OTL logfile created on: 06/06/2012 13.53.34 - Run 2 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy 1015,32 Mb Total Physical Memory | 323,10 Mb Available Physical Memory | 31,82% Memory free 1,64 Gb Paging File | 0,94 Gb Available in Paging File | 57,61% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programmi Drive C: | 74,52 Gb Total Space | 10,81 Gb Free Space | 14,51% Space Free | Partition Type: NTFS Drive E: | 57,25 Gb Total Space | 1,82 Gb Free Space | 3,17% Space Free | Partition Type: FAT32 Computer Name: HP14590131532 | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/06/06 13.33.17 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe PRC - [2012/05/11 16.33.52 | 019,858,432 | ---- | M] (Redefine Sp z o.o.) -- C:\Programmi\ipla\ipla.exe PRC - [2011/05/16 11.22.26 | 000,326,504 | ---- | M] (Uniblue Systems Limited) -- C:\Programmi\Uniblue\DriverScanner\driverscanner.exe PRC - [2011/05/16 11.22.26 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Programmi\Uniblue\DriverScanner\dsmonitor.exe PRC - [2010/09/22 19.12.16 | 000,015,800 | ---- | M] (Adobe Systems Incorporated) -- C:\Programmi\Adobe\Reader 9.0\Reader\AcroRd32Info.exe PRC - [2010/03/18 11.19.26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009/11/11 11.57.36 | 001,451,520 | ---- | M] (Nokia) -- C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe PRC - [2009/10/27 10.26.36 | 000,657,408 | ---- | M] (Nokia) -- C:\Programmi\PC Connectivity Solution\ServiceLayer.exe PRC - [2009/10/27 10.15.44 | 000,132,608 | ---- | M] (Nokia) -- C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2009/10/27 10.15.02 | 000,120,832 | ---- | M] (Nokia) -- C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2009/07/10 14.49.24 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe PRC - [2007/03/12 14.49.46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2007/03/12 14.49.46 | 000,271,920 | ---- | M] (Nero AG) -- C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe PRC - [2007/03/12 14.49.26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe PRC - [2005/10/27 20.00.22 | 000,299,008 | ---- | M] (Creative Technology Ltd) -- C:\Programmi\Creative\Shared Files\CamTray.exe PRC - [2005/07/30 03.01.00 | 000,114,688 | ---- | M] (Sonic Solutions) -- C:\Programmi\File comuni\Sonic Shared\CineTray.exe PRC - [2005/04/08 12.08.08 | 000,073,728 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programmi\HPQ\HP ProtectTools Security Manager\pthosttr.exe PRC - [2004/08/20 00.39.36 | 001,034,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/05/11 16.25.24 | 000,292,864 | ---- | M] () -- C:\Programmi\ipla\MediaFileScanner.dll MOD - [2012/05/11 16.24.42 | 000,386,560 | ---- | M] () -- C:\Programmi\ipla\jabberoo.dll MOD - [2012/05/11 16.22.40 | 000,156,160 | ---- | M] () -- C:\Programmi\ipla\lua.dll MOD - [2012/05/11 16.21.52 | 000,062,464 | ---- | M] () -- C:\Programmi\ipla\ziplib.dll MOD - [2011/05/16 11.22.26 | 000,407,400 | ---- | M] () -- C:\Programmi\Uniblue\DriverScanner\locale\it\it.dll MOD - [2011/05/16 11.22.26 | 000,071,016 | ---- | M] () -- C:\Programmi\Uniblue\DriverScanner\InstallerExtensions.dll MOD - [2011/05/16 11.22.26 | 000,018,792 | ---- | M] () -- C:\Programmi\Uniblue\DriverScanner\cwebpage.dll MOD - [2010/09/22 22.12.20 | 000,016,832 | ---- | M] () -- C:\Programmi\Adobe\Reader 9.0\Reader\ViewerPS.dll MOD - [2010/01/29 03.49.33 | 002,236,416 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll MOD - [2010/01/29 03.49.33 | 001,400,832 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll MOD - [2010/01/29 03.49.33 | 000,872,448 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll MOD - [2010/01/29 03.49.33 | 000,798,720 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll MOD - [2010/01/29 03.49.33 | 000,786,432 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll MOD - [2010/01/29 03.49.33 | 000,688,128 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll MOD - [2010/01/29 03.49.33 | 000,528,384 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll MOD - [2010/01/29 03.49.33 | 000,462,848 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll MOD - [2010/01/29 03.49.33 | 000,237,568 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll MOD - [2010/01/29 03.49.33 | 000,159,744 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll MOD - [2010/01/29 03.49.33 | 000,143,360 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll MOD - [2010/01/29 03.49.32 | 001,564,672 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\areaifdll.dll MOD - [2010/01/29 03.49.32 | 000,688,128 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocVistaControls.dll MOD - [2010/01/29 03.49.32 | 000,466,944 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\ESCom.dll MOD - [2010/01/29 03.49.32 | 000,404,480 