okay...so here are the logs:
TDSSKILLER:
19:12:12:785 2760 TDSS rootkit removing tool 2.2.7.1 Feb 27 2010 13:29:25
19:12:12:785 2760 ================================================================================
19:12:12:785 2760 SystemInfo:
19:12:12:785 2760 OS Version: 6.0.6002 ServicePack: 2.0
19:12:12:785 2760 Product type: Workstation
19:12:12:785 2760 ComputerName: LUCA-PC
19:12:12:800 2760 UserName: Luca
19:12:12:800 2760 Windows directory: C:\Windows
19:12:12:800 2760 Processor architecture: Intel x86
19:12:12:800 2760 Number of processors: 2
19:12:12:800 2760 Page size: 0x1000
19:12:12:800 2760 Boot type: Normal boot
19:12:12:800 2760 ================================================================================
19:12:12:816 2760 UnloadDriverW: NtUnloadDriver error 2
19:12:12:816 2760 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
19:12:12:972 2760 Initialize success
19:12:12:972 2760
19:12:12:972 2760 Scanning Services ...
19:12:12:972 2760 wfopen_ex: Trying to open file C:\Windows\system32\config\system
19:12:13:050 2760 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
19:12:13:050 2760 wfopen_ex: Trying to KLMD file open
19:12:13:050 2760 wfopen_ex: File opened ok (Flags 2)
19:12:13:066 2760 wfopen_ex: Trying to open file C:\Windows\system32\config\software
19:12:13:066 2760 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
19:12:13:066 2760 wfopen_ex: Trying to KLMD file open
19:12:13:066 2760 wfopen_ex: File opened ok (Flags 2)
19:12:13:877 2760 GetAdvancedServicesInfo: Raw services enum returned 486 services
19:12:13:877 2760 fclose_ex: Trying to close file C:\Windows\system32\config\system
19:12:13:877 2760 fclose_ex: Trying to close file C:\Windows\system32\config\software
19:12:13:877 2760
19:12:13:908 2760 Scanning Kernel memory ...
19:12:13:908 2760 Devices to scan: 1
19:12:13:908 2760
19:12:13:908 2760 Driver Name: atapi
19:12:13:908 2760 IRP_MJ_CREATE : 8602A81A
19:12:13:908 2760 IRP_MJ_CREATE_NAMED_PIPE : 8602A81A
19:12:13:908 2760 IRP_MJ_CLOSE : 8602A81A
19:12:13:908 2760 IRP_MJ_READ : 8602A81A
19:12:13:908 2760 IRP_MJ_WRITE : 8602A81A
19:12:13:908 2760 IRP_MJ_QUERY_INFORMATION : 8602A81A
19:12:13:908 2760 IRP_MJ_SET_INFORMATION : 8602A81A
19:12:13:908 2760 IRP_MJ_QUERY_EA : 8602A81A
19:12:13:908 2760 IRP_MJ_SET_EA : 8602A81A
19:12:13:908 2760 IRP_MJ_FLUSH_BUFFERS : 8602A81A
19:12:13:908 2760 IRP_MJ_QUERY_VOLUME_INFORMATION : 8602A81A
19:12:13:908 2760 IRP_MJ_SET_VOLUME_INFORMATION : 8602A81A
19:12:13:908 2760 IRP_MJ_DIRECTORY_CONTROL : 8602A81A
19:12:13:908 2760 IRP_MJ_FILE_SYSTEM_CONTROL : 8602A81A
19:12:13:908 2760 IRP_MJ_DEVICE_CONTROL : 8602A81A
19:12:13:908 2760 IRP_MJ_INTERNAL_DEVICE_CONTROL : 8602A81A
19:12:13:908 2760 IRP_MJ_SHUTDOWN : 8602A81A
19:12:13:908 2760 IRP_MJ_LOCK_CONTROL : 8602A81A
19:12:13:908 2760 IRP_MJ_CLEANUP : 8602A81A
19:12:13:908 2760 IRP_MJ_CREATE_MAILSLOT : 8602A81A
19:12:13:908 2760 IRP_MJ_QUERY_SECURITY : 8602A81A
19:12:13:908 2760 IRP_MJ_SET_SECURITY : 8602A81A
19:12:13:908 2760 IRP_MJ_POWER : 8602A81A
19:12:13:908 2760 IRP_MJ_SYSTEM_CONTROL : 8602A81A
19:12:13:908 2760 IRP_MJ_DEVICE_CHANGE : 8602A81A
19:12:13:908 2760 IRP_MJ_QUERY_QUOTA : 8602A81A
19:12:13:908 2760 IRP_MJ_SET_QUOTA : 8602A81A
19:12:13:908 2760 ihd: 4, FFDF0308, 333, 121, 3, 109, 1
19:12:13:908 2760 Driver "atapi" Irp handler infected by TDSS rootkit ... 19:12:13:908 2760 cured
19:12:13:908 2760 siohd: 1
19:12:13:908 2760 Driver "atapi" StartIo handler infected by TDSS rootkit ... 19:12:13:908 2760 cured
19:12:13:939 2760 C:\Windows\system32\drivers\atapi.sys - Verdict: Infected
19:12:13:939 2760 File C:\Windows\system32\drivers\atapi.sys infected by TDSS rootkit ... 19:12:13:939 2760 Processing driver file: C:\Windows\system32\drivers\atapi.sys
19:12:16:076 2760 vfvi6
19:12:16:264 2760 dsvbh1
19:12:18:245 2760 fdfb1
19:12:18:245 2760 Backup copy found, using it..
19:12:18:354 2760 will be cured on next reboot
19:12:18:370 2760 Reboot required for cure complete..
19:12:18:385 2760 Cure on reboot scheduled successfully
19:12:18:385 2760
19:12:18:385 2760 Completed
19:12:18:385 2760
19:12:18:385 2760 Results:
19:12:18:385 2760 Memory objects infected / cured / cured on reboot: 2 / 2 / 0
19:12:18:385 2760 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
