Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Operating memory » explorer.exe(1016) - a variant of Win32/Gataka.A trojan - unable to clean


  • This topic is locked This topic is locked
3 replies to this topic

#1 Traianvs

Traianvs

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 08 March 2012 - 10:11 AM

The DDS has not worked, was freezing after 2 minutes. Below is the GMER log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-08 16:02:12
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1200BEVT-60ZCT1 rev.13.01A13
Running: 3mw8udz0.exe; Driver: C:\DOCUME~1\PRINCI~1\IMPOST~1\Temp\ugpdyfow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0x990B64B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwCreateThread [0x990B67F0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0x990B6AB0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0x990B65D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwLoadDriver [0x990B68B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0x990B6350]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0x990B6410]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0x990B6570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwQueueApcThread [0x990B6630]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0x990B6530]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0x990B64F0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0x990B6670]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSystemInformation [0x990B6870]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0x990B63B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0x990B6430]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSystemDebugControl [0x990B6830]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0x990B6370]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0x990B6470]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0x990B65F0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2778 80501FB0 12 Bytes [B0, 63, 0B, 99, 30, 64, 0B, ...] {MOV AL, 0x63; OR EBX, [ECX-0x66f49bd0]; XOR [EAX+0xb], CH; CDQ }
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xA9831000, 0x19DB8C, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\ctfmon.exe[304] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FD1880
.text C:\WINDOWS\system32\ctfmon.exe[304] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FD1710
.text C:\WINDOWS\system32\ctfmon.exe[304] ADVAPI32.dll!CreateProcessAsUserW 77F5A8A9 5 Bytes JMP 00FD1B70
.text C:\WINDOWS\system32\ctfmon.exe[304] ADVAPI32.dll!CreateProcessAsUserA 77F80CE8 5 Bytes JMP 00FD19F0
.text C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe[332] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 017A1880
.text C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe[332] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 017A1710
.text C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe[332] ADVAPI32.dll!CreateProcessAsUserW 77F5A8A9 5 Bytes JMP 017A1B70
.text C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe[332] ADVAPI32.dll!CreateProcessAsUserA 77F80CE8 5 Bytes JMP 017A19F0
.text C:\Programmi\Internet Explorer\iexplore.exe[348] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01321880
.text C:\Programmi\Internet Explorer\iexplore.exe[348] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01321710
.text C:\Programmi\Internet Explorer\iexplore.exe[348] ADVAPI32.dll!CreateProcessAsUserW 77F5A8A9 5 Bytes JMP 01321B70
.text C:\Programmi\Internet Explorer\iexplore.exe[348] ADVAPI32.dll!CreateProcessAsUserA 77F80CE8 5 Bytes JMP 013219F0
.text C:\Programmi\Internet Explorer\iexplore.exe[348] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 402B5505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[348] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 40389AA5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[348] USER32.dll!CallNextHookEx 7E3AB3C6 5 Bytes JMP 4037D119 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[348] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 4038DB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[348] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 402F4686 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[348] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 404853AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[348] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 404852E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[348] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 4048534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[348] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 404851B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[348] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 40485214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[348] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 40485412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[348] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 40485276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[348] ole32.dll!CoCreateInstance 774CF1BC 5 Bytes JMP 4038DB70 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[348] ole32.dll!OleLoadFromStream 774F983B 5 Bytes JMP 40485717 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[348] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 01AF97B0
.text C:\Programmi\Internet Explorer\iexplore.exe[348] WS2_32.dll!connect 71A34A07 5 Bytes JMP 01AF9520
.text C:\Programmi\Internet Explorer\iexplore.exe[348] WS2_32.dll!getpeername 71A40B68 5 Bytes JMP 01AF9740
.text C:\Programmi\McAfee Security Scan\2.0.181\SSScheduler.exe[716] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EF1880
.text C:\Programmi\McAfee Security Scan\2.0.181\SSScheduler.exe[716] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EF1710
.text C:\Programmi\McAfee Security Scan\2.0.181\SSScheduler.exe[716] ADVAPI32.dll!CreateProcessAsUserW 77F5A8A9 5 Bytes JMP 00EF1B70
.text C:\Programmi\McAfee Security Scan\2.0.181\SSScheduler.exe[716] ADVAPI32.dll!CreateProcessAsUserA 77F80CE8 5 Bytes JMP 00EF19F0
.text C:\Programmi\OpenOffice.org 3\program\soffice.exe[804] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01611880
.text C:\Programmi\OpenOffice.org 3\program\soffice.exe[804] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01611710
.text C:\Programmi\OpenOffice.org 3\program\soffice.exe[804] ADVAPI32.dll!CreateProcessAsUserW 77F5A8A9 5 Bytes JMP 01611B70
.text C:\Programmi\OpenOffice.org 3\program\soffice.exe[804] ADVAPI32.dll!CreateProcessAsUserA 77F80CE8 5 Bytes JMP 016119F0
.text C:\Programmi\OpenOffice.org 3\program\soffice.bin[912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 05891880
.text C:\Programmi\OpenOffice.org 3\program\soffice.bin[912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 05891710
.text C:\Programmi\OpenOffice.org 3\program\soffice.bin[912] ADVAPI32.dll!CreateProcessAsUserW 77F5A8A9 5 Bytes JMP 05891B70
.text C:\Programmi\OpenOffice.org 3\program\soffice.bin[912] ADVAPI32.dll!CreateProcessAsUserA 77F80CE8 5 Bytes JMP 058919F0
.text C:\WINDOWS\Explorer.EXE[1016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01F71880
.text C:\WINDOWS\Explorer.EXE[1016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01F71710
.text C:\WINDOWS\Explorer.EXE[1016] ADVAPI32.dll!CreateProcessAsUserW 77F5A8A9 5 Bytes JMP 01F71B70
.text C:\WINDOWS\Explorer.EXE[1016] ADVAPI32.dll!CreateProcessAsUserA 77F80CE8 5 Bytes JMP 01F719F0
.text C:\Programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1700] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01561880
.text C:\Programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1700] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01561710
.text C:\Programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1700] ADVAPI32.dll!CreateProcessAsUserW 77F5A8A9 5 Bytes JMP 01561B70
.text C:\Programmi\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1700] ADVAPI32.dll!CreateProcessAsUserA 77F80CE8 5 Bytes JMP 015619F0
.text C:\WINDOWS\system32\AccelerometerSt.Exe[1712] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EA1880
.text C:\WINDOWS\system32\AccelerometerSt.Exe[1712] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EA1710
.text C:\WINDOWS\system32\AccelerometerSt.Exe[1712] ADVAPI32.dll!CreateProcessAsUserW 77F5A8A9 5 Bytes JMP 00EA1B70
.text C:\WINDOWS\system32\AccelerometerSt.Exe[1712] ADVAPI32.dll!CreateProcessAsUserA 77F80CE8 5 Bytes JMP 00EA19F0
.text C:\Programmi\Analog Devices\Core\smax4pnp.exe[1728] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F91880
