Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
6 replies to this topic

#1 arthax83

arthax83

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 24 May 2010 - 12:42 PM

Hi! I have some problem with my PC...it's very slow, even if I mounted it only one month ago. I think it's a virus problem, but i'm not expert...so I hope somebody can help me to disinfect it, before I decide to format!! :D this is the report of HiJackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19.15.38, on 24/05/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\AVG\AVG9\avgchsvx.exe
C:\Programmi\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\Programmi\AVG\AVG9\avgwdsvc.exe
C:\Programmi\Bluetooth Software\bin\btwdins.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AVG\AVG9\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\AVG\AVG9\avgemc.exe
C:\Programmi\AVG\AVG9\avgcsrvx.exe
C:\Programmi\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Programmi\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Belkin\F5D8055\v1\Belkinwcui.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Programmi\Logitech\SetPointP\SetPoint.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Bluetooth Software\BTTray.exe
C:\Programmi\Belkin\F5D8051v2\Belkinwcui.exe
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\Programmi\File comuni\LogiShrd\KHAL3\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\eMule\emule.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Programmi\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Programmi\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [type32] "C:\Programmi\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ASUS Update Checker] C:\Programmi\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Programmi\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F5D8055v1] C:\Programmi\Belkin\F5D8055\v1\Belkinwcui.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [EvtMgr6] C:\Programmi\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe"

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:24 PM

Posted 26 May 2010 - 11:44 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 arthax83

arthax83
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 26 May 2010 - 01:57 PM

Hi and thak you for your help at first.
Then: My machine is very slow. The launch of Windows xp requires 5 minutes, and then I have to wait other 15 minutes before I can do anything. After that, I can open programs or windows, but after some minutes my hard disk starts to charge something...I don't know what! It's like a cycle....after some minutes it works regular, and then the same problem.

If it can help you, I was thinking of format my HD, and I wanted to make a partition on it first...but Magic Partition seems to not recognise my C hard disk.

Here are the results of the scan with OTL:

OTL logfile created on: 26/05/2010 20.22.43 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Vale\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 931,51 Gb Total Space | 826,97 Gb Free Space | 88,78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 114,48 Gb Total Space | 12,74 Gb Free Space | 11,13% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VALERIO
Current User Name: Vale
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/26 20.20.18 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vale\Desktop\OTL.exe
PRC - [2010/05/24 19.55.22 | 006,369,648 | ---- | M] (Prevx) -- C:\Programmi\Prevx\prevx.exe
PRC - [2010/04/07 15.00.04 | 005,758,976 | ---- | M] (http://www.emule-project.net) -- C:\Programmi\eMule\emule.exe
PRC - [2010/04/01 20.03.17 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programmi\Mozilla Firefox\firefox.exe
PRC - [2010/02/26 02.21.50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Programmi\Norton 360\Engine\4.2.0.12\ccsvchst.exe
PRC - [2010/02/18 11.43.18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\File comuni\Java\Java Update\jusched.exe
PRC - [2010/01/29 23.20.26 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Programmi\File comuni\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2010/01/27 13.30.16 | 001,312,848 | ---- | M] (Logitech, Inc.) -- C:\Programmi\Logitech\SetPointP\SetPoint.exe
PRC - [2009/11/16 09.04.30 | 000,735,960 | ---- | M] (ESET) -- C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/11/16 09.03.32 | 002,054,360 | ---- | M] (ESET) -- C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2009/09/30 19.58.42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Windows Live\Contacts\wlcomm.exe
PRC - [2009/08/21 11.22.50 | 001,427,968 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
PRC - [2009/08/19 16.44.56 | 000,603,136 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe
PRC - [2009/07/17 15.25.02 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009/06/26 17.21.00 | 000,757,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX1000.exe
PRC - [2008/09/03 19.30.26 | 001,662,976 | ---- | M] (Belkin) -- C:\Programmi\Belkin\F5D8055\v1\Belkinwcui.exe
PRC - [2008/04/11 18.43.04 | 001,454,080 | ---- | M] (Belkin) -- C:\Programmi\Belkin\F5D8051v2\Belkinwcui.exe
PRC - [2007/05/17 23.45.33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft LifeCam\MSCamS32.exe
PRC - [2006/03/02 14.00.00 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/01 15.12.18 | 000,565,309 | ---- | M] (Broadcom Corporation) -- C:\Programmi\Bluetooth Software\BTTray.exe
PRC - [2004/10/01 15.06.34 | 000,163,840 | ---- | M] (Broadcom Corporation) -- C:\Programmi\Bluetooth Software\bin\btwdins.exe
PRC - [2004/06/03 10.51.27 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Programmi\Microsoft IntelliType Pro\type32.exe