19:12:18:385 2760 File objects infected / cured / cured on reboot: 1 / 0 / 1
19:12:18:385 2760
19:12:18:385 2760 UnloadDriverW: NtUnloadDriver error 1
19:12:18:385 2760 KLMD_Unload: UnloadDriverW(klmd21) error 1
19:12:18:385 2760 KLMD(ARK) unloaded successfully
OTL:
OTL logfile created on: 04/03/2010 19:37:06 - Run 1
OTL by OldTimer - Version 3.1.33.0 Folder = C:\Users\Luca\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000809 | Country: Marea Britanie | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.15 Gb Total Space | 80.62 Gb Free Space | 35.81% Space Free | Partition Type: NTFS
Drive D: | 7.74 Gb Total Space | 1.53 Gb Free Space | 19.82% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LUCA-PC
Current User Name: Luca
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Users\Luca\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe ()
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\SMINST\BLService.exe ()
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Stardock\Object Desktop\WindowBlinds\vistasrv.exe (Stardock Corporation)
PRC - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBVista.exe ()
PRC - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe ()
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
========== Modules (SafeList) ========== MOD - C:\Users\Luca\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (mi-raysat_3dsmax2010_32) -- C:\Program Files\Autodesk\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe ()
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe ()
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WindowBlinds) -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\vistasrv.exe (Stardock Corporation)
SRV - (mi-raysat_3dsMax2009_32) -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe ()
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (usnjsvc) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (ISPwdSvc) -- C:\Program Files\Norton Internet Security\isPwdSvc.exe (Symantec Corporation)
SRV - (comHost) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (SymAppCore) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe (Symantec Corporation)
========== Driver Services (SafeList) ========== DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100304.005\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100304.005\NAVENG.SYS (Symantec Corporation)
DRV - (IDSvix86) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20100128.002\IDSvix86.sys (Symantec Corporation)
DRV - (nmwcdnsu) -- C:\Windows\System32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\Windows\System32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\Drivers\SYMNDISV.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\Windows\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\Windows\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (SRTSPL) -- C:\Windows\System32\drivers\srtspl.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\srtspx.sys (Symantec Corporation)
DRV - (audiobridge) -- C:\Windows\System32\drivers\aubridge.sys (SoundGenetics)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Firefox\Extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Video Downloader\Plugin_FireFox [2009/08/24 18:53:05 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2009/09/04 10:31:23 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll (Symantec Corporation)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Tweak UI] C:\Windows\System32\tweakui.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345}
https://www-secure.symantec.com/techsup ... gctlcm.cab (Symantec Configuration Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5}
http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\Windows\system32\yahooui.exe) - C:\Windows\System32\yahooui.exe File not found
O20 - Winlogon\Notify\WBSrv: DllName - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll (Stardock Corporation)
O24 - Desktop WallPaper: C:\Users\Luca\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapet Galerie foto Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Luca\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapet Galerie foto Windows.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/21 03:46:39 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
OTL cannot create restorepoints on Vista OSs!