.text C:\Programmi\Analog Devices\Core\smax4pnp.exe[1728] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F91710
.text C:\Programmi\Analog Devices\Core\smax4pnp.exe[1728] ADVAPI32.dll!CreateProcessAsUserW 77F5A8A9 5 Bytes JMP 00F91B70
.text C:\Programmi\Analog Devices\Core\smax4pnp.exe[1728] ADVAPI32.dll!CreateProcessAsUserA 77F80CE8 5 Bytes JMP 00F919F0
.text C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[1744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01571880
.text C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[1744] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01571710
.text C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[1744] ADVAPI32.dll!CreateProcessAsUserW 77F5A8A9 5 Bytes JMP 01571B70
.text C:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[1744] ADVAPI32.dll!CreateProcessAsUserA 77F80CE8 5 Bytes JMP 015719F0
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[1768] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01141880
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[1768] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01141710
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[1768] ADVAPI32.dll!CreateProcessAsUserW 77F5A8A9 5 Bytes JMP 01141B70
.text C:\Programmi\Synaptics\SynTP\SynTPEnh.exe[1768] ADVAPI32.dll!CreateProcessAsUserA 77F80CE8 5 Bytes JMP 011419F0
.text C:\Programmi\LogMeIn\x86\LogMeInSystray.exe[1784] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01D11880
.text C:\Programmi\LogMeIn\x86\LogMeInSystray.exe[1784] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01D11710
.text C:\Programmi\LogMeIn\x86\LogMeInSystray.exe[1784] ADVAPI32.dll!CreateProcessAsUserW 77F5A8A9 5 Bytes JMP 01D11B70
.text C:\Programmi\LogMeIn\x86\LogMeInSystray.exe[1784] ADVAPI32.dll!CreateProcessAsUserA 77F80CE8 5 Bytes JMP 01D119F0
.text C:\Programmi\iTunes\iTunesHelper.exe[1816] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02BF1880
.text C:\Programmi\iTunes\iTunesHelper.exe[1816] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02BF1710
.text C:\Programmi\iTunes\iTunesHelper.exe[1816] ADVAPI32.dll!CreateProcessAsUserW 77F5A8A9 5 Bytes JMP 02BF1B70
.text C:\Programmi\iTunes\iTunesHelper.exe[1816] ADVAPI32.dll!CreateProcessAsUserA 77F80CE8 5 Bytes JMP 02BF19F0
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe[1868] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01761880
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe[1868] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01761710
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe[1868] ADVAPI32.dll!CreateProcessAsUserW 77F5A8A9 5 Bytes JMP 01761B70
.text C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe[1868] ADVAPI32.dll!CreateProcessAsUserA 77F80CE8 5 Bytes JMP 017619F0
.text C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe[1900] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 012D1880
.text C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe[1900] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 012D1710
.text C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe[1900] ADVAPI32.dll!CreateProcessAsUserW 77F5A8A9 5 Bytes JMP 012D1B70
.text C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe[1900] ADVAPI32.dll!CreateProcessAsUserA 77F80CE8 5 Bytes JMP 012D19F0
.text C:\Programmi\Messenger\msmsgs.exe[1920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 014B1880
.text C:\Programmi\Messenger\msmsgs.exe[1920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 014B1710
.text C:\Programmi\Messenger\msmsgs.exe[1920] ADVAPI32.dll!CreateProcessAsUserW 77F5A8A9 5 Bytes JMP 014B1B70
.text C:\Programmi\Messenger\msmsgs.exe[1920] ADVAPI32.dll!CreateProcessAsUserA 77F80CE8 5 Bytes JMP 014B19F0
.text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1940] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C51880
.text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1940] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C51710
.text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1940] ADVAPI32.dll!CreateProcessAsUserW 77F5A8A9 5 Bytes JMP 00C51B70
.text C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1940] ADVAPI32.dll!CreateProcessAsUserA 77F80CE8 5 Bytes JMP 00C519F0
.text C:\Programmi\Skype\Phone\Skype.exe[1960] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 05161880
.text C:\Programmi\Skype\Phone\Skype.exe[1960] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 05161710
.text C:\Programmi\Skype\Phone\Skype.exe[1960] ADVAPI32.dll!CreateProcessAsUserW 77F5A8A9 5 Bytes JMP 05161B70
.text C:\Programmi\Skype\Phone\Skype.exe[1960] ADVAPI32.dll!CreateProcessAsUserA 77F80CE8 5 Bytes JMP 051619F0
.text C:\Programmi\Internet Explorer\iexplore.exe[2212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 011C1880
.text C:\Programmi\Internet Explorer\iexplore.exe[2212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 011C1710
.text C:\Programmi\Internet Explorer\iexplore.exe[2212] ADVAPI32.dll!CreateProcessAsUserW 77F5A8A9 5 Bytes JMP 011C1B70
.text C:\Programmi\Internet Explorer\iexplore.exe[2212] ADVAPI32.dll!CreateProcessAsUserA 77F80CE8 5 Bytes JMP 011C19F0
.text C:\Programmi\Internet Explorer\iexplore.exe[2212] USER32.dll!DialogBoxParamW 7E3A47AB 5 Bytes JMP 402B5505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[2212] USER32.dll!CreateWindowExW 7E3AD0A3 5 Bytes JMP 4038DB14 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[2212] USER32.dll!DialogBoxIndirectParamW 7E3B2072 5 Bytes JMP 404853AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[2212] USER32.dll!MessageBoxIndirectA 7E3BA082 5 Bytes JMP 404852E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[2212] USER32.dll!DialogBoxParamA 7E3BB144 5 Bytes JMP 4048534C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[2212] USER32.dll!MessageBoxExW 7E3D0838 5 Bytes JMP 404851B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[2212] USER32.dll!MessageBoxExA 7E3D085C 5 Bytes JMP 40485214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[2212] USER32.dll!DialogBoxIndirectParamA 7E3D6D7D 5 Bytes JMP 40485412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[2212] USER32.dll!MessageBoxIndirectW 7E3E64D5 5 Bytes JMP 40485276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programmi\Internet Explorer\iexplore.exe[2212] WS2_32.dll!closesocket 71A33E2B 5 Bytes JMP 018E97B0
.text C:\Programmi\Internet Explorer\iexplore.exe[2212] WS2_32.dll!connect 71A34A07 5 Bytes JMP 018E9520
.text C:\Programmi\Internet Explorer\iexplore.exe[2212] WS2_32.dll!getpeername 71A40B68 5 Bytes JMP 018E9740
.text C:\Programmi\ESET\ESET Smart Security\ekrn.exe[2592] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\Programmi\Skype\Plugin Manager\skypePM.exe[4000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 034F1880
.text C:\Programmi\Skype\Plugin Manager\skypePM.exe[4000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 034F1710
.text C:\Programmi\Skype\Plugin Manager\skypePM.exe[4000] advapi32.dll!CreateProcessAsUserW 77F5A8A9 5 Bytes JMP 034F1B70
.text C:\Programmi\Skype\Plugin Manager\skypePM.exe[4000] advapi32.dll!CreateProcessAsUserA 77F80CE8 5 Bytes JMP 034F19F0
.text C:\Programmi\Hewlett-Packard\Shared\hpqToaster.exe[5004] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01651880
.text C:\Programmi\Hewlett-Packard\Shared\hpqToaster.exe[5004] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01651710
.text C:\Programmi\Hewlett-Packard\Shared\hpqToaster.exe[5004] ADVAPI32.dll!CreateProcessAsUserW 77F5A8A9 5 Bytes JMP 01651B70
.text C:\Programmi\Hewlett-Packard\Shared\hpqToaster.exe[5004] ADVAPI32.dll!CreateProcessAsUserA 77F80CE8 5 Bytes JMP 016519F0
.text C:\Documents and Settings\principale\Documenti\Downloads\3mw8udz0.exe[5068] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F31880
.text C:\Documents and Settings\principale\Documenti\Downloads\3mw8udz0.exe[5068] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F31710
.text C:\Documents and Settings\principale\Documenti\Downloads\3mw8udz0.exe[5068] ADVAPI32.dll!CreateProcessAsUserW 77F5A8A9 5 Bytes JMP 00F31B70
.text C:\Documents and Settings\principale\Documenti\Downloads\3mw8udz0.exe[5068] ADVAPI32.dll!CreateProcessAsUserA 77F80CE8 5 Bytes JMP 00F319F0
.text C:\WINDOWS\system32\taskmgr.exe[6060] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D91880
.text C:\WINDOWS\system32\taskmgr.exe[6060] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D91710
.text C:\WINDOWS\system32\taskmgr.exe[6060] ADVAPI32.dll!CreateProcessAsUserW 77F5A8A9 5 Bytes JMP 00D91B70
.text C:\WINDOWS\system32\taskmgr.exe[6060] ADVAPI32.dll!CreateProcessAsUserA 77F80CE8 5 Bytes JMP 00D919F0