========== Modules (SafeList) ==========

MOD - [2010/05/26 20.20.18 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vale\Desktop\OTL.exe
MOD - [2010/05/14 07.35.01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Programmi\Norton 360\Engine\4.2.0.12\asoehook.dll
MOD - [2009/07/12 09.02.02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Programmi\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 09.02.00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Programmi\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll
MOD - [2006/03/02 14.00.00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2006/03/02 14.00.00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/24 19.55.22 | 006,369,648 | ---- | M] (Prevx) [Auto | Running] -- C:\Programmi\Prevx\prevx.exe -- (CSIScanner)
SRV - [2010/02/26 02.21.50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Programmi\Norton 360\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
SRV - [2010/01/29 23.17.14 | 000,292,944 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programmi\File comuni\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/11/16 09.12.54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EHttpSrv)
SRV - [2009/11/16 09.04.30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2009/07/17 15.25.02 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2007/05/17 23.45.33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programmi\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2004/10/01 15.06.34 | 000,163,840 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Programmi\Bluetooth Software\bin\btwdins.exe -- (btwdins)


========== Driver Services (SafeList) ==========

DRV - [2010/05/24 21.22.57 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100525.034\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/24 21.22.26 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100525.034\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/24 20.44.57 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/24 19.55.23 | 000,057,248 | ---- | M] (Prevx) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pxrts.sys -- (pxrts)
DRV - [2010/05/24 19.55.23 | 000,030,320 | ---- | M] (Prevx) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\pxscan.sys -- (pxscan)
DRV - [2010/05/24 19.55.22 | 000,024,400 | ---- | M] (Prevx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pxkbf.sys -- (pxkbf)
DRV - [2010/05/18 21.24.25 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20100518.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/06 06.01.59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/29 19.44.04 | 000,537,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100429.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/04/29 07.03.51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/22 05.02.20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/22 04.29.50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/22 04.29.50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/03/04 11.00.00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programmi\File comuni\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/03/04 11.00.00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programmi\File comuni\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/02/26 02.22.57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys -- (ccHP)
DRV - [2010/02/04 03.40.47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS -- (SymDS)
DRV - [2009/11/16 09.06.50 | 000,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2009/11/16 09.03.36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/11/16 08.56.12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009/11/10 13.55.32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/11/10 13.55.08 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/11/10 13.54.52 | 000,035,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/08/17 13.16.06 | 001,390,976 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009/07/06 04.48.02 | 000,011,448 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009/06/26 17.21.02 | 001,956,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2009/05/25 09.21.28 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/07/30 15.44.46 | 000,619,136 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/07/26 06.48.00 | 006,097,536 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/07/09 08.11.34 | 000,022,016 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\RtNdPt5x.sys -- (RtNdPt5x)
DRV - [2008/05/26 15.42.06 | 000,017,408 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLVLAN.SYS -- (RTLVLAN)
DRV - [2008/01/23 14.00.44 | 000,025,984 | R--- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTLTEAMING.SYS -- (RTLTEAMING)
DRV - [2007/12/17 11.14.06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2005/01/07 17.07.18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/10/01 14.50.26 | 000,023,271 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2004/10/01 14.50.20 | 000,222,876 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - [2004/10/01 14.48.30 | 001,241,482 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2004/08/22 16.31.48 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\d347prt.sys -- (d347prt)
DRV - [2004/08/22 16.31.10 | 000,155,136 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\d347bus.sys -- (d347bus)
DRV - [2004/08/13 04.56.20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/03 23.07.56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Driver audio USB (WDM)
DRV - [2003/09/25 23.15.32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Programmi\Belkin\F5D8055\v1\GTNDIS5.sys -- (GTNDIS5)
DRV - [2002/09/16 17.14.32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-790525478-1383384898-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKU\S-1-5-21-790525478-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.it"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76
FF - prefs.js..extensions.enabledItems: silvermelxt@pardal.de:1.3.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: silvermel@pardal.de:1.3.5
FF - prefs.js..extensions.enabledItems: {7cc7c81a-dfac-4013-ac95-02ee389ae7e7}:2.0.7
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76
FF - prefs.js..extensions.enabledItems: {C1F83B1E-D6EE-11DE-B441-1AD556D89593}:1.15

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010/05/26 10.01.14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Dati applicazioni\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010/05/24 20.47.57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programmi\Mozilla Firefox\components [2010/04/15 19.10.37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programmi\Mozilla Firefox\plugins [2010/05/13 12.39.06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Programmi\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/05/26 18.30.17 | 000,000,000 | ---D | M]