========== Files/Folders - Created Within 30 Days ========== [2010/03/04 19:35:16 | 000,552,960 | ---- | C] (OldTimer Tools) -- C:\Users\Luca\Desktop\OTL.exe
[2010/03/04 19:29:47 | 000,000,000 | ---D | C] -- C:\Users\Luca\Desktop\backups
[2010/03/04 19:26:50 | 000,396,288 | ---- | C] (Trend Micro Inc.) -- C:\Users\Luca\Desktop\HijackThis.exe
[2010/03/04 19:11:31 | 000,177,928 | ---- | C] (Kaspersky Lab) -- C:\Users\Luca\Desktop\TDSSKiller.exe
[2010/03/01 21:39:22 | 000,000,000 | ---D | C] -- C:\Users\Luca\Desktop\Folder nou
[2010/02/28 10:24:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/13 22:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\Youtube Downloader HD
[2010/02/13 21:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2010/02/13 21:43:05 | 000,000,000 | ---D | C] -- C:\Program Files\OpenSource Flash Video Splitter
[2010/02/13 17:20:59 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil(789).dll
[2010/02/13 17:20:59 | 001,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon(825).dll
[2010/02/13 17:20:59 | 000,916,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet(832).dll
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/03/04 19:43:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7E45BB15-C875-4E76-8AFC-CD6771B22AB1}.job
[2010/03/04 19:42:52 | 004,194,304 | -HS- | M] () -- C:\Users\Luca\ntuser.dat
[2010/03/04 19:40:43 | 000,720,556 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/04 19:40:43 | 000,620,376 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/04 19:40:43 | 000,114,112 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/04 19:35:25 | 000,552,960 | ---- | M] (OldTimer Tools) -- C:\Users\Luca\Desktop\OTL.exe
[2010/03/04 19:33:56 | 000,187,196 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/03/04 19:33:55 | 000,187,196 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/04 19:33:46 | 000,000,436 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
[2010/03/04 19:33:39 | 000,000,248 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2010/03/04 19:32:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/04 19:32:53 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/04 19:32:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/04 19:32:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/04 19:32:02 | 3186,544,640 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/04 19:30:52 | 000,524,288 | -HS- | M] () -- C:\Users\Luca\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/03/04 19:30:52 | 000,065,536 | -HS- | M] () -- C:\Users\Luca\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/03/04 19:30:45 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/03/04 19:30:38 | 002,106,937 | -H-- | M] () -- C:\Users\Luca\AppData\Local\IconCache.db
[2010/03/04 19:26:53 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Users\Luca\Desktop\HijackThis.exe
[2010/03/04 19:11:16 | 000,154,657 | ---- | M] () -- C:\Users\Luca\Desktop\tdsskiller.zip
[2010/03/04 18:05:36 | 000,002,379 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/03/03 22:30:29 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/03/03 21:54:42 | 000,588,472 | ---- | M] (EasyBits Software AS) -- C:\Windows\System32\ezsvc7x.dll
[2010/03/02 20:22:07 | 000,247,015 | ---- | M] () -- C:\Users\Luca\Desktop\rx8 fata.jpg
[2010/02/28 12:44:27 | 000,136,725 | ---- | M] () -- C:\Users\Luca\Desktop\rx8.jpg
[2010/02/27 13:29:40 | 000,177,928 | ---- | M] (Kaspersky Lab) -- C:\Users\Luca\Desktop\TDSSKiller.exe
[2010/02/18 19:42:15 | 000,010,191 | ---- | M] () -- C:\Users\Luca\Documents\How is organized.docx
[2010/02/03 23:05:48 | 000,157,184 | ---- | M] () -- C:\Users\Luca\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/03 18:20:33 | 000,000,249 | ---- | M] () -- C:\Users\Luca\Desktop\mtuner.ini
[2010/02/02 22:27:10 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/03/04 19:11:11 | 000,154,657 | ---- | C] () -- C:\Users\Luca\Desktop\tdsskiller.zip
[2010/03/03 21:52:20 | 3186,544,640 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/02 20:22:42 | 000,247,015 | ---- | C] () -- C:\Users\Luca\Desktop\rx8 fata.jpg
