03:23 | 000,181,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe -- (ScsiAccess) SRV - [2011/08/30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011/04/07 16:37:16 | 005,352,960 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Programmi\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService) SRV - [2010/03/25 13:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/12/23 22:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/11/22 20:12:34 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto) DRV:64bit: - [2012/11/12 12:00:58 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012/11/12 12:00:58 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012/11/07 09:27:55 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/03/01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/09/29 20:23:31 | 000,503,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2011/07/28 23:23:16 | 009,980,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011/07/28 21:54:10 | 000,309,248 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011/06/06 23:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/09/23 02:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2009/09/23 02:46:17 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2009/09/23 02:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2009/09/23 02:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2009/08/23 13:08:08 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2005/03/29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - SOFTWARE\Classes\CLSID\{ecdee021-0d17-467f-a1ff-c7a115230949}\InprocServer32 File not found IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1098640 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com IE - HKU\S-1-5-21-2004097902-3782746141-3115611571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com IE - HKU\S-1-5-21-2004097902-3782746141-3115611571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://it.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2004097902-3782746141-3115611571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = it IE - HKU\S-1-5-21-2004097902-3782746141-3115611571-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 78 40 31 F2 75 CC 01 [binary data] IE - HKU\S-1-5-21-2004097902-3782746141-3115611571-1000\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found IE - HKU\S-1-5-21-2004097902-3782746141-3115611571-1000\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - SOFTWARE\Classes\CLSID\{ecdee021-0d17-467f-a1ff-c7a115230949}\InprocServer32 File not found IE - HKU\S-1-5-21-2004097902-3782746141-3115611571-1000\..\SearchScopes,DefaultScope = $currentSearchProvider IE - HKU\S-1-5-21-2004097902-3782746141-3115611571-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2004097902-3782746141-3115611571-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKU\S-1-5-21-2004097902-3782746141-3115611571-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=A300199B67ED166653C28650AE790478&q={searchTerms} IE - HKU\S-1-5-21-2004097902-3782746141-3115611571-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1098640 IE - HKU\S-1-5-21-2004097902-3782746141-3115611571-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2004097902-3782746141-3115611571-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@raidcall.en/RCplugin: C:\Users\Mario\AppData\Roaming\raidcall\plugins\nprcplugin.dll (Raidcall) FF - HKLM\Software\MozillaPlugins\@raidcall.kr/RCplugin: C:\Users\Mario\AppData\Roaming\RCKR\plugins\nprcplugin.dll (Raidcall) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mario\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mario\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mario\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\opencandy.com/OpenCandyIgnite: C:\Users\Mario\AppData\Local\OpenCandy\Ignite\npIgnite.1.1.0.75.dll (OpenCandy, Inc.) [2011/09/28 21:59:51 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mario\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Mario\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mario\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Photodex Presenter Plugin (Enabled) = C:\Users\Mario\AppData\Roaming\Mozilla\plugins\npPxPlay.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll CHR - plugin: Java Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Unity Player (Enabled) = C:\Users\Mario\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Google Update (Enabled) = C:\Users\Mario\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Ignite (Enabled) = C:\Users\Mario\AppData\Local\OpenCandy\Ignite\npIgnite.1.1.0.75.dll CHR - plugin: Raidcall plugin (Enabled) = C:\Users\Mario\AppData\Roaming\RCKR\plugins\nprcplugin.dll CHR - plugin: Raidcall plugin (Enabled) = C:\Users\Mario\AppData\Roaming\raidcall\plugins\nprcplugin.dll CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll File not found O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files (x86)\free-downloads.net\tbfree.dll File not found O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [PosService] C:\Users\Public\Documents\AppData\PoApp\PLauncher.exe (PLauncher) O4 - HKLM..