[2010/04/15 19.10.51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vale\Dati applicazioni\Mozilla\Extensions
[2010/05/26 15.29.31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vale\Dati applicazioni\Mozilla\Firefox\Profiles\uowbdnvm.default\extensions
[2010/04/28 08.39.51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Vale\Dati applicazioni\Mozilla\Firefox\Profiles\uowbdnvm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/16 11.19.51 | 000,000,000 | ---D | M] (Stratini-Stripe Point Nine) -- C:\Documents and Settings\Vale\Dati applicazioni\Mozilla\Firefox\Profiles\uowbdnvm.default\extensions\{7cc7c81a-dfac-4013-ac95-02ee389ae7e7}
[2010/04/16 11.20.24 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\Vale\Dati applicazioni\Mozilla\Firefox\Profiles\uowbdnvm.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010/05/12 10.28.51 | 000,000,000 | ---D | M] (Oxygen KDE) -- C:\Documents and Settings\Vale\Dati applicazioni\Mozilla\Firefox\Profiles\uowbdnvm.default\extensions\{C1F83B1E-D6EE-11DE-B441-1AD556D89593}
[2010/04/16 11.21.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vale\Dati applicazioni\Mozilla\Firefox\Profiles\uowbdnvm.default\extensions\noia2_option@kk.noia
[2010/04/16 11.14.11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vale\Dati applicazioni\Mozilla\Firefox\Profiles\uowbdnvm.default\extensions\silvermel@pardal.de
[2010/04/16 11.21.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vale\Dati applicazioni\Mozilla\Firefox\Profiles\uowbdnvm.default\extensions\silvermelxt@pardal.de
[2010/05/12 10.28.51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vale\Dati applicazioni\Mozilla\Firefox\Profiles\uowbdnvm.default\extensions\{C1F83B1E-D6EE-11DE-B441-1AD556D89593}\chrome\mozapps\extensions
[2010/05/25 15.19.31 | 000,000,000 | ---D | M] -- C:\Programmi\Mozilla Firefox\extensions
[2010/04/23 14.08.50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programmi\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/23 14.08.36 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programmi\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/01 19.17.18 | 000,000,744 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\eBay-it.xml
[2010/04/01 19.17.18 | 000,000,825 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\hoepli.xml
[2010/04/01 19.17.18 | 000,001,182 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\wikipedia-it.xml
[2010/04/01 19.17.18 | 000,000,953 | ---- | M] () -- C:\Programmi\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2006/03/02 14.00.00 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programmi\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (SafeOnline BHO) - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll (Prevx)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programmi\Norton 360\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Guida per l'accesso a Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programmi\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [ASUS Update Checker] C:\Programmi\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [egui] C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [EvtMgr6] C:\Programmi\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [F5D8055v1] C:\Programmi\Belkin\F5D8055\v1\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [LifeCam] C:\Programmi\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QFan Help] C:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programmi\File comuni\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [type32] C:\Programmi\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\BTTray.lnk = C:\Programmi\Bluetooth Software\BTTray.exe (Broadcom Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Utility di rete wireless Belkin.lnk = C:\Programmi\Belkin\F5D8051v2\Belkinwcui.exe (Belkin)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-1383384898-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll - c:\Programmi\File comuni\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Vale\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vale\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/15 10.42.03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/12/25 16.33.28 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d53a6507-5489-11df-bef5-000b0d60dc98}\Shell\default\command - "" = C:\WINDOWS\System32\win.com -- [2006/03/02 14.00.00 | 000,018,432 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Rendering grafica vettoriale (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Binding dati Dynamic HTML per Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Modulo ricerca non in linea
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Creazione avanzata
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Guida di Internet Explorer
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - Classi Java DirectAnimation
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Aggiornamento della protezione per Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Strumenti di installazione di Internet Explorer
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Miglioramenti sfoglia
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Accesso sito MSN
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Binding dati Dynamic HTML
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Font principali di Internet Explorer
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Utilità di pianificazione
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - Guida HTML
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/04/15 18.26.32 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/26 20.15.37 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vale\Desktop\OTL.exe
[2010/05/26 18.30.38 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/05/26 18.30.16 | 000,000,000 | ---D | C] -- C:\Programmi\ESET
[2010/05/26 18.30.16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\ESET
[2010/05/25 11.36.13 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdi.sys
[2010/05/25 11.36.13 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdiv.sys
[2010/05/25 11.36.13 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.sys
[2010/05/25 11.36.12 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.sys
[2010/05/25 11.36.12 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.sys
[2010/05/25 11.36.12 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.sys
[2010/05/25 11.36.12 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\ironx86.sys
[2010/05/25 11.36.12 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.sys
[2010/05/25 11.35.50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0402000.00C
[2010/05/24 20.47.46 | 000,107,368 | R--- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/05/24 20.44.57 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/05/24 20.44.57 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/05/24 20.44.52 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Symantec Shared
[2010/05/24 20.44.52 | 000,000,000 | ---D | C] -- C:\Programmi\Symantec
[2010/05/24 20.36.31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2010/05/24 20.36.29 | 000,000,000 | ---D | C] -- C:\Programmi\Windows Sidebar
[2010/05/24 20.36.29 | 000,000,000 | ---D | C] -- C:\Programmi\Norton 360
[2010/05/24 20.36.28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Norton
[2010/05/24 20.36.19 | 000,000,000 | ---D | C] -- C:\Programmi\NortonInstaller
[2010/05/24 20.36.19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\NortonInstaller
[2010/05/24 19.55.24 | 000,061,440 | ---- | C] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll
[2010/05/24 19.55.23 | 000,057,248 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/05/24 19.55.23 | 000,030,320 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/05/24 19.55.22 | 000,024,400 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/05/24 19.55.22 | 000,000,000 | ---D | C] -- C:\Programmi\Prevx
[2010/05/24 19.55.05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\PrevxCSI
[2010/05/24 19.14.22 | 000,000,000 | ---D | C] -- C:\Programmi\Trend Micro
[2010/05/24 13.01.57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/05/24 11.59.51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vale\Impostazioni locali\Dati applicazioni\Help
[2010/05/24 11.59.51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vale\Dati applicazioni\Help
[2010/05/22 14.20.10 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Vale\Recent
[2010/05/22 14.11.01 | 000,000,000 | ---D | C] -- C:\Programmi\CCleaner
[2010/05/14 21.43.17 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010/05/14 21.33.26 | 000,000,000 | ---D | C] -- C:\Programmi\Telltale Games
[2010/05/13 12.38.21 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Adobe
[2010/04/30 10.44.06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vale\Impostazioni locali\Dati applicazioni\Aspyr
[2010/04/30 10.44.06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vale\Documenti\Aspyr
[2010/04/30 10.24.47 | 000,000,000 | ---D | C] -- C:\Programmi\Aspyr
[2010/04/30 10.24.15 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2010/04/30 02.27.42 | 000,000,000 | ---D | C] -- C:\Programmi\Microsoft Silverlight
[2010/04/29 16.57.47 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Blizzard Entertainment
[2010/04/16 16.23.28 | 000,155,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347bus.sys
[2010/04/16 16.23.28 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d347prt.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/26 20.31.39 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2010/05/26 20.20.18 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vale\Desktop\OTL.exe
[2010/05/26 09.48.42 | 000,194,909 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/26 09.48.37 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/26 09.48.10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/26 09.48.06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/26 00.04.15 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Vale\NTUSER.DAT