[2010/02/28 12:43:41 | 000,136,725 | ---- | C] () -- C:\Users\Luca\Desktop\rx8.jpg
[2010/02/18 19:42:13 | 000,010,191 | ---- | C] () -- C:\Users\Luca\Documents\How is organized.docx
[2009/10/11 11:44:49 | 000,000,092 | ---- | C] () -- C:\Users\Luca\AppData\Local\fusioncache.dat
[2009/09/22 19:15:32 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/09/22 19:15:31 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/09/15 19:18:25 | 000,000,000 | ---- | C] () -- C:\Windows\WB.ini
[2009/09/14 19:10:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/13 20:29:14 | 000,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt
[2009/09/05 20:11:31 | 000,001,181 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/09/03 14:04:24 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/08/30 17:02:37 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MyCustomDSPWithUI.dll
[2009/08/30 17:02:37 | 000,053,248 | ---- | C] () -- C:\Windows\System32\MyCustomDSP.dll
[2009/08/26 18:11:49 | 000,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2009/08/24 18:31:43 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/08/24 18:18:41 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/08/22 09:41:03 | 000,000,000 | ---- | C] () -- C:\Users\Luca\AppData\Local\FnF4.txt
[2009/08/18 12:36:08 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/08/16 06:54:36 | 000,157,184 | ---- | C] () -- C:\Users\Luca\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/15 18:25:57 | 000,003,082 | ---- | C] () -- C:\Windows\System32\affv300053706p4now.sys
[2009/08/15 18:11:10 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009/08/15 15:27:26 | 000,000,000 | ---- | C] () -- C:\Users\Luca\AppData\Local\QSwitch.txt
[2009/08/15 15:27:26 | 000,000,000 | ---- | C] () -- C:\Users\Luca\AppData\Local\DSwitch.txt
[2009/08/15 15:27:26 | 000,000,000 | ---- | C] () -- C:\Users\Luca\AppData\Local\AtStart.txt
[2009/08/15 15:27:20 | 000,013,578 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/08/15 15:27:05 | 000,187,196 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/08/15 15:22:59 | 000,187,196 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/06/16 02:07:17 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/06/16 02:06:47 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/06/16 02:06:37 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/06/16 02:06:02 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/06/16 02:04:35 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/06/16 02:04:04 | 000,000,248 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/03/19 03:19:19 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/03/19 03:14:31 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/03/19 03:12:59 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/03/19 03:11:51 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004/06/05 10:56:16 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2003/03/25 04:49:02 | 000,152,064 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2003/03/25 04:49:02 | 000,000,761 | ---- | C] () -- C:\Windows\m3jp2k.ini
[2003/03/25 04:49:02 | 000,000,714 | ---- | C] () -- C:\Windows\m3jpeg.ini
[2003/03/25 04:49:02 | 000,000,702 | ---- | C] () -- C:\Windows\mmtvmj.ini
[2001/09/17 11:20:02 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
========== Custom Scans ========== < yahooui.exe > < seocfg.exe > < upd1234.exe > < vbn.sdf > < yahooauth2.dll > < ssleay32.dll > < libeay32.dll > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS >[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/21 03:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >[2010/03/04 19:13:27 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/21 03:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 03:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009/03/19 11:35:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2009/03/19 11:35:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2009/03/19 11:35:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2009/03/19 11:35:51 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys
< MD5 for: CNGAUDIT.DLL >[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: EVENTLOG.DLL >[2007/05/17 20:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
< MD5 for: IASTORV.SYS >[2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/21 03:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/21 03:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/21 03:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >[2008/01/21 03:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles >[2009/03/08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation)
Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation)
Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation)
Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation)
Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles > ========== Files - Unicode (All) ==========[2010/03/04 19:32:48 | 000,000,254 | ---- | M] ()(C:\Windows\tasks\Vista??????.job) -- C:\Windows\tasks\Vista内存整理大师.job
[2009/09/16 15:54:01 | 000,000,254 | ---- | C] ()(C:\Windows\tasks\Vista??????.job) -- C:\Windows\tasks\Vista内存整理大师.job
< End of report >
EXTRASS:
OTL Extras logfile created on: 04/03/2010 19:37:06 - Run 1
OTL by OldTimer - Version 3.1.33.0 Folder = C:\Users\Luca\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000809 | Country: Marea Britanie | Language: ENG | Date Format: dd/MM/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.15 Gb Total Space | 80.62 Gb Free Space | 35.81% Space Free | Partition Type: NTFS
Drive D: | 7.74 Gb Total Space | 1.53 Gb Free Space | 19.82% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: LUCA-PC
Current User Name: Luca
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3878796717-4136608354-1933507921-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5D4AE02A-9BB0-4354-ADA8-986598DB44B8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{7576F6C6-C473-4B15-8EC3-74BA6763F654}" = lport=2869 | protocol=6 | dir=in | app=system |
"{87F789AC-380D-49A0-B461-632C5FFDEF02}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04D1FEC4-3761-491B-AE9C-A73584DDB2CD}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{05220EA2-65F4-45FA-A5FC-7A4715787A67}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{086945CD-E005-42BE-9D96-ECC15BD8B755}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\3dsmax.exe |
"{0BA93D99-2E6E-4656-9B71-FB237BE2EFEE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0DB2E4A2-2361-4221-A4B4-98BA66D30BA7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0EEF211B-8202-4FE5-9FC5-B3736A091E8A}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\3dsmax.exe |
"{13BB8108-E0D7-4BC8-A50B-DD789DC2D0DF}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{1581A3AB-2AD1-4F59-9DF7-031CC4A08E48}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{1A65281F-4385-4114-98EF-E605D57129A1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1DBEC9CE-5184-4F67-8467-02A0B898A30A}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{1DE267FE-74A9-4E73-9AF4-874514CA48FB}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2009\3dsmax.exe |
"{403B75D1-D4F2-44BF-B8A8-6A6710AA4640}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2009\3dsmax.exe |
"{45C50082-93DE-4FFE-B5AD-602EC2DD5092}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{4AB99721-46DF-4D8B-A890-E3B2869E6170}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\manager.exe |
"{59838183-3808-4DC5-A8E2-52BDE31712B5}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5FFF897F-100F-4E06-9936-74E9E95F7B80}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{664EF355-9AB2-4F9E-85BC-16A26DF42E06}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{6B0E689C-1E77-45EE-9998-FC7E665D81C3}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{83351666-1BD9-49FC-8695-AAB21A9F1EC6}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{840FFDB6-B69D-485D-A26E-D79C7F8ED2F9}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{86BA8D4F-0F7E-4B07-A8E2-362EDB0D59FF}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe |
"{8E0E7DD2-7B58-49D8-A245-CC92D57F1DF5}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{92224139-9854-4ADF-A973-93F4A704F9AF}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe |
"{924561A6-402A-4607-9FC7-9A7E400DEB2E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9E8C1E0D-0453-4E4C-A649-5C31F78A7CE7}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{A0F30388-BEFC-426D-A078-18FB5EEF1AD6}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A2BDFCB1-F4AD-4AFE-BAB6-0E94C9798716}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A3F77169-CFC4-406C-814F-BF92FCD723AC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A7213AF7-81A2-4522-8DEC-60D46CA4A105}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe |
"{A7B314E3-BA78-4840-AD1A-56EABCA1839C}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{AE57B2DB-F960-4297-9C2E-28BA20074A38}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{B3DBAE7A-AE49-48E2-AA40-D40321FB5FB5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C147FC1D-B691-4D78-9B5F-A46D668C0AF4}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{CAFC65B7-6CC5-43F7-9445-E8CFE3CC0AF3}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe |
"{D0370642-DC66-4CDA-9EE4-CAAD460A543E}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{D6959517-E2E4-4009-9F31-B7D60457B860}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D85E0E40-B4A8-4C8B-A78B-C2B7A20F620A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D94C68C7-4FED-4585-9963-774569C6FAB3}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{DB8DBBBF-3115-40C9-87D3-A7C7A4714C35}" = protocol=6 | dir=in | app=c:\program files\autodesk\backburner\server.exe |
"{E37FE00A-2192-461A-8A99-9D2882F143E1}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E3A51868-7A82-496F-A4A1-153B8CD2976B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F423C998-995A-4A51-899A-0ACD091EBB57}" = protocol=17 | dir=in | app=c:\program files\autodesk\backburner\monitor.exe |
"{FAE6710B-BF5D-43C8-9E08-DDB3E3780C54}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{FC6C09E9-76DD-4507-9071-D499BF6BD4FA}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{FDEBDB3C-B0A1-400E-935D-7C0DF1C37239}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe |
"{FF31263A-6396-4880-84F8-34E08B7EBE2E}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{17050C48-16CB-4500-A102-CEAD750CE11E}" = HP User Guides 0138
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{317AC0C7-FEBF-0409-87A3-4FC70D0ED900}" = Autodesk 3ds Max 2010 32-bit
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 M1
"{3762698E-E9DF-4DD8-99F1-8192D0F8EE06}" = Nokia_Multimedia_Common_Components_2_5
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{42B74521-4706-412A-9A27-AED12B83E886}" = Nokia Ovi Application Installer
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{60A08432-00DD-0409-AC2C-143C75460878}" = Autodesk 3ds Max 2010 32-bit Components
"{6332AE1B-FD23-4448-B237-A63900602D72}" = ArcSoft Video Downloader
"{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}" = Nokia Ovi Content Copier
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{751B7387-18B3-43D6-9FAA-E74CB830E03D}" = Symantec Real Time Storage Protection Component
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77E986BD-B38A-4AD0-8D38-2F774222BE75}" = Windows Live Messenger
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7FD71A9E-C4D3-42ED-A998-CDA8290C39A3}" = LightScribe Template Labeler
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1033}" = Nero 8
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{94849F41-3490-4012-8A80-D5BCBF87CE38}" = SymNet
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A528306A-C5EC-481C-A619-6106334E6800}" = Nokia Ovi Player
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1048-7B44-A90000000001}" = Adobe Reader 9 - Romanian
"{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}" = C4200_doccd
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}" = c4200_Help
"{C39E671D-0528-4c5e-A034-8470C5BC393A}" = C4200
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC67770B-581D-4E96-B72A-A7907CE18725}" = Colin McRae Rally 2005