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.15 ----



Here are the OTL logs:


Extras.txt




OTL Extras logfile created on: 09/03/2012 8.41.59 - Run 1
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Documents and Settings\principale\Documenti\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,75 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 70,36% Memory free
4,59 Gb Paging File | 3,79 Gb Available in Paging File | 82,64% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 111,78 Gb Total Space | 83,22 Gb Free Space | 74,45% Space Free | Partition Type: NTFS
Drive E: | 1,84 Gb Total Space | 1,14 Gb Free Space | 61,79% Space Free | Partition Type: FAT

Computer Name: USER-E9ABD3A1D7 | User Name: principale | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Programmi\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-1202660629-1644491937-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Programmi\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programmi\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Programmi\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programmi\Google\Google Earth\client\googleearth.exe" = C:\Programmi\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programmi\Opera\opera.exe" = C:\Programmi\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programmi\uTorrent\uTorrent.exe" = C:\Programmi\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Programmi\Iminent\IMBooster\IMBooster.exe" = C:\Programmi\Iminent\IMBooster\IMBooster.exe:*:Enabled:IMBooster -- (Iminent)
"C:\Programmi\Iminent\MMServer\Iminent.MMServer.exe" = C:\Programmi\Iminent\MMServer\Iminent.MMServer.exe:*:Enabled:MMServer -- (Iminent)
"C:\Documents and Settings\principale\Desktop\utorrent-3.0.25583.exe" = C:\Documents and Settings\principale\Desktop\utorrent-3.0.25583.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Programmi\File comuni\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programmi\File comuni\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01378950-F60D-5CCD-A756-741F11AC28A3}" = Catalyst Control Center Localization Thai
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{112A080C-7FEE-DF04-0A98-5A46952F4988}" = CCC Help English
"{1479472D-3FF7-450C-BC31-FC4F40405FFD}" = ESET Smart Security
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{18058624-242D-BBD2-A7E7-05DC0FCE99E8}" = CCC Help French
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C77BC2B-8F8B-C6EF-3906-09FAF21A7700}" = Catalyst Control Center Localization Russian
"{1EA82200-BD9C-3312-4FB2-F975D23FBA76}" = ccc-utility
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{276E1803-51FF-C2B4-1AA9-8FB1BA1018A8}" = Catalyst Control Center Localization Czech
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{339DEED7-B03A-79A6-746A-FD434E4E2D70}" = Catalyst Control Center Localization Swedish
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{350C9410-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E42EEB-84E3-66AB-8A5E-BCB0FAB9426B}" = Catalyst Control Center Localization Dutch
"{37964A88-DAA1-488B-AE88-A5B6DDC6E9A6}" = Sony Ericsson Wireless Manager 5
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{3A8C38B6-54E4-0DD0-B0FB-574831671127}" = Catalyst Control Center Graphics Light
"{426C3B1B-61D2-AF3F-1BE8-79937C075AFF}" = CCC Help Polish
"{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite
"{448F39D3-5CF5-2F5C-A135-8C51C94C6B37}" = CCC Help Norwegian
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A276AF9-46BC-3896-EC3A-2F7BB470CAF7}" = CCC Help Finnish
"{4A352AF2-336D-45B6-CD3E-8B6E86879BB2}" = CCC Help Italian
"{4BFA6EEB-AAED-4334-8E98-A907DE4DD5CF}" = AMD Driver Support for HP 3D DriverGuard
"{53F9B21C-34C1-F83E-468E-09EA9A194527}" = Catalyst Control Center Localization Norwegian
"{55CA4086-0D2C-30E3-A7B5-C76BA737CECE}" = Microsoft .NET Framework 3.5 Language Pack SP1 - ita
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C07BDD0-F57C-852E-46DF-3196B699DE5A}" = CCC Help Chinese Standard
"{5D112C61-C8D0-4718-8DD7-B9115EB9AF90}" = LogMeIn
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{66944E9D-C37E-C8F4-0A5E-3204C6D75D86}" = Catalyst Control Center Localization German
"{6911CEE7-4D8B-9D8E-CAFF-4DEB6906AD5E}" = Catalyst Control Center Localization Hungarian
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6D06E9C7-CF20-28A0-3D54-272EE2737867}" = CCC Help Turkish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73156E77-9AD7-A683-82CF-742A39E91D37}" = Skins
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7981D8E3-ACD0-3C16-2D79-0ACE5BEE523D}" = CCC Help Portuguese
"{7B3CBEAC-3EF5-F318-D79C-5ADC12D6F362}" = Catalyst Control Center Graphics Full New
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{822049E9-CFE9-9BF6-508F-59267B5F59D8}" = ccc-core-preinstall
"{831E39CD-3968-4E70-3DEE-F66CFE59AA7A}" = CCC Help Danish