[2010/05/25 14.57.56 | 000,001,864 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2010/05/25 14.54.55 | 000,984,218 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/05/25 14.53.19 | 000,000,194 | -HS- | M] () -- C:\Documents and Settings\Vale\ntuser.ini
[2010/05/24 20.44.57 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/05/24 20.44.57 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/05/24 20.44.57 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/05/24 20.44.54 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/05/24 19.55.24 | 000,061,440 | ---- | M] (Prevx) -- C:\WINDOWS\System32\PxSecure.dll
[2010/05/24 19.55.23 | 000,057,248 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2010/05/24 19.55.23 | 000,030,320 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/05/24 19.55.22 | 000,024,400 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxkbf.sys
[2010/05/24 19.55.05 | 000,000,047 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/05/24 19.14.22 | 000,001,976 | ---- | M] () -- C:\Documents and Settings\Vale\Desktop\HiJackThis.lnk
[2010/05/24 15.35.04 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\Vale\Desktop\vetriani fp 28.xls
[2010/05/24 15.35.01 | 000,085,837 | ---- | M] () -- C:\Documents and Settings\Vale\Desktop\vetriani 28.pdf
[2010/05/22 14.13.17 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\Vale\Desktop\CCleaner.lnk
[2010/05/22 13.52.58 | 000,478,808 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2010/05/22 13.52.58 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/22 13.52.58 | 000,079,292 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2010/05/22 13.52.58 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/22 13.52.57 | 001,071,834 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/19 11.01.39 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Vale\Desktop\OL e MDM fino a 2010 06.xls
[2010/05/18 18.24.45 | 001,964,160 | ---- | M] () -- C:\Documents and Settings\Vale\Desktop\Vetriani 18 e 25.pdf
[2010/05/17 12.49.24 | 000,880,398 | ---- | M] () -- C:\Documents and Settings\Vale\Desktop\Valerio 13 maggio.pdf
[2010/05/14 21.43.17 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2010/05/14 21.41.23 | 000,001,979 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sam and Max - Season Two.lnk
[2010/05/14 08.40.03 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\isolate.ini
[2010/05/09 12.35.48 | 000,007,295 | ---- | M] () -- C:\Documents and Settings\Vale\Desktop\n1452997668_1253.jpg
[2010/05/08 17.58.34 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\Vale\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/06 06.01.59 | 000,361,904 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdi.sys
[2010/05/06 06.01.59 | 000,339,504 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdiv.sys
[2010/05/06 06.01.43 | 000,001,473 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.inf
[2010/05/06 06.01.43 | 000,001,445 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.inf
[2010/05/05 17.18.01 | 000,798,858 | ---- | M] () -- C:\Documents and Settings\Vale\Desktop\Valerio 7 maggio.pdf
[2010/04/30 10.43.44 | 000,000,678 | ---- | M] () -- C:\Documents and Settings\Vale\Desktop\Collegamento a GH3.lnk
[2010/04/30 03.33.25 | 006,916,148 | -H-- | M] () -- C:\Documents and Settings\Vale\Impostazioni locali\Dati applicazioni\IconCache.db
[2010/04/29 17.04.44 | 072,857,808 | ---- | M] () -- C:\Documents and Settings\Vale\Desktop\StarCraft2CinematicTrailer_EnglishEU.avi
[2010/04/29 17.01.53 | 000,240,142 | ---- | M] () -- C:\Documents and Settings\Vale\Desktop\wall3 starcraft2 logo.jpg
[2010/04/29 07.03.51 | 000,116,784 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\ironx86.sys
[2010/04/29 07.03.51 | 000,007,438 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.cat
[2010/04/29 07.03.51 | 000,000,741 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.inf
[2010/04/28 19.53.41 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Vale\Documenti\Cartelle condivise.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/25 14.54.45 | 000,984,218 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/05/25 11.36.13 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.cat
[2010/05/25 11.36.13 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.cat
[2010/05/25 11.36.13 | 000,007,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.cat
[2010/05/25 11.36.13 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.inf
[2010/05/25 11.36.13 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.inf
[2010/05/25 11.36.13 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.inf
[2010/05/25 11.36.12 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.cat
[2010/05/25 11.36.12 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.cat
[2010/05/25 11.36.12 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.cat
[2010/05/25 11.36.12 | 000,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.cat
[2010/05/25 11.36.12 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.inf
[2010/05/25 11.36.12 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.inf
[2010/05/25 11.36.12 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.inf
[2010/05/25 11.36.12 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.inf
[2010/05/25 11.36.11 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.cat
[2010/05/25 11.36.11 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.inf
[2010/05/25 11.35.50 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\isolate.ini
[2010/05/24 20.44.57 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/05/24 20.44.57 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/05/24 20.38.36 | 000,001,864 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2010/05/24 19.55.05 | 000,000,047 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/05/24 19.14.22 | 000,001,976 | ---- | C] () -- C:\Documents and Settings\Vale\Desktop\HiJackThis.lnk
[2010/05/24 15.35.01 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\Vale\Desktop\vetriani fp 28.xls
[2010/05/24 15.34.40 | 000,085,837 | ---- | C] () -- C:\Documents and Settings\Vale\Desktop\vetriani 28.pdf
[2010/05/22 14.13.14 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\Vale\Desktop\CCleaner.lnk
[2010/05/18 18.24.45 | 001,964,160 | ---- | C] () -- C:\Documents and Settings\Vale\Desktop\Vetriani 18 e 25.pdf
[2010/05/17 12.49.40 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Vale\Desktop\OL e MDM fino a 2010 06.xls
[2010/05/17 12.49.24 | 000,880,398 | ---- | C] () -- C:\Documents and Settings\Vale\Desktop\Valerio 13 maggio.pdf
[2010/05/14 21.41.23 | 000,001,979 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sam and Max - Season Two.lnk
[2010/05/09 12.35.48 | 000,007,295 | ---- | C] () -- C:\Documents and Settings\Vale\Desktop\n1452997668_1253.jpg
[2010/05/05 17.18.00 | 000,798,858 | ---- | C] () -- C:\Documents and Settings\Vale\Desktop\Valerio 7 maggio.pdf
[2010/04/30 10.43.44 | 000,000,678 | ---- | C] () -- C:\Documents and Settings\Vale\Desktop\Collegamento a GH3.lnk
[2010/04/29 17.01.53 | 000,240,142 | ---- | C] () -- C:\Documents and Settings\Vale\Desktop\wall3 starcraft2 logo.jpg
[2010/04/29 16.57.54 | 072,857,808 | ---- | C] () -- C:\Documents and Settings\Vale\Desktop\StarCraft2CinematicTrailer_EnglishEU.avi
[2010/04/15 20.10.58 | 000,005,116 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini
[2010/04/15 16.27.15 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2010/04/15 16.27.15 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2010/04/15 16.27.03 | 000,011,448 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys
[2010/04/15 16.27.02 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2010/04/15 16.27.02 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2010/04/15 14.09.01 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/04/15 14.06.13 | 000,030,699 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2010/04/15 14.04.36 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/04/15 14.04.30 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/04/15 14.04.26 | 000,021,211 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/04/15 14.04.26 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/06/26 17.21.02 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2008/12/01 18.32.32 | 000,362,029 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2008/07/26 06.48.00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/07/26 06.48.00 | 001,499,136 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/07/26 06.48.00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/07/26 06.48.00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/07/26 06.48.00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/06/11 09.02.34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/06/11 09.02.34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/06/11 09.02.34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/06/11 09.02.34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/06/11 09.02.34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/06/11 09.02.34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/06/11 09.02.32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/06/11 09.02.32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/06/11 09.02.32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/06/05 08.58.26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2004/10/01 15.01.22 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004/08/22 17.04.56 | 000,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2002/05/15 23.29.04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 18.18.00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13.56.00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2006/03/02 14.00.00 | 018,778,587 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 20.36.38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\agp440.sys