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E209F988-EF49-4B3D-84A6-3CBB67F058AC}" = Google SketchUp 7
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3B37593-EFF5-4530-B7F1-05ACC040887D}" = Microsoft Works
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E551D82D-4D56-4AF7-A2C9-8897D7A0CB00}" = Autodesk 3ds Max 2010 Tutorials Files
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E82E3BC2-F2DD-46B4-B1B2-E391B25E4C7C}" = Autograph 3.20
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F9EA1C47-64A6-45E4-9A80-8CC1575B971D}" = Nokia Ovi System Utilities
"{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}" = Autodesk 3ds Max 2009 32-bit
"{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1" = ACE Mega CoDecS Pack
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Autodesk FBX Plugin 2009.4 - 3ds Max 2010" = Autodesk FBX Plugin 2009.4 - 3ds Max 2010
"Cities XL" = Cities XL
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FBX Plugin 2009.0 for Max 2009" = FBX Plugin 2009.0 for Max 2009
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Nokia Ovi Application Installer" = Nokia Ovi Application Installer 6.85.3011
"Nokia Ovi Content Copier" = Nokia Ovi Content Copier 6.85.3011
"Nokia Ovi System Utilities" = Nokia Ovi System Utilities 6.85.3018
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"RealPlayer 12.0" = RealPlayer
"RegCure" = RegCure 1.5.0.1
"Shuangs Audio Editor_is1" = Shuangs Audio Editor 2.2
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Winamp" = Winamp
"WinAVI Video Converter 9.09.0" = WinAVI Video Converter 9.0
"WindowBlinds" = WindowBlinds
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 03/03/2010 15:51:07 | Computer Name = Luca-PC | Source = Microsoft-Windows-CAPI2 | ID = 131329
Description =
Error - 03/03/2010 15:51:36 | Computer Name = Luca-PC | Source = WinMgmt | ID = 10
Description =
Error - 03/03/2010 15:56:39 | Computer Name = Luca-PC | Source = EventSystem | ID = 4609
Description =
Error - 03/03/2010 15:57:33 | Computer Name = Luca-PC | Source = WinMgmt | ID = 10
Description =
Error - 03/03/2010 15:57:53 | Computer Name = Luca-PC | Source = ESENT | ID = 412
Description = Catalog Database (908) Catalog Database: Unable to read the header
of logfile C:\Windows\system32\CatRoot2\edb000FB.log. Error -501.
Error - 03/03/2010 15:57:53 | Computer Name = Luca-PC | Source = ESENT | ID = 454
Description = Catalog Database (908) Catalog Database: Database recovery/restore
failed with unexpected error -501.
Error - 03/03/2010 15:57:53 | Computer Name = Luca-PC | Source = Microsoft-Windows-CAPI2 | ID = 131329
Description =
Error - 03/03/2010 16:54:14 | Computer Name = Luca-PC | Source = WinMgmt | ID = 10
Description =
Error - 03/03/2010 17:12:48 | Computer Name = Luca-PC | Source = WinMgmt | ID = 10
Description =
Error - 03/03/2010 17:19:33 | Computer Name = Luca-PC | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 01/11/2009 09:47:23 | Computer Name = Luca-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 15503
seconds with 4680 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 30/10/2009 11:30:06 | Computer Name = Luca-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 30/10/2009 11:30:06 | Computer Name = Luca-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 30/10/2009 15:08:12 | Computer Name = Luca-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 30/10/2009 15:08:12 | Computer Name = Luca-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 31/10/2009 04:53:23 | Computer Name = Luca-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 31/10/2009 04:53:23 | Computer Name = Luca-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 31/10/2009 05:51:53 | Computer Name = Luca-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 31/10/2009 05:51:53 | Computer Name = Luca-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 31/10/2009 11:26:28 | Computer Name = Luca-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 31/10/2009 11:26:28 | Computer Name = Luca-PC | Source = Service Control Manager | ID = 7026
Description =
< End of report >