"{842F9881-E181-30B3-A152-008D61433274}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ITA
"{8481CF72-E3C3-8E58-77F1-771F996E722A}" = Catalyst Control Center Localization Polish
"{85F0337D-33AC-43B4-A003-DF35061F1D8D}" = OpenOffice.org 3.0
"{86BA3130-5938-3192-BBCF-6B0A2D86FA58}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - ITA
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
"{8BF17C99-355A-CD4F-B434-AF8884816C56}" = CCC Help Hungarian
"{8D6CDC85-F545-DF9A-AFB4-1396F7D75301}" = CCC Help Swedish
"{8EBE68FC-E9F8-BBC7-52CC-BAAF145D1E31}" = Catalyst Control Center Localization Greek
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8F6E6502-0F6E-ADE3-FB36-C97220308ABF}" = Catalyst Control Center Localization Spanish
"{915CECD9-6DF0-4107-72DA-FF86957F4187}" = Catalyst Control Center Core Implementation
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9616E67E-B9D4-9069-AE1C-8BF09C69BE5F}" = CCC Help Russian
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A154D6D-13D6-4CA1-BB3A-E792C18DACBF}" = SCR3xxx Smart Card Reader
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9E0136C7-1D9F-E793-1AD9-BE99B5E0A69B}" = Catalyst Control Center Localization Turkish
"{A0A76C15-3BF4-0F9D-93A5-4C287AD75EBE}" = Catalyst Control Center Localization Finnish
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA6DC0E7-B8A1-6CDA-7369-86ED00E93739}" = Catalyst Control Center Localization Italian
"{AC76BA86-7AD7-1040-7B44-A94000000001}" = Adobe Reader 9.4.6 - Italiano
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AF2D5B54-36DE-471E-B9C8-58E4B2B951C6}" = Iminent
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{B9DFF68B-831A-FD06-2099-4A7041FCB55F}" = Catalyst Control Center Localization Chinese Standard
"{BAE5E379-AC64-0D09-6295-EA45B4A26069}" = CCC Help Korean
"{BE263A6B-A71B-642E-9CD3-711D7283DA23}" = Catalyst Control Center Localization Portuguese
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C349C10C-1474-4000-9073-9299856C8A70}" = Catalyst Control Center - Branding
"{CD68E5C1-39DD-9D43-C789-548671A2944C}" = CCC Help Chinese Traditional
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF2ED54C-B246-CB92-0D6E-3A1EF72AF65A}" = Catalyst Control Center Localization French
"{CFBD250D-6D35-A09A-A38E-7D8A30742160}" = Catalyst Control Center Graphics Full Existing
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3E93FE6-59AC-5583-FA56-CAE69465FC58}" = Catalyst Control Center Localization Danish
"{DA859954-14AC-A262-69F8-9CB4B3AD16B5}" = CCC Help German
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E4899684-465D-0D18-0523-0B4BAB9196A2}" = CCC Help Spanish
"{E4EF3303-7E22-44E5-82EB-48589B06A549}" = HP 3D DriveGuard
"{E51EB395-646F-ABE0-1BD5-0C3DB568D1BC}" = CCC Help Japanese
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{E89DE689-A678-CE28-8B4E-D8086F80B6CE}" = CCC Help Greek
"{EB4528AD-E9CA-831E-3A94-C66B794B5E1A}" = CCC Help Thai
"{EEC248D2-C838-2503-0C03-05BDFF920ADA}" = Catalyst Control Center Localization Japanese
"{EF4E0DA6-02E0-47BF-9BB6-DC0E83CC6F4C}" = Sony Ericsson MD300 Wireless Modem
"{F0803639-33A5-8772-AB08-67676B6B330B}" = ccc-core-static
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F4105AFC-B69D-575F-44E6-CAB6E86DA0AA}" = CCC Help Dutch
"{F6FAEA51-3ED4-4BAB-E815-F015476D7FA6}" = Catalyst Control Center Localization Korean
"{FACC20DD-DD0B-B913-9A8F-3FCBC16B4EFF}" = CCC Help Czech
"{FC976AA0-B59F-3FF6-BCC7-0EB40E806FC9}" = Catalyst Control Center Localization Chinese Traditional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Scheda LAN wireless Broadcom 802.11
"Danea Easyfatt 2009" = Danea Easyfatt 2009 (dimostrativo)
"EPSON Scanner" = EPSON Scan
"EPSON Stylus S20 Series" = Disinstalla EPSON Stylus S20 Series Printer
"EPSON Stylus S20_T10_T20 Guida utente" = EPSON Stylus S20_T10_T20 Manuale
"EPSON Stylus SX100_TX100 Guida utente" = EPSON Stylus SX100_TX100 Manuale
"EPSON SX100 Series" = EPSON SX100 Series Printer Uninstall
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"ie8" = Windows Internet Explorer 8
"IMBoosterARP" = Iminent
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versione 1.60.1.1000
"Marvell Miniport Driver" = Marvell Miniport Driver
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - ita" = Microsoft .NET Framework 3.5 - Language Pack SP1 (italiano)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Opera 11.60.1185" = Opera 11.60
"PDF Complete" = PDF Complete
"PokerStars.it" = PokerStars.it
"Registry Mechanic_is1" = Registry Mechanic 10.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"System Tweaker_is1" = Uniblue System Tweaker
"TomTom HOME" = TomTom HOME 2.8.2.2264
"uTorrent" = µTorrent
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/03/2012 3.17.37 | Computer Name = USER-E9ABD3A1D7 | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
servizio Server non verranno restituiti. Il codice di errore restituito si trova
nella DWORD 0 dei dati.