< MD5 for: ATAPI.SYS >
[2006/03/02 14.00.00 | 018,778,587 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 20.40.30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\atapi.sys
[2004/08/03 22.59.44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22.59.44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006/03/02 14.00.00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2004/08/03 22.59.44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 04.13.39 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=BD5FEE908FDD9CB09AA3E78111AB1119 -- C:\WINDOWS\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\eventlog.dll
[2006/03/02 14.00.00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=D1CAA255F33C06C8302769A86FFB905E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2006/03/02 14.00.00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=D1CAA255F33C06C8302769A86FFB905E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2009/02/06 20.46.13 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=0908290F2D809BAB461E6AE8740B4EF9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 20.46.13 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=0908290F2D809BAB461E6AE8740B4EF9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2006/03/02 14.00.00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=926BB51BB6DE79DEDB93E9C2B0811CCF -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2006/03/02 14.00.00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=926BB51BB6DE79DEDB93E9C2B0811CCF -- C:\WINDOWS\system32\netlogon.dll
[2008/04/14 04.13.46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=E1DACEE13CAF8E118416399ABD2A08D9 -- C:\WINDOWS\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 04.13.49 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=034B4B1E882563562B35E1FAB279DEDF -- C:\WINDOWS\SoftwareDistribution\Download\073a8e9684d59d4923c2eb2e44aa36af\scecli.dll
[2006/03/02 14.00.00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=1446EB71ADF0F54980CDD7E5A812E102 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2006/03/02 14.00.00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=1446EB71ADF0F54980CDD7E5A812E102 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010/05/24 19.55.22 | 000,024,400 | ---- | M] (Prevx) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\pxkbf.sys
[2010/05/24 19.55.23 | 000,057,248 | ---- | M] (Prevx) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\pxrts.sys
[2010/05/24 19.55.23 | 000,030,320 | ---- | M] (Prevx) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\pxscan.sys