\Run: [RaidCall] C:\Program Files (x86)\RaidCall\raidcall.exe (RAIDCALL.COM) O4 - HKLM..\Run: [searchProtection] C:\ProgramData\Search Protection\_run.bat () O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKU\S-1-5-21-2004097902-3782746141-3115611571-1000..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\S-1-5-21-2004097902-3782746141-3115611571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O8:64bit: - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programmi\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE7ECB13-4F73-4B83-AE8A-2D074E959B26}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE7ECB13-4F73-4B83-AE8A-2D074E959B26}: NameServer = 176.31.229.24,176.31.229.25 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/01/26 21:18:29 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{6393f005-2a38-11e1-b94f-0022158ec1b6}\Shell - "" = AutoRun O33 - MountPoints2\{6393f005-2a38-11e1-b94f-0022158ec1b6}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/11/24 01:37:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mario\Desktop\OTL.exe [2012/11/24 00:35:53 | 005,005,971 | R--- | C] (Swearware) -- C:\Users\Mario\Desktop\ComboFix.exe [2012/11/23 23:39:44 | 000,000,000 | ---D | C] -- C:\Users\Mario\Desktop\Malwarebytes anti rootkit [2012/11/23 23:09:26 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Mario\Desktop\dds.com [2012/11/23 20:02:41 | 000,000,000 | ---D | C] -- C:\Users\Mario\Desktop\RK_Quarantine [2012/11/23 19:09:26 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Mario\Desktop\aswMBR.exe [2012/11/23 01:21:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2012/11/23 01:21:44 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2012/11/22 23:37:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/11/22 23:37:08 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2012/11/22 22:01:27 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\PowerOffer [2012/11/22 22:01:26 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\ServUpdater [2012/11/22 22:01:26 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\PosService [2012/11/22 22:01:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AppData [2012/11/22 22:00:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus [2012/11/22 20:13:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus [2012/11/22 20:12:41 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\Downloaded Installations [2012/11/22 20:12:35 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe [2012/11/22 20:12:35 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2012/11/22 20:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Search Protection [2012/11/22 20:12:11 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\adawarebp [2012/11/22 20:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb [2012/11/22 20:10:57 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\SoftwareUpdater [2012/11/22 20:10:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPcCleaner [2012/11/22 20:10:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPcCleaner [2012/11/22 20:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/11/22 20:10:07 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/11/22 20:08:46 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Roaming\Avira [2012/11/22 20:05:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012/11/22 20:05:13 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012/11/22 20:05:13 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012/11/22 20:05:13 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012/11/22 20:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012/11/22 20:05:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012/11/21 23:58:38 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Roaming\Malwarebytes [2012/11/21 23:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/11/21 23:58:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/11/21 20:15:48 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Roaming\LavasoftStatistics [2012/11/21 20:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2012/11/21 20:10:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus [2012/11/21 20:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars [2012/11/21 20:09:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection [2012/11/21 20:09:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner [2012/11/21 20:08:34 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Roaming\Ad-Aware Antivirus [2012/11/20 15:49:47 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012/11/20 15:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan [2012/11/20 15:49:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedFan [2012/11/20 15:46:28 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012/11/20 15:44:33 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mario\Desktop\tdsskiller.exe [2012/11/20 15:40:51 | 000,000,000 | ---D | C] -- C:\Users\Mario\Pavark [2012/11/10 18:09:38 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Roaming\RCKR [2012/11/05 17:46:28 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Roaming\dvdcss [5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/11/24 01:37:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mario\Desktop\OTL.exe [2012/11/24 01:36:00 | 000,001,160 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2004097902-3782746141-3115611571-1000UA.job [2012/11/24 01:20:18 | 000,017,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/24 01:20:18 | 000,017,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/24 01:16:35 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2012/11/24 01:15:07 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job [2012/11/24 01:14:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/24 01:14:47 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys [2012/11/24 00:36:28 | 005,005,971 | R--- | M] (Swearware) -- C:\Users\Mario\Desktop\ComboFix.exe [2012/11/23 23:09:31 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Mario\Desktop\dds.com [2012/11/23 20:02:37 | 000,752,128 | ---- | M] () -- C:\Users\Mario\Desktop\RogueKiller.exe [2012/11/23 19:26:50 | 000,000,512 | ---- | M] () -- C:\Users\Mario\Desktop\MBR.dat [2012/11/23 19:09:57 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Mario\Desktop\aswMBR.exe [2012/11/23 12:50:22 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2004097902-3782746141-3115611571-1000Core.job [2012/11/23 09:56:00 | 000,000,452 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Mario.job [2012/11/23 01:21:44 | 000,002,975 | ---- | M] () -- C:\Users\Mario\Desktop\HiJackThis.lnk [2012/11/22 22:01:27 | 000,004,067 | ---- | M] () -- C:\Users\Mario\AppData\Local\unins000.dat [2012/11/22 22:01:07 | 000,715,038 | ---- | M] () -- C:\Users\Mario\AppData\Local\unins000.exe [2012/11/22 20:12:34 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe [2012/11/22 20:12:34 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2012/11/22 20:10:08 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/22 20:05:29 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/11/22 20:01:35 | 104,500,016 | ---- | M] () -- C:\Users\Mario\Desktop\avira_free_antivirus_it_13-0-0-450.exe [2012/11/22 17:43:24 | 000,000,797 | ---- | M] () -- C:\Users\Mario\Documents\ax_files.xml [2012/11/20 15:49:48 | 000,001,011 | ---- | M] () -- C:\Users\Mario\Desktop\SpeedFan.lnk [2012/11/20 15:49:47 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo [2012/11/20 15:44:52 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mario\Desktop\tdsskiller.exe [2012/11/12 13:37:15 | 001,541,618 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/11/12 13:37:15 | 000,700,344 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2012/11/12 13:37:15 | 000,616,590 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/11/12 13:37:15 | 000,128,424 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2012/11/12 13:37:15 | 000,106,970 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/11/12 12:00:58 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2012/11/12 12:00:58 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012/11/07 09:27:55 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [5 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/23 20:02:34 | 000,752,128 | ---- | C] () -- C:\Users\Mario\Desktop\RogueKiller.exe [2012/11/23 19:26:50 | 000,000,512 | ---- | C] () -- C:\Users\Mario\Desktop\MBR.dat [2012/11/23 01:21:44 | 000,002,975 | ---- | C] () -- C:\Users\Mario\Desktop\HiJackThis.lnk [2012/11/22 22:01:26 | 000,715,038 | ---- | C] () -- C:\Users\Mario\AppData\Local\unins000.exe [2012/11/22 22:01:25 | 000,004,067 | ---- | C] () -- C:\Users\Mario\AppData\Local\unins000.dat [2012/11/22 20:13:02 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2012/11/22 20:10:08 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/11/22 20:05:29 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012/11/22 19:59:28 | 104,500,016 | ---- | C] () -- C:\Users\Mario\Desktop\avira_free_antivirus_it_13-0-0-450.exe [2012/11/20 15:49:48 | 000,001,011 | ---- | C] () -- C:\Users\Mario\Desktop\SpeedFan.lnk [2012/11/20 15:49:46 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo [2012/06/07 15:06:15 | 000,004,608 | ---- | C] () -- C:\Users\Mario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/06/04 17:46:06 | 000,127,524 | ---- | C] () -- C:\Users\Mario\renoir-pergamena-libera.jpg [2011/12/14 17:17:32 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys [2011/10/03 11:53:16 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011/09/18 16:58:32 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2011/09/18 13:54:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011/08/24 19:19:10 | 000,056,320 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll [2011/03/17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012/11/22 00:11:42 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Ad-Aware Antivirus [2011/10/19 18:15:35 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Ashampoo [2011/10/19 21:44:14 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Canneverbe Limited [2011/10/19 21:27:31 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\EAC [2011/10/05 17:31:13 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Foxit Software [2012/02/07 18:17:16 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Garmin [2011/09/18 20:10:48 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\GlarySoft [2011/11/01 21:03:31 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Netscape [2011/11/02 00:02:41 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Photodex [2012/08/23 21:23:40 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\raidcall [2012/11/10 18:09:38 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\RCKR [2011/12/19 16:26:15 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Sports Interactive [2012/02/03 23:51:04 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\TeamViewer [2012/04/05 14:16:24 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Unity [2011/10/05 19:10:45 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\WinBatch ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:E8BE05FA < End of report > EXTRAS OTL Extras logfile created on: 24/11/2012 01:57:41 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mario\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy 4,00 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 61,91% Memory free 8,00 Gb Paging File | 6,19 Gb Available in Paging File | 77,46% Paging File free Paging file location(s): c:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 827,39 Gb Free Space | 88,83% Space Free | Partition Type: NTFS Drive E: | 298,08 Gb Total Space | 90,51 Gb Free Space | 30,36% Space Free | Partition Type: NTFS Computer Name: MARIO-PC | User Name: Mario | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{021A2DAC-4337-4FB9-B02D-5FAC26159BE6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{0B57F7D6-11BF-4A36-9E2D-E4E3C04F2DDA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1EF6C3C3-3656-4A43-BAF9-9A4F2DD98BB0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{38865A5B-8A58-46AE-9ED4-9F7C1E9525B7}" = lport=10243 | protocol=6 | dir=in | app=system | "{43F901A6-4AC6-44B8-8C1B-F59DA876BA51}" = lport=139 | protocol=6 | dir=in | app=system | "{4655F39D-4E45-453E-978D-8F64696B7336}" = lport=138 | protocol=17 | dir=in | app=system | "{491935C7-6021-4BBB-9143-CCFD86343457}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{52BB37A8-3221-4A73-82F8-754054641689}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5EE92E05-19B5-411C-B3B2-B08D19958A48}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{6BA2411F-CBF2-4F31-90D5-780B5DDAD601}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{6EAA5F92-5BD6-4C40-889C-B61DD70FB885}" = lport=445 | protocol=6 | dir=in | app=system | "{75881C33-CD5F-40BE-9325-052C431FA31E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7A0CA5E1-3089-4B26-A229-237C1BBA761E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{8FF7444E-9B0D-41D7-8424-3BB3B84D33E0}" = rport=139 | protocol=6 | dir=out | app=system | "{AA0D81AC-CBD3-41E3-BD45-C2A1284EEC7C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{BB32B958-0558-4FAB-94A2-492678F3A3C0}" = lport=2869 | protocol=6 | dir=in | app=system | "{CDA9F814-AE9C-466E-B501-550EACB63AA8}" = lport=137 | protocol=17 | dir=in | app=system | "{D17CFECE-6570-4D88-B591-8957C23F180B}" = rport=138 | protocol=17 | dir=out | app=system | "{D46A0132-A96B-4504-96F7-CB02579BB69B}" = rport=10243 | protocol=6 | dir=out | app=system | "{E264BBE5-07AC-4FF9-8846-A418FD0A3E6D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E7A6C482-480C-4AF0-93B3-66367C585945}" = rport=445 | protocol=6 | dir=out | app=system | "{EC4F20F0-D689-421F-8D6D-8CE310CB9A0C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F219554B-5C6D-481F-A805-4FC1D2697ADF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F9C98419-1918-44AD-B2CC-C53BB54FBEA5}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0EA68993-E0A7-4DBA-8BDC-741C61BD2FC3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{1EA7761C-305D-414F-A4AA-3C36749B49EB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{2402524B-3F06-4119-9A1B-D69F4123A515}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{2F857789-8702-40C5-9564-CE49E52B5726}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{3026F2C2-E384-4BEE-928E-7F89F682BA45}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{307CDB77-FFAE-43BB-BB40-64F82DFA6D6D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{43ED693C-3180-4DDD-A2D0-2FF68B4AAE41}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4562042E-EBFC-4C15-BD2D-1F474C01CCA8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{59E88740-229E-4515-8CC1-FB6D7203C9CF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{607B3B54-E4DE-4791-9616-48FD5513A244}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{6D48AE60-647B-4F75-91AA-4CE37882631D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{70E0BBF0-8BC2-4747-A34F-400806F2CBD5}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | "{7201D5E4-5622-4ECE-9D2A-D92E65C24C15}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | "{831E645F-F9E4-46CF-BFC6-F58ACB8D4D4D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{8FFFCA72-E7D3-4F07-BC24-D5F7D1BDFEB1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{91C0DCAF-B95F-4CA9-A994-E93FE845F953