Error - 07/03/2012 11.17.26 | Computer Name = USER-E9ABD3A1D7 | Source = Application Hang | ID = 1002
Description = Applicazione in stallo iexplore.exe, versione 8.0.6001.18702, modulo
in stallo hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

Error - 07/03/2012 11.17.39 | Computer Name = USER-E9ABD3A1D7 | Source = Application Hang | ID = 1001
Description = Bucket 1180947459 errato.

Error - 08/03/2012 3.46.20 | Computer Name = USER-E9ABD3A1D7 | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
servizio Server non verranno restituiti. Il codice di errore restituito si trova
nella DWORD 0 dei dati.

Error - 08/03/2012 8.36.31 | Computer Name = USER-E9ABD3A1D7 | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
servizio Server non verranno restituiti. Il codice di errore restituito si trova
nella DWORD 0 dei dati.

Error - 08/03/2012 9.12.22 | Computer Name = USER-E9ABD3A1D7 | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
servizio Server non verranno restituiti. Il codice di errore restituito si trova
nella DWORD 0 dei dati.

Error - 08/03/2012 9.16.32 | Computer Name = USER-E9ABD3A1D7 | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
servizio Server non verranno restituiti. Il codice di errore restituito si trova
nella DWORD 0 dei dati.

Error - 09/03/2012 3.21.36 | Computer Name = USER-E9ABD3A1D7 | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
servizio Server non verranno restituiti. Il codice di errore restituito si trova
nella DWORD 0 dei dati.

Error - 09/03/2012 3.21.43 | Computer Name = USER-E9ABD3A1D7 | Source = PerfNet | ID = 2004
Description = Impossibile aprire il servizio Server. I dati sulle prestazioni del
servizio Server non verranno restituiti. Il codice di errore restituito si trova
nella DWORD 0 dei dati.

Error - 09/03/2012 3.41.14 | Computer Name = USER-E9ABD3A1D7 | Source = Application Hang | ID = 1002
Description = Applicazione in stallo OTL.exe, versione 3.2.35.1, modulo in stallo
hungapp, versione 0.0.0.0, indirizzo stallo 0x00000000.

[ System Events ]
Error - 06/03/2012 5.28.43 | Computer Name = USER-E9ABD3A1D7 | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio EventSystem con gli argomenti "" per eseguire il server {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 06/03/2012 5.29.56 | Computer Name = USER-E9ABD3A1D7 | Source = Service Control Manager | ID = 7026
Description = All'avvio non č stato possibile caricare i seguenti driver: AmdPPM
ehdrv
Fips

Error - 06/03/2012 5.45.29 | Computer Name = USER-E9ABD3A1D7 | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio StiSvc con gli argomenti "" per eseguire il server {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 06/03/2012 5.45.33 | Computer Name = USER-E9ABD3A1D7 | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio StiSvc con gli argomenti "" per eseguire il server {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 06/03/2012 5.50.54 | Computer Name = USER-E9ABD3A1D7 | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio EventSystem con gli argomenti "" per eseguire il server {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 06/03/2012 5.52.08 | Computer Name = USER-E9ABD3A1D7 | Source = Service Control Manager | ID = 7026
Description = All'avvio non č stato possibile caricare i seguenti driver: AmdPPM
ehdrv
Fips

Error - 06/03/2012 5.59.13 | Computer Name = USER-E9ABD3A1D7 | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio StiSvc con gli argomenti "" per eseguire il server {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 06/03/2012 5.59.49 | Computer Name = USER-E9ABD3A1D7 | Source = DCOM | ID = 10005
Description = DCOM ha ricevuto l'errore "%1084" durante il tentativo di avviare
il servizio EventSystem con gli argomenti "" per eseguire il server {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 06/03/2012 6.03.42 | Computer Name = USER-E9ABD3A1D7 | Source = sr | ID = 1
Description = Errore imprevisto '0xC0000001' durante l'elaborazione del file ''
sul volume 'HarddiskVolume1'. Il monitoraggio del volume č stato interrotto.

Error - 06/03/2012 9.00.27 | Computer Name = USER-E9ABD3A1D7 | Source = Service Control Manager | ID = 7034
Description = Interruzione imprevista del servizio Ati HotKey Poller. Questo evento
si č gią verificato 1 volta(e).