< %systemroot%\System32\config\*.sav >
[2010/04/15 18.31.26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/04/15 18.31.26 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/04/15 18.31.26 | 000,454,656 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/15 20.11.02 | 000,021,361 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\AegisP.sys
[2010/04/22 18.05.04 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LNonPnP.sys
[2010/05/24 19.55.22 | 000,024,400 | ---- | M] (Prevx) -- C:\WINDOWS\system32\drivers\pxkbf.sys
[2010/05/24 19.55.23 | 000,057,248 | ---- | M] (Prevx) -- C:\WINDOWS\system32\drivers\pxrts.sys
[2010/05/24 19.55.23 | 000,030,320 | ---- | M] (Prevx) -- C:\WINDOWS\system32\drivers\pxscan.sys
[2010/04/16 20.23.58 | 000,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys
[2010/05/24 20.44.57 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
< End of report >


and the other txt::
OTL Extras logfile created on: 26/05/2010 20.22.43 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Vale\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 931,51 Gb Total Space | 826,97 Gb Free Space | 88,78% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 114,48 Gb Total Space | 12,74 Gb Free Space | 11,13% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VALERIO
Current User Name: Vale
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-790525478-1383384898-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programmi\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programmi\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programmi\MSN Messenger\msncall.exe" = C:\Programmi\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Programmi\Windows Live\Messenger\wlcsdk.exe" = C:\Programmi\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programmi\Microsoft LifeCam\LifeCam.exe" = C:\Programmi\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Programmi\Microsoft LifeCam\LifeExp.exe" = C:\Programmi\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Programmi\eMule\emule.exe" = C:\Programmi\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Programmi\MSN Messenger\msncall.exe" = C:\Programmi\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Programmi\Windows Live\Messenger\wlcsdk.exe" = C:\Programmi\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programmi\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Programmi\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"C:\Programmi\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe" = C:\Programmi\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword -- (Firaxis Games)
"C:\Programmi\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe" = C:\Programmi\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:*:Enabled:Sid Meier's Civilization 4 Beyond the Sword Pitboss -- (Firaxis Games)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}" = Guitar Hero III
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39A409D2-F7DF-4D52-B7F9-5E397A92B130}" = Belkin N1 Wireless USB Adapter Setup
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3FDF4C9C-BFA0-43AE-B7D4-54BC33B1B0DA}" = NVIDIA PhysX v8.07.18
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{49C77D21-F91F-4296-B7DF-19C5FF51AF4D}" = Windows Live Call
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EE9A620-46A0-4BCF-82AC-950D2BBED982}" = Belkin N Wireless USB Adapter Setup
"{4FBD5BA1-64F0-46FB-818F-EA689D45C22A}" = Belkin N+ Wireless USB Adapter
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6D7BDA00-A4DA-49F9-BAE4-7FB71FAA4737}" = Windows Live Essentials
"{6F695BCF-9BDC-48AB-8D46-D57CFAD7A248}" = Assistente per l'accesso a Windows Live
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = Bluetooth Software
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{CFE9A1C8-0A2E-4536-84EE-B392E735E807}" = ESET NOD32 Antivirus
"{D61B4347-26FD-40F5-92B7-5D020E574DFE}" = OpenOffice.org 3.2
"{D87ED458-C738-42E9-9A6F-961CD715388B}" = Microsoft LifeCam
"{E0ABA486-A39B-4B96-BD80-757396151079}" = Windows Live Messenger
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner (remove only)
"eMule" = eMule
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Manager Piattaforma
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0 Demo
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"N360" = Norton 360
"NVIDIA Drivers" = NVIDIA Drivers
"PCSI" = Prevx
"Sam and Max - Season Two" = Sam & Max - Season Two
"SP6" = Logitech SetPoint 6.0
"VLC media player" = VLC media player 1.0.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR gestione archivi
"WMFDist11" = Windows Media Format 11 runtime
"Xbox_360_CC_Driver" = Xbox 360 Controller for Windows