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\KFx.dll MOD - [2010/01/29 03.49.32 | 000,354,816 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\Atlas.dll MOD - [2010/01/29 03.49.32 | 000,339,968 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx MOD - [2010/01/29 03.49.32 | 000,315,392 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx MOD - [2010/01/29 03.49.32 | 000,261,120 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\AppCore.dll MOD - [2010/01/29 03.49.32 | 000,232,960 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\VistaControls.esx MOD - [2010/01/29 03.49.32 | 000,176,128 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocESUpload.dll MOD - [2010/01/29 03.49.32 | 000,171,008 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\Pcd.esx MOD - [2010/01/29 03.49.32 | 000,163,840 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocESEmail.dll MOD - [2010/01/29 03.49.32 | 000,151,552 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocVistaCDBackup.dll MOD - [2010/01/29 03.49.32 | 000,128,512 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\kpries40.dll MOD - [2010/01/29 03.49.32 | 000,117,760 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx MOD - [2010/01/29 03.49.32 | 000,097,280 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx MOD - [2010/01/29 03.49.32 | 000,094,208 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll MOD - [2010/01/29 03.49.32 | 000,090,112 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocVistaPrintOnLine.dll MOD - [2010/01/29 03.49.32 | 000,084,480 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\keml40.dll MOD - [2010/01/29 03.49.32 | 000,083,968 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx MOD - [2010/01/29 03.49.32 | 000,062,464 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\DibLibIP.dll MOD - [2010/01/29 03.49.32 | 000,052,224 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll MOD - [2010/01/29 03.49.32 | 000,044,544 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocCamBack.dll MOD - [2010/01/29 03.49.32 | 000,010,752 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocVistaAdapter.dll MOD - [2010/01/29 03.49.32 | 000,009,728 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll MOD - [2010/01/29 03.49.32 | 000,009,728 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\locPcd.dll MOD - [2010/01/29 03.49.31 | 001,297,408 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\ESSkin.esx MOD - [2010/01/29 03.49.31 | 000,757,760 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx MOD - [2010/01/29 03.49.31 | 000,679,936 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\ESEmail.esx MOD - [2010/01/29 03.49.31 | 000,077,312 | ---- | M] () -- C:\Programmi\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx MOD - [2010/01/29 03.43.47 | 011,411,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\5040bc4f78960248876bfc5f5b2de744\mscorlib.ni.dll MOD - [2009/02/27 20.42.50 | 000,311,296 | ---- | M] () -- C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\pdfshell.ITA MOD - [2009/02/27 14.52.56 | 000,258,048 | ---- | M] () -- C:\Programmi\Adobe\Reader 9.0\Reader\sqlite.dll MOD - [2009/01/18 16.50.02 | 000,417,792 | ---- | M] () -- C:\Programmi\Adobe\Reader 9.0\Reader\AdobeXMP.dll MOD - [2008/09/16 21.18.06 | 000,133,120 | ---- | M] () -- C:\Programmi\winrar\RarExt.dll MOD - [2008/08/12 11.16.16 | 002,023,424 | ---- | M] () -- C:\Programmi\Nokia\Nokia PC Suite 7\QtCore4.dll MOD - [2008/07/29 14.47.56 | 000,016,384 | ---- | M] () -- C:\Programmi\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll MOD - [2008/07/29 14.47.38 | 000,135,168 | ---- | M] () -- C:\Programmi\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll MOD - [2008/07/29 14.11.18 | 000,253,952 | ---- | M] () -- C:\Programmi\Nokia\Nokia PC Suite 7\QtSvg4.dll MOD - [2008/07/29 14.01.12 | 007,331,840 | ---- | M] () -- C:\Programmi\Nokia\Nokia PC Suite 7\QtGUI4.dll MOD - [2008/07/29 13.50.26 | 000,364,544 | ---- | M] () -- C:\Programmi\Nokia\Nokia PC Suite 7\QtXml4.dll MOD - [2007/01/02 22.38.02 | 000,077,824 | R--- | M] () -- C:\Programmi\HP\Digital Imaging\bin\crm\xmltok.dll MOD - [2007/01/02 22.38.02 | 000,065,536 | R--- | M] () -- C:\Programmi\HP\Digital Imaging\bin\crm\xmlparse.dll MOD - [2004/08/20 00.39.18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2010/03/18 11.19.26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009/10/27 10.26.36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programmi\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007/03/12 14.49.46 | 000,271,920 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2004/08/20 00.39.16 | 000,168,032 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ovbxua.dll -- (zskbdrva) SRV - [2003/07/28 21.28.22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE -- (ose) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\catchme.sys -- (catchme) DRV - [2009/10/06 12.52.34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009/10/06 12.52.34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009/10/06 12.52.34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2008/08/26 10.26.12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2005/04/25 03.57.36 | 000,091,864 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P0620Vid.sys -- (PD0620VID) DRV - [2005/04/08 08.25.34 | 000,132,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2005/03/05 01.04.00 | 002,538,624 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2005/03/04 15.21.36 | 000,065,664 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp) DRV - [2005/01/07 21.07.16 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hdaudio.sys -- (HdAudAddService) DRV - [2004/08/04 02.29.50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4) DRV - [2004/08/04 02.29.48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3) DRV - [2004/08/04 02.29.46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5) DRV - [2004/08/04 02.29.46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4) DRV - [2004/08/04 02.29.46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6) DRV - [2004/08/04 02.29.44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3) DRV - [2004/08/04 02.29.44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1) DRV - [2004/08/04 02.29.42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0) DRV - [2004/08/04 02.29.42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7) DRV - [2004/08/04 02.29.40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5) DRV - [2004/08/04 02.29.40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6) DRV - [2004/08/04 02.29.38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x) DRV - [2004/08/04 02.29.38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0) DRV - [2004/08/04 02.29.38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1) DRV - [2004/08/04 02.29.38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2) DRV - [2002/04/04 08.32.06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000&st=10 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com IE - HKU\S-1-5-21-1059664662-2146885747-2336954287-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-21-1059664662-2146885747-2336954287-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1059664662-2146885747-2336954287-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000&st=10 IE - HKU\S-1-5-21-1059664662-2146885747-2336954287-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKU\S-1-5-21-1059664662-2146885747-2336954287-500\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKU\S-1-5-21-1059664662-2146885747-2336954287-500\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms} IE - HKU\S-1-5-21-1059664662-2146885747-2336954287-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programmi\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programmi\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programmi\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Programmi\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Programmi\Veetle\Player\npvlc.dll (Veetle Inc) [color=#E56717]========== Chrome ==========[/color] O1 HOSTS File: ([2012/05/15 00.42.11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (CPrintEnhancer Object) - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Programmi\HP\Smart Web Printing\SmartWebPrinting.dll (Hewlett-Packard Co.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] C:\WINDOWS\System32\hdashcut.exe (Windows (R) Server 2003 DDK provider) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [PD0620 STISvc] C:\WINDOWS\System32\P0620Pin.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [PTHOSTTR] C:\Programmi\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [SetRefresh] C:\Programmi\Compaq\SetRefresh\SetRefresh.exe (Hewlett-Packard Company) O4 - HKU\S-1-5-21-1059664662-2146885747-2336954287-500..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-1059664662-2146885747-2336954287-500..\Run: [Creative WebCam Tray] C:\Programmi\Creative\Shared Files\CamTray.exe (Creative Technology Ltd) O4 - HKU\S-1-5-21-1059664662-2146885747-2336954287-500..\Run: [DriverScanner] C:\Programmi\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited) O4 - HKU\S-1-5-21-1059664662-2146885747-2336954287-500..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe (http://www.emule-project.net) O4 - HKU\S-1-5-21-1059664662-2146885747-2336954287-500..\Run: [IPLA!] C:\Programmi\ipla\ipla.exe (Redefine Sp z o.o.) O4 - HKU\S-1-5-21-1059664662-2146885747-2336954287-500..