< End of report >



OTL.txt





OTL logfile created on: 09/03/2012 8.41.59 - Run 1
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Documents and Settings\principale\Documenti\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy

2,75 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 70,36% Memory free
4,59 Gb Paging File | 3,79 Gb Available in Paging File | 82,64% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi
Drive C: | 111,78 Gb Total Space | 83,22 Gb Free Space | 74,45% Space Free | Partition Type: NTFS
Drive E: | 1,84 Gb Total Space | 1,14 Gb Free Space | 61,79% Space Free | Partition Type: FAT

Computer Name: USER-E9ABD3A1D7 | User Name: principale | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\principale\Documenti\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programmi\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programmi\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Programmi\ESET\ESET Smart Security\egui.exe (ESET)
PRC - C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Programmi\Iminent\IMBooster\IMBooster.exe (Iminent)
PRC - C:\Programmi\File comuni\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Programmi\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Programmi\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Programmi\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Programmi\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programmi\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programmi\LSI SoftModem\agrsmsvc.exe (Agere Systems)
PRC - C:\Programmi\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Programmi\File comuni\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Modules (No Company Name) ==========

MOD - C:\Programmi\Google\Chrome\Application\17.0.963.66\ppgooglenaclpluginchrome.dll ()
MOD - C:\Programmi\Google\Chrome\Application\17.0.963.66\pdf.dll ()
MOD - C:\Programmi\Google\Chrome\Application\17.0.963.66\avutil-51.dll ()
MOD - C:\Programmi\Google\Chrome\Application\17.0.963.66\avformat-53.dll ()
MOD - C:\Programmi\Google\Chrome\Application\17.0.963.66\avcodec-53.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\Programmi\File comuni\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programmi\File comuni\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\Programmi\Iminent\IMBooster\it\Iminent.Booster.UI.resources.dll ()
MOD - C:\Programmi\Iminent\IMBooster\Iminent.Windows.dll ()
MOD - C:\Programmi\Iminent\IMBooster\Iminent.Workflow.dll ()
MOD - C:\Programmi\Iminent\IMBooster\Iminent.Services.dll ()
MOD - C:\Programmi\Iminent\IMBooster\Iminent.Business.TinyUrl.dll ()
MOD - C:\Programmi\Iminent\IMBooster\Iminent.Booster.UI.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_it_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_it_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3175.37418__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3175.37382__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3175.37429__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3175.37593__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3175.37554__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3175.37411__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3175.37510__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3175.37399__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3175.37632__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3175.37563__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3175.37638__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3175.37424__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3175.37568__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3175.37394__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3175.37562__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3175.37423__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3175.37515__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3175.37439__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3175.37401__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3175.37580__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3175.37434__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3175.37533__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3175.37514__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3175.37443__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3175.37531__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3175.37546__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3175.37512__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3175.37444__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3175.37511__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3175.37513__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3175.37545__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3175.37366__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3175.37358__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3175.37367__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3175.37628__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3175.37381__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3175.37368__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3175.37357__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3175.37362__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3175.37561__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3175.37630__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3175.37619__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3175.37361__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3175.37360__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3175.37422__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3175.37355__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3175.37410__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3175.37393__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3175.37358__90ba9c70f846762e\NEWAEM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3175.37360__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3175.37378__90ba9c70f846762e\DEM.OS.I0602.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3175.37380__90ba9c70f846762e\DEM.Graphics.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3175.37363__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3175.37365__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3175.37379__90ba9c70f846762e\DEM.OS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3175.37593__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3175.37513__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3175.37511__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3175.37416__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3175.37553__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3175.37397__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3175.37398__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3175.37398__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3175.37415__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3175.37531__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3175.37380__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3175.37359__90ba9c70f846762e\APM.Foundation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3175.37369__90ba9c70f846762e\AEM.Server.Shared.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory.resources\2.0.3175.37374_it_90ba9c70f846762e\CLI.Component.SkinFactory.resources.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3175.37620__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3175.37615__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3175.37655__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3175.37364__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3175.37362__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()
MOD - C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3175.37668__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3175.37369__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3175.37373__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3175.37389__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3175.37406__90ba9c70f846762e\CLI.Component.Wizard.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3175.37374__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3175.37372__90ba9c70f846762e\CLI.Component.Runtime.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3175.37367__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3175.37365__90ba9c70f846762e\CLI.Foundation.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3175.37386__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3175.37405__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3175.37386__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3175.37423__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3175.37378__90ba9c70f846762e\ATIDEMOS.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3175.37371__90ba9c70f846762e\APM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3175.37370__90ba9c70f846762e\AEM.Server.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3175.37618__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Programmi\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Programmi\File comuni\LightScribe\QtGui4.dll ()
MOD - C:\Programmi\File comuni\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Programmi\File comuni\LightScribe\QtCore4.dll ()


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Programmi\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Apple Mobile Device) -- C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ekrn) -- C:\Programmi\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (TomTomHOMEService) -- C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (PCToolsSSDMonitorSvc) -- C:\Programmi\File comuni\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (LMIMaint) -- C:\Programmi\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Programmi\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (LogMeIn) -- C:\Programmi\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (McComponentHostService) -- C:\Programmi\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (AgereModemAudio) -- C:\Programmi\LSI SoftModem\agrsmsvc.exe (Agere Systems)
SRV - (pdfcDispatcher) -- C:\Programmi\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (LightScribeService) -- C:\Programmi\File comuni\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (IviRegMgr) -- C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Epfwndis) -- C:\WINDOWS\system32\drivers\epfwndis.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (epfw) -- C:\WINDOWS\system32\drivers\epfw.sys (ESET)
DRV - (epfwtdi) -- C:\WINDOWS\system32\drivers\epfwtdi.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Programmi\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys ()
DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (KMWDFILTER) -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (hpdskflt) -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (Accelerometer) -- C:\WINDOWS\system32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (SFAUDIO) -- C:\WINDOWS\system32\drivers\sfaudio.sys (Sonic Focus, Inc)
DRV - (Amddfltr) -- C:\WINDOWS\system32\DRIVERS\Amddfltr.sys (Advanced Micro Devices)
DRV - (SEMCReserved) -- C:\WINDOWS\system32\drivers\semcreserved.sys ()
DRV - (sembwwan) Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM) -- C:\WINDOWS\system32\drivers\sembwwan.sys (MCCI Corporation)
DRV - (sembunic) Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM) -- C:\WINDOWS\system32\drivers\sembunic.sys (MCCI Corporation)
DRV - (sembnd5) Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS) -- C:\WINDOWS\system32\drivers\sembnd5.sys (MCCI Corporation)
DRV - (sembmgmt) Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\sembmgmt.sys (MCCI Corporation)
DRV - (sembmdm2) -- C:\WINDOWS\system32\drivers\sembmdm2.sys (MCCI Corporation)
DRV - (sembmdfl2) -- C:\WINDOWS\system32\drivers\sembmdfl2.sys (MCCI Corporation)
DRV - (sembcard) Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM) -- C:\WINDOWS\system32\drivers\sembcard.sys (MCCI Corporation)
DRV - (sembbus) SEMC WMC Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sembbus.sys (MCCI Corporation)
DRV - (Sony_EricssonWWSC) -- C:\WINDOWS\system32\drivers\sesc.sys (Sony Ericsson)
DRV - (HpqKbFiltr) -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1202660629-1644491937-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.iminent.com/?appId=746418bb-c03d-4a9c-a284-5d2a1d7c6b66&ref=homepage
IE - HKU\S-1-5-21-1202660629-1644491937-682003330-1003\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKU\S-1-5-21-1202660629-1644491937-682003330-1003\..\SearchScopes,DefaultScope = {9BED96B8-2047-4972-A3C5-93D0D42FA629}
IE - HKU\S-1-5-21-1202660629-1644491937-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1202660629-1644491937-682003330-1003\..\SearchScopes\{9BED96B8-2047-4972-A3C5-93D0D42FA629}: "URL" = http://www.google.it/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADBF_itIT330
IE - HKU\S-1-5-21-1202660629-1644491937-682003330-1003\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
IE - HKU\S-1-5-21-1202660629-1644491937-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1202660629-1644491937-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7.1
FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programmi\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programmi\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programmi\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programmi\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programmi\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Programmi\ESET\ESET Smart Security\Mozilla Thunderbird [2012/01/26 12.05.20 | 000,000,000 | ---D | M]