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18/04/2010 18.09.59 | Computer Name = VALERIO | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: C:\Programmi\Driver Whiz\Driver Whiz\DriverWhiz.exe . Error
code = 0x80131047

Error - 20/04/2010 12.46.30 | Computer Name = VALERIO | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore civ4beyondsword.exe, versione
3.0.0.91, modulo che ha provocato l'errore cvgamecoredll.dll, versione 1.0.0.1,
indirizzo errore 0x000d2bf0.

Error - 21/04/2010 8.26.39 | Computer Name = VALERIO | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore civ4beyondsword.exe, versione
3.0.0.91, modulo che ha provocato l'errore cvgamecoredll.dll, versione 1.0.0.1,
indirizzo errore 0x000d2bf0.

Error - 30/04/2010 17.08.50 | Computer Name = VALERIO | Source = Windows Live Messenger | ID = 1000
Description =

Error - 01/05/2010 9.24.55 | Computer Name = VALERIO | Source = Windows Live Messenger | ID = 1000
Description =

Error - 10/05/2010 4.07.52 | Computer Name = VALERIO | Source = Windows Live Messenger | ID = 1000
Description =

Error - 15/05/2010 13.53.17 | Computer Name = VALERIO | Source = Application Error | ID = 1000
Description = Applicazione che ha provocato l'errore javaw.exe, versione 6.0.200.2,
modulo che ha provocato l'errore java.dll, versione 6.0.200.2, indirizzo errore
0x00005875.

Error - 23/05/2010 19.44.04 | Computer Name = VALERIO | Source = Application Hang | ID = 1002
Description = Applicazione in stallo emule.exe, versione 0.50.0.4, modulo in stallo
hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 25/05/2010 9.10.34 | Computer Name = VALERIO | Source = WmiAdapter | ID = 4099
Description = Impossibile aprire il servizio.

Error - 26/05/2010 12.40.40 | Computer Name = VALERIO | Source = MsiInstaller | ID = 11920
Description = Prodotto: ESET NOD32 Antivirus -- Errore 1920. Il servizio 'ESET Service'
(ekrn) non può essere avviato. Verificare di avere sufficienti privilegi per avviare
i servizi di sistema.