\Run: [Iwawcuyfte] C:\Documents and Settings\Administrator\Dati applicazioni\Awry\ewsy.exe (IEInspector Software) O4 - HKU\S-1-5-21-1059664662-2146885747-2336954287-500..\Run: [PC Suite Tray] C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Kodak EasyShare software.lnk = C:\Programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) O4 - Startup: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Sonic CinePlayer Quick Launch.lnk = C:\Programmi\File comuni\Sonic Shared\CineTray.exe (Sonic Solutions) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BackupNoCDBurning = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1059664662-2146885747-2336954287-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1059664662-2146885747-2336954287-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1059664662-2146885747-2336954287-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1059664662-2146885747-2336954287-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8FF35DA-3848-4A77-9299-8985AD659C2A}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programmi\File comuni\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programmi\File comuni\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programmi\File comuni\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Pagina iniziale corrente) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/08/02 14.59.02 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/06/06 14.22.48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2012/06/06 14.22.48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2012/06/06 14.22.48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2012/06/06 14.22.48 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2012/06/06 14.08.40 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2012/06/06 13.37.43 | 000,000,000 | --SD | C] -- C:\ComboFix [2012/06/06 13.33.42 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2012/06/06 13.33.17 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2012/06/06 13.32.34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent [2012/05/15 01.00.45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\ClearProg [2012/05/15 01.00.44 | 000,000,000 | ---D | C] -- C:\Programmi\ClearProg [2012/05/15 00.16.25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dati applicazioni\Uhcuez [2012/05/15 00.16.25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dati applicazioni\Odezx [2012/05/15 00.16.25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dati applicazioni\Awry [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/06/06 14.23.22 | 000,001,486 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Calcolatrice.lnk [2012/06/06 14.21.42 | 004,538,510 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe [2012/06/06 14.18.53 | 000,056,391 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Europass cv irecoop Allouani Abdelkader.pdf [2012/06/06 14.08.00 | 000,001,130 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/06/06 13.58.45 | 000,002,241 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2012/06/06 13.58.35 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT [2012/06/06 13.58.29 | 000,000,306 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini [2012/06/06 13.58.12 | 000,005,026 | ---- | M] () -- C:\Documents and Settings\Administrator\Documenti\32497-operatore-socio-sanitario-milano-fondazione-irccs-ca-granda-ospedale-maggiore-policlinico.pdf [2012/06/06 13.57.40 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\PreviewFrameset cv da angela irecoop.htm [2012/06/06 13.54.46 | 001,005,292 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2012/06/06 13.54.46 | 000,450,730 | ---- | M] () -- C:\WINDOWS\System32\perfh010.dat [2012/06/06 13.54.46 | 000,404,104 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/06/06 13.54.46 | 000,075,408 | ---- | M] () -- C:\WINDOWS\System32\perfc010.dat [2012/06/06 13.54.46 | 000,063,324 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012/06/06 13.48.34 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\Administrator\Documenti\spider.sav [2012/06/06 13.42.06 | 000,023,032 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\linea 7 via cocconi.pdf [2012/06/06 13.41.49 | 000,025,782 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\linea 8 v. palermo.pdf [2012/06/06 13.41.06 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012/06/06 13.41.05 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/06/06 13.33.17 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2012/06/06 13.32.14 | 000,088,458 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\page__p__324.htm [2012/06/06 13.31.24 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2012/06/06 13.31.13 | 000,088,332 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\61-diagnostyka-ogolne-raporty-systemowe.htm [2012/06/06 13.30.43 | 000,001,126 