}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | "{92ED8C5A-A6CB-4CA0-8D24-D62BF552AEE4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{961A1910-6A4C-4C73-96B4-53E35B19A9C1}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | "{992765F6-3743-4149-916E-CEF9682F6FDE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{9D2D1FFD-FB8D-4B70-A059-A346C37B1DC2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{A34C2A99-881D-4BB0-9F74-4E2E90BF9BD6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{AA0BAD05-4F3F-4AF4-A966-C61320F7DD4F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AAD89F3C-1229-4BEC-92A5-3E5E9A4258AD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{BDD94DC5-7374-4BB0-959A-59B7FB826802}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | "{D414C832-EA3B-45AF-8209-301B62B52FF4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{D94264A6-61FB-4EAB-8AE4-0A49F0880C07}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DB803321-6315-4857-A782-3A1B4B539D05}" = protocol=6 | dir=out | app=system | "{E0E42429-41ED-4FF6-95D2-E0CAD0A77A50}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | "{E59DF024-6826-4F31-A206-00B7EFA1A90B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{EE3B7693-6341-45CD-88AC-9CF87BC83E3F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F26D2E33-D227-4BB2-A698-D58324CD5A97}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{FBF6AB02-E06A-4DF1-BC26-88523834C11C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "TCP Query User{248295F3-753D-4F37-BF9D-316DC0CFCB43}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | "TCP Query User{4D12B269-AEF3-4FD1-B9A6-7AF6DEB13B75}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{52A736B8-0839-4BD8-B3C6-B8CB563C6C00}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "TCP Query User{52C1AA5B-9021-48B5-A10A-223DA82B365D}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe | "TCP Query User{5BA3BF02-C3DD-426A-A398-07A80AF220DC}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | "TCP Query User{823C6BAB-1C99-4941-9588-ED8AF489E58E}C:\program files (x86)\black_box\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\black_box\max payne 3\maxpayne3.exe | "TCP Query User{900BFBEF-4EAA-448E-85FF-39D0DEA3011F}C:\program files (x86)\black_box\max payne 3\maxpayne3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\black_box\max payne 3\maxpayne3.exe | "TCP Query User{A6516CEB-61EC-49D2-B00B-9C120D4F98BA}C:\program files (x86)\Microsoft Office\Office12\GROOVE.EXE" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "TCP Query User{CD30D33B-B0F7-4C81-95C9-FE1E82F3F517}C:\dead island\deadislandgame.exe" = protocol=6 | dir=in | app=c:\dead island\deadislandgame.exe | "UDP Query User{320CAA36-6398-4707-AFB0-354A2D242CE3}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe | "UDP Query User{4C664824-D10E-41B1-A3C1-015242CCCE5E}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{57E6D294-B850-4A49-96D4-EEC1040B45F0}C:\program files (x86)\black_box\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\black_box\max payne 3\maxpayne3.exe | "UDP Query User{8DAE7C7A-3C6F-4285-9F36-1569C1CB4A77}C:\program files (x86)\black_box\max payne 3\maxpayne3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\black_box\max payne 3\maxpayne3.exe | "UDP Query User{A131BD56-C615-477B-B410-8B20F1811F7C}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | "UDP Query User{BE8326DF-6EF5-4993-B7FC-FB6852D23D9C}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | "UDP Query User{D74AB1A7-9159-4331-B76C-13274B7992C9}C:\program files (x86)\Microsoft Office\Office12\GROOVE.EXE" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "UDP Query User{DBAE0AF5-5563-4FA5-BE9C-CF5214C34E42}C:\dead island\deadislandgame.exe" = protocol=17 | dir=in | app=c:\dead island\deadislandgame.exe | "UDP Query User{EB930E41-502A-4669-9824-FB9DCF9CFEDE}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01D57CF6-B5BC-4D03-AFF5-7960CFBD05A9}" = Native Instruments Guitar Rig 5 "{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor "{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center "{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0410-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Italian) 2007 "{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour "{EB418DDD-5365-4381-87F6-D8BBB21CC1CA}" = Garmin Communicator Plugin x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "MyDefrag v4.3.1_is1" = MyDefrag v4.3.1 "WinRAR archiver" = WinRAR 4.01 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM) "{0B500125-92A7-40BF-ACF0-45A9221ADE21}_is1" = PowerOffer 2.0 "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM) "{17079027-EB8A-42C6-9BF8-825B78889F6A}" = Garmin Communicator Plugin "{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10 "{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10 "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10 "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java 6 Update 35 "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM) "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM) "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10 "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM) "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM) "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{635E8116-E451-4E27-BF28-AD11C489D28E}_is1" = MyPcCleaner versione 1.0 "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM) "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10 "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10 "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{75D84EF7-0D8C-4e70-MAXP3-7B42A5D4E0EB}_is1" = Max Payne 3 version 1.02 "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM) "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10 "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10 "{90120000-0015-0410-0000-0000000FF1CE}" = Microsoft Office Access MUI (Italian) 2007 "{90120000-0015-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007 "{90120000-0016-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007 "{90120000-0018-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007 "{90120000-0019-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007 "{90120000-001A-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007 "{90120000-001B-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0410-1000-0000000FF1CE}_ENTERPRISE_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0410-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Italian) 2007 "{90120000-0044-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007 "{90120000-006E-0410-0000-0000000FF1CE}_ENTERPRISE_{C0C7E58F-D0A1-4102-855B-0B7AA2E8F1C1}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007 "{90120000-00A1-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0410-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Italian) 2007 "{90120000-00BA-0410-0000-0000000FF1CE}_ENTERPRISE_{7F40286D-09A7-4DC0-A2A4-AA18D026D369}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM) "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10 "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM) "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM) "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM) "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10 "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005 "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM) "{e05859e4-7455-4d01-a9dc-1da760a5d903}" = Ad-Aware Antivirus "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10 "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10 "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10 "{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM) "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM) "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10 "{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10 "5513-1208-7298-9440" = JDownloader 0.9 "adawaretb" = Ad-Aware Security Add-on "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Avira AntiVir Desktop" = Avira Free Antivirus "DeliPlayer2" = DeliPlayer "Deus Ex Human Revolution_is1" = Deus Ex Human Revolution "ENTERPRISE" = Microsoft Office Enterprise 2007 "Foxit Reader_is1" = Foxit Reader 5.0 "Fraps" = Fraps "Glary Utilities_is1" = Glary Utilities 2.37.0.1260 "Guild Wars" = GUILD WARS "Guild Wars 2" = Guild Wars 2 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.65.1.1000 "Native Instruments Controller Editor" = Native Instruments Controller Editor "Native Instruments Guitar Rig 5" = Native Instruments Guitar Rig 5 "Native Instruments Service Center" = Native Instruments Service Center "Photodex Presenter" = Photodex Presenter "ProShow Producer" = ProShow Producer "RaidCall" = RaidCall "Rockstar Games Social Club" = Rockstar Games Social Club "SpeedFan" = SpeedFan (remove only) "TeamViewer 6" = TeamViewer 6 "VLC media player" = VLC media player 1.1.11 "Winamp" = Winamp "Worms Reloaded_is1" = Worms Reloaded ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2004097902-3782746141-3115611571-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "OpenCandyIgnite" = OpenCandy Ignite "UnityWebPlayer" = Unity Web Player "Winamp Detect" = Winamp Detector Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 23/11/2012 10:58:02 | Computer Name = Mario-PC | Source = SideBySide | ID = 16842832 Description = Generazione del contesto di attivazione non riuscita per "C:\Users\Mario\Desktop\SoftonicDownloader_per_combofix (1).exe". Errore nel file manifesto o dei criteri "", alla riga . Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva. Componenti in conflitto:. Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Componente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error - 23/11/2012 10:58:07 | Computer Name = Mario-PC | Source = SideBySide | ID = 16842832 Description = Generazione del contesto di attivazione non riuscita per "C:\Users\Mario\Desktop\SoftonicDownloader_per_combofix (1).exe". Errore nel file manifesto o dei criteri "", alla riga . Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva. Componenti in conflitto:. Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Componente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error - 23/11/2012 14:29:03 | Computer Name = Mario-PC | Source = SideBySide | ID = 16842832 Description = Generazione del contesto di attivazione non riuscita per "C:\$Recycle.Bin\S-1-5-21-2004097902-3782746141-3115611571-1000\$RDV3NN9.exe". Errore nel file manifesto o dei criteri "", alla riga . Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva. Componenti in conflitto:. Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Componente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error - 23/11/2012 14:29:03 | Computer Name = Mario-PC | Source = SideBySide | ID = 16842832 Description = Generazione del contesto di attivazione non riuscita per "C:\$Recycle.Bin\S-1-5-21-2004097902-3782746141-3115611571-1000\$R9SLASW.exe". Errore nel file manifesto o dei criteri "", alla riga . Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva. Componenti in conflitto:. Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Componente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error - 23/11/2012 17:14:27 | Computer Name = Mario-PC | Source = SideBySide | ID = 16842832 Description = Generazione del contesto di attivazione non riuscita per "C:\Users\Mario\Downloads\SoftonicDownloader_per_svchost-process-analyzer.exe". Errore nel file manifesto o dei criteri "", alla riga . Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva. Componenti in conflitto:. Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Componente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error - 23/11/2012 17:14:29 | Computer Name = Mario-PC | Source = SideBySide | ID = 16842832 Description = Generazione del contesto di attivazione non riuscita per "C:\Users\Mario\Downloads\SoftonicDownloader_per_svchost-process-analyzer.exe". Errore nel file manifesto o dei criteri "", alla riga . Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva. Componenti in conflitto:. Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Componente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error - 23/11/2012 17:14:31 | Computer Name = Mario-PC | Source = SideBySide | ID = 16842832 Description = Generazione del contesto di attivazione non riuscita per "C:\Users\Mario\Downloads\SoftonicDownloader_per_svchost-process-analyzer.exe". Errore nel file manifesto o dei criteri "", alla riga . Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva. Componenti in conflitto:. Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Componente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error - 23/11/2012 17:24:25 | Computer Name = Mario-PC | Source = SideBySide | ID = 16842832 Description = Generazione del contesto di attivazione non riuscita per "C:\Users\Mario\Downloads\SoftonicDownloader_per_svchost-process-analyzer.exe". Errore nel file manifesto o dei criteri "", alla riga . Una versione del componente richiesta dall'applicazione è in conflitto con un'altra versione del componente già attiva. Componenti in conflitto:. Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Componente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error - 23/11/2012 19:48:37 | Computer Name = Mario-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 23/11/2012 20:15:16 | Computer Name = Mario-PC | Source = PowerOffer Upd Service | ID = 0 Description = Impossibile avviare il servizio. Handle non valido [ System Events ] Error - 22/11/2012 13:27:50 | Computer Name = Mario-PC | Source = Service Control Manager | ID = 7000 Description = Il servizio Listener Gruppo Home non è stato avviato per il seguente errore: %%1069 Error - 22/11/2012 13:27:50 | Computer Name = Mario-PC | Source = Service Control Manager | ID = 7038 Description = Servizio SysMain: impossibile accedere come NT AUTHORITY\SYSTEM con la password attualmente configurata. Errore: %%50 Per garantire la corretta configurazione del servizio, utilizzare lo snap-in Servizi in Microsoft Management Console (MMC). Error - 22/11/2012 13:28:16 | Computer Name = Mario-PC | Source = Service Control Manager | ID = 7031 Description = Il servizio Servizio di condivisione in rete Windows Media Player è stato arrestato in modo imprevisto. Questo problema si è verificato 1 volta/e. Le seguenti azioni di correzione saranno eseguite tra 30000 millisecondi: Riavvia il servizio. Error - 22/11/2012 13:28:19 | Computer Name = Mario-PC | Source = Service Control Manager | ID = 7032 Description = Tentativo di eseguire un'azione di correzione (Riavvia il servizio) dopo l'arresto imprevista del servizio Servizio Interfaccia archivio di rete. Tentativo non riuscito per l'errore: %%1056 Error - 22/11/2012 14:50:53 | Computer Name = MARIO-PC | Source = BugCheck | ID = 1001 Description = Error - 22/11/2012 14:56:54 | Computer Name = Mario-PC | Source = DCOM | ID = 10010 Description = Error - 22/11/2012 15:03:07 | Computer Name = Mario-PC | Source = DCOM | ID = 10010 Description = Error - 22/11/2012 16:58:55 | Computer Name = Mario-PC | Source = DCOM | ID = 10010 Description = Error - 23/11/2012 18:36:42 | Computer Name = Mario-PC | Source = VDS Basic Provider | ID = 33554433 Description = Error - 23/11/2012 20:13:46 | Computer Name = Mario-PC | Source = DCOM | ID = 10010 Description = < End of report >
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.