[ System Events ]
Error - 06/05/2010 8.24.19 | Computer Name = VALERIO | Source = Dhcp | ID = 1001
Description = Il server DHCP non ha assegnato un indirizzo di rete al computer per
la scheda di rete con indirizzo 001CDFD175B9. Si è verificato il seguente errore:
%%1223. Il computer tenterà di ottenere un indirizzo dal server DHCP degli indirizzi
di rete.

Error - 08/05/2010 9.17.46 | Computer Name = VALERIO | Source = Dhcp | ID = 1001
Description = Il server DHCP non ha assegnato un indirizzo di rete al computer per
la scheda di rete con indirizzo 001CDFD175B9. Si è verificato il seguente errore:
%%1223. Il computer tenterà di ottenere un indirizzo dal server DHCP degli indirizzi
di rete.

Error - 13/05/2010 9.25.12 | Computer Name = VALERIO | Source = Dhcp | ID = 1001
Description = Il server DHCP non ha assegnato un indirizzo di rete al computer per
la scheda di rete con indirizzo 001CDFD175B9. Si è verificato il seguente errore:
%%1223. Il computer tenterà di ottenere un indirizzo dal server DHCP degli indirizzi
di rete.

Error - 14/05/2010 4.09.10 | Computer Name = VALERIO | Source = Dhcp | ID = 1001
Description = Il server DHCP non ha assegnato un indirizzo di rete al computer per
la scheda di rete con indirizzo 001CDFD175B9. Si è verificato il seguente errore:
%%1223. Il computer tenterà di ottenere un indirizzo dal server DHCP degli indirizzi
di rete.

Error - 16/05/2010 6.51.09 | Computer Name = VALERIO | Source = BTHUSB | ID = 327697
Description = Errore non definito della radio Bluetooth locale. La radio verrà scaricata.

Error - 16/05/2010 18.11.04 | Computer Name = VALERIO | Source = Dhcp | ID = 1002
Description = Il lease 192.168.1.33 dell'indirizzo IP della scheda di rete con indirizzo
001CDFD175B9 è stato negato dal server DHCP 192.168.1.1. Il server DHCP ha inviato
un messaggio DHCPNACK.

Error - 17/05/2010 3.55.41 | Computer Name = VALERIO | Source = Dhcp | ID = 1002
Description = Il lease 192.168.1.33 dell'indirizzo IP della scheda di rete con indirizzo
001CDFD175B9 è stato negato dal server DHCP 192.168.1.1. Il server DHCP ha inviato
un messaggio DHCPNACK.

Error - 17/05/2010 3.56.01 | Computer Name = VALERIO | Source = BTHUSB | ID = 327697
Description = Errore non definito della radio Bluetooth locale. La radio verrà scaricata.

Error - 20/05/2010 10.25.52 | Computer Name = VALERIO | Source = Dhcp | ID = 1001
Description = Il server DHCP non ha assegnato un indirizzo di rete al computer per
la scheda di rete con indirizzo 001CDFD175B9. Si è verificato il seguente errore:
%%1223. Il computer tenterà di ottenere un indirizzo dal server DHCP degli indirizzi
di rete.

Error - 22/05/2010 7.38.34 | Computer Name = VALERIO | Source = DCOM | ID = 10010
Description = Il server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} non si è registrato
con DCOM entro il tempo d'attesa richiesto.


< End of report >

Edited by arthax83, 26 May 2010 - 02:01 PM.


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:24 PM

Posted 26 May 2010 - 02:46 PM

Hi,

please run a scan with gmer next:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 arthax83

arthax83
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 01 June 2010 - 05:14 AM

Hi myrti, sorry for my slow answer, but in this days i tried to format the pc. The result has been: To install again windows it took me 5 hours!!! So I thought that was an Hard Disk problem...i changed it...I made a good installation, I charged the backup files...and I see again some problem!!! My PC is not slow as first, but anyway it seems to not work apropriately...what is your opinion?

p.s.: i tried to run GMER befor formatting my machine, but it gave me some system error...

Edited by arthax83, 01 June 2010 - 05:15 AM.


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:24 PM

Posted 05 June 2010 - 03:08 PM

Hi,

if your PC is slow after a clean install and you did not infect yourself through your backups, I would very much suspect a hardware problem. Hence I would suggest that you post in the hardware forums here to get help from people that are more familiar with hardware issues.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:24 PM

Posted 27 June 2010 - 03:59 AM

Since this topic appears to be resolved, I will now close it.

If you need this topic re-opened please send me a PM.

Everyone else, please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users