[2011/08/27 17.33.12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\principale\Dati applicazioni\Mozilla\Extensions
[2011/08/27 17.33.12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\principale\Dati applicazioni\Mozilla\Extensions\home2@tomtom.com
[2011/08/27 17.35.45 | 000,000,000 | ---D | M] (Map status indicator) -- C:\PROGRAMMI\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programmi\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programmi\Google\Chrome\Application\17.0.963.66\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programmi\Google\Chrome\Application\17.0.963.66\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programmi\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Programmi\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U21 (Enabled) = C:\Programmi\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmi\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programmi\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programmi\Windows Media Player\npdsplay.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Programmi\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Programmi\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Programmi\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Programmi\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\principale\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Ricerca Google = C:\Documents and Settings\principale\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Documents and Settings\principale\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2007/10/29 13.00.00 | 000,000,768 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Programmi\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Programmi\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programmi\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Programmi\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-1202660629-1644491937-682003330-1003\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Programmi\IMinent Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-1202660629-1644491937-682003330-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Programmi\File comuni\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Programmi\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [egui] C:\Programmi\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [IMBooster] C:\Programmi\Iminent\IMBooster\imbooster.exe (Iminent)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Programmi\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Programmi\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] c:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Programmi\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKU\S-1-5-21-1202660629-1644491937-682003330-1003..\Run: [] File not found
O4 - HKU\S-1-5-21-1202660629-1644491937-682003330-1003..\Run: [EPSON Stylus S20 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEAE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1202660629-1644491937-682003330-1003..\Run: [EPSON SX100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-1202660629-1644491937-682003330-1003..\Run: [LightScribe Control Panel] C:\Programmi\File comuni\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-1202660629-1644491937-682003330-1003..\Run: [TomTomHOME.exe] C:\Programmi\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-1202660629-1644491937-682003330-1003..\Run: [UpgradeHelper] C:\Documents and Settings\principale\Dati applicazioni\Mozilla\{9AE46B78-EAB5-44A5-BCF8-14AC562EE26E}\UpgradeHelper.exe (WestByte)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\DVD Check.lnk = C:\Programmi\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\McAfee Security Scan Plus.lnk = C:\Programmi\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\principale\Menu Avvio\Programmi\Esecuzione automatica\OpenOffice.org 3.0.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-1644491937-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1202660629-1644491937-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programmi\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243507846187 (WUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} http://hotelatlantestar-rome.remotemanager.co.uk/common/activex/MJPEGRender.ocx (MJPEGRender Control)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{119CDDDD-C137-45D5-84FF-0BA6D5E695B6}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{49DB2903-91D8-4375-AF30-28FFB678368A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programmi\File comuni\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\principale\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\principale\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/27 17.25.19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/06 17.33.39 | 000,000,000 | ---D | C] -- C:\Programmi\Trend Micro
[2012/03/06 17.33.39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\principale\Menu Avvio\Programmi\HiJackThis
[2012/03/06 15.37.34 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/06 14.22.07 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/03/06 14.17.57 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/03/06 13.15.59 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/06 13.03.20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/06 13.03.20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/06 13.03.20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/06 13.03.20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/06 13.03.12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/06 13.03.05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/06 13.02.59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\principale\Menu Avvio\Programmi\Strumenti di amministrazione
[2012/03/06 12.40.51 | 004,427,148 | R--- | C] (Swearware) -- C:\Documents and Settings\principale\Desktop\ComboFix.exe
[2012/03/06 12.21.11 | 000,389,024 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\principale\Desktop\unhide.exe
[2012/03/06 12.19.27 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\principale\Desktop\OTL.exe
[2012/03/06 10.54.28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\principale\Dati applicazioni\Malwarebytes
[2012/03/06 10.46.42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\Malwarebytes' Anti-Malware
[2012/03/06 10.46.39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
[2012/03/06 10.46.35 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/06 10.46.35 | 000,000,000 | ---D | C] -- C:\Programmi\Malwarebytes' Anti-Malware
[2012/03/06 10.32.32 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\Wise Installation Wizard
[2012/03/06 10.32.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\principale\Dati applicazioni\SpeedyPC Software
[2012/03/06 10.32.31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\principale\Dati applicazioni\DriverCure
[2012/03/06 10.32.24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\principale\Menu Avvio\Programmi\SpeedyPC Software
[2012/03/06 10.32.21 | 000,000,000 | ---D | C] -- C:\Programmi\File comuni\SpeedyPC Software
[2012/03/06 10.32.19 | 000,000,000 | ---D | C] -- C:\Programmi\SpeedyPC Software
[2012/03/06 10.32.19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dati applicazioni\SpeedyPC Software
[2012/03/05 10.49.52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\principale\Dati applicazioni\Help
[2012/03/05 10.45.43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\principale\Dati applicazioni\TeamViewer
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/09 08.29.01 | 000,000,438 | ---- | M] () -- C:\WINDOWS\tasks\RMSmartUpdate.job
[2012/03/09 08.22.16 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/09 08.21.37 | 000,001,126 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/09 08.21.16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/09 08.21.10 | 2949,500,928 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/08 19.01.15 | 000,000,256 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job
[2012/03/08 18.55.24 | 000,001,130 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/08 13.56.26 | 000,001,046 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/03/08 09.06.32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\principale\defogger_reenable
[2012/03/07 16.18.35 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\principale\Desktop\0090344-1463.zip
[2012/03/06 17.33.39 | 000,001,988 | ---- | M] () -- C:\Documents and Settings\principale\Desktop\HiJackThis.lnk
[2012/03/06 13.16.04 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/03/06 12.41.16 | 004,427,148 | R--- | M] (Swearware) -- C:\Documents and Settings\principale\Desktop\ComboFix.exe
[2012/03/06 12.21.11 | 000,389,024 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\principale\Desktop\unhide.exe
[2012/03/06 12.19.30 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\principale\Desktop\OTL.exe
[2012/03/06 11.03.44 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3.job
[2012/03/06 11.03.44 | 000,000,390 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Pro.job
[2012/03/06 10.32.46 | 000,000,410 | ---- | M] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2012/03/06 10.32.24 | 000,000,918 | ---- | M] () -- C:\Documents and Settings\principale\Desktop\SpeedyPC Pro.lnk
[2012/03/02 16.22.01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/02 11.35.59 | 000,015,986 | ---- | M] () -- C:\Documents and Settings\principale\Documenti\SOCIETA.ods
[2012/03/02 11.35.53 | 000,010,200 | ---- | M] () -- C:\Documents and Settings\principale\Documenti\DIETRO.ods
[2012/02/17 08.41.09 | 000,123,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/16 19.39.50 | 000,479,866 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat
[2012/02/16 19.39.50 | 000,433,138 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/16 19.39.50 | 000,080,160 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat
[2012/02/16 19.39.50 | 000,068,094 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/16 19.35.15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/14 15.07.52 | 000,114,321 | ---- | M] () -- C:\Documents and Settings\principale\Desktop\NGGS_voucher_ROBERTO_MUSSAPI.pdf
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/08 09.06.32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\principale\defogger_reenable
[2012/03/07 16.18.26 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\principale\Desktop\0090344-1463.zip
[2012/03/06 17.33.39 | 000,001,988 | ---- | C] () -- C:\Documents and Settings\principale\Desktop\HiJackThis.lnk
[2012/03/06 13.16.04 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/03/06 13.16.01 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2012/03/06 13.03.20 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/06 13.03.20 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/06 13.03.20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/06 13.03.20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/06 13.03.20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/06 11.03.34 | 2949,500,928 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/06 10.32.46 | 000,000,410 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Registration3.job
[2012/03/06 10.32.24 | 000,000,918 | ---- | C] () -- C:\Documents and Settings\principale\Desktop\SpeedyPC Pro.lnk
[2012/03/06 10.32.24 | 000,000,430 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Update Version3.job
[2012/03/06 10.32.23 | 000,000,390 | ---- | C] () -- C:\WINDOWS\tasks\SpeedyPC Pro.job
[2012/02/16 08.38.13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 08.38.13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/02/14 15.07.52 | 000,114,321 | ---- | C] () -- C:\Documents and Settings\principale\Desktop\NGGS_voucher_ROBERTO_MUSSAPI.pdf
[2011/09/13 16.29.43 | 000,037,336 | ---- | C] () -- C:\WINDOWS\System32\CleanMFT32.exe

========== LOP Check ==========

[2010/01/28 11.06.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\EPSON
[2012/01/26 12.05.14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\ESET
[2011/09/13 16.27.00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Iminent
[2010/11/18 14.21.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\LogMeIn
[2012/03/07 09.28.51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\PDFC
[2012/03/06 10.32.21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\SpeedyPC Software
[2012/03/09 08.29.01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\TEMP
[2011/08/27 17.33.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\TomTom
[2010/01/28 11.12.51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\UDL
[2009/06/24 15.41.00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\WinZip
[2011/12/30 19.06.02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/21 15.06.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\principale\Dati applicazioni\Danea
[2012/03/06 10.32.31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\principale\Dati applicazioni\DriverCure
[2010/01/28 15.02.50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\principale\Dati applicazioni\EPSON
[2011/09/26 17.17.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\principale\Dati applicazioni\ESET
[2009/06/06 12.30.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\principale\Dati applicazioni\InterVideo
[2009/05/28 14.19.02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\principale\Dati applicazioni\OpenOffice.org
[2011/02/02 18.57.53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\principale\Dati applicazioni\Opera
[2011/09/13 16.50.25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\principale\Dati applicazioni\Registry Mechanic
[2012/03/06 10.32.31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\principale\Dati applicazioni\SpeedyPC Software
[2009/11/07 15.27.55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\principale\Dati applicazioni\System Tweaker
[2012/03/05 10.45.43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\principale\Dati applicazioni\TeamViewer
[2011/08/27 17.33.07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\principale\Dati applicazioni\TomTom
[2011/09/13 16.25.33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\principale\Dati applicazioni\Toolbar4
[2009/11/07 15.18.12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\principale\Dati applicazioni\Uniblue
[2012/03/06 10.59.47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\principale\Dati applicazioni\uTorrent
[2012/03/08 19.01.15 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job
[2012/03/09 08.29.01 | 000,000,438 | ---- | M] () -- C:\WINDOWS\Tasks\RMSmartUpdate.job
[2012/03/06 11.03.44 | 000,000,390 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedyPC Pro.job
[2012/03/06 10.32.46 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedyPC Registration3.job
[2012/03/06 11.03.44 | 000,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedyPC Update Version3.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 174 bytes -> C:\Documents and Settings\All Users\Dati applicazioni\TEMP:D1B5B4F1

< End of report >



Thanks

Edited by Traianvs, 09 March 2012 - 02:58 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 12 March 2012 - 11:38 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 16 March 2012 - 01:54 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:45 PM

Posted 19 March 2012 - 09:53 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users