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/06/06 13.30.41 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\DriverScanner.job [2012/06/06 13.30.40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2012/06/06 13.30.39 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/06/06 13.30.38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/06/06 13.30.37 | 1064,718,336 | -HS- | M] () -- C:\hiberfil.sys [2012/05/15 01.02.02 | 000,147,633 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Tabela_Oplat_i_Prowizji_dla_kont.pdf [2012/05/15 01.01.35 | 000,005,558 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\RyanairBoardingPass.pdf [2012/05/15 01.00.45 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\eBay Startseite.lnk [2012/05/15 01.00.45 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ClearProg.lnk [2012/05/15 00.59.20 | 000,002,011 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Continue SweetIM Installation.lnk [2012/05/15 00.42.11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2012/05/15 00.40.23 | 000,093,295 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\BONIFICO GIUGNO 2011.htm [2012/05/15 00.40.20 | 000,089,980 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WindLayout cv europeo angela piacente.htm [2012/05/15 00.37.35 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Intelli-studio.lnk [2012/05/15 00.26.50 | 000,054,141 | ---- | M] () -- C:\Documents and Settings\Administrator\Documenti\aest treno alghero sassari.pdf [2012/05/15 00.23.39 | 004,417,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Documenti\TimeTable_Easy_Alghero_Bus.pdf [2012/05/15 00.18.23 | 000,071,444 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\010.pdf [2012/05/15 00.15.15 | 000,008,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Documenti\arst sardegna fertilia olbia.pdf [2012/05/15 00.13.06 | 000,008,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ast sardegna fertilia sassari.pdf [2012/05/15 00.12.54 | 000,086,386 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\porownaj_konta_citihandlowy.pdf [2012/05/15 00.10.48 | 000,031,005 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\POLIZZA.pdf [2012/05/15 00.10.36 | 000,008,067 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CERTIFICATO DI ASSICURAZIONE.htm [2012/05/15 00.08.48 | 000,043,298 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Voucher-RI-70564-4A054281.pdf [2012/05/15 00.04.32 | 000,031,005 | ---- | M] () -- C:\Documents and Settings\Administrator\Documenti\car-hire-insurance.pdf [2012/05/15 00.03.22 | 000,001,261 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\3208897895.rar [2012/05/15 00.03.11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012/05/15 00.02.41 | 000,000,453 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ClearProg.lnk [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/06/06 14.22.48 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2012/06/06 14.22.48 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2012/06/06 14.22.48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2012/06/06 14.22.48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2012/06/06 14.22.48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2012/06/06 14.18.53 | 000,056,391 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Europass cv irecoop Allouani Abdelkader.pdf [2012/06/06 13.58.12 | 000,005,026 | ---- | C] () -- C:\Documents and Settings\Administrator\Documenti\32497-operatore-socio-sanitario-milano-fondazione-irccs-ca-granda-ospedale-maggiore-policlinico.pdf [2012/06/06 13.57.39 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\PreviewFrameset cv da angela irecoop.htm [2012/06/06 13.48.34 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\Administrator\Documenti\spider.sav [2012/06/06 13.42.06 | 000,023,032 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\linea 7 via cocconi.pdf [2012/06/06 13.41.48 | 000,025,782 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\linea 8 v. palermo.pdf [2012/06/06 13.32.14 | 000,088,458 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\page__p__324.htm [2012/06/06 13.31.13 | 000,088,332 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\61-diagnostyka-ogolne-raporty-systemowe.htm [2012/05/15 01.02.01 | 000,147,633 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Tabela_Oplat_i_Prowizji_dla_kont.pdf [2012/05/15 01.00.55 | 000,005,558 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\RyanairBoardingPass.pdf [2012/05/15 01.00.45 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Avvio\Programmi\eBay Startseite.lnk [2012/05/15 01.00.45 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\eBay Startseite.lnk [2012/05/15 01.00.45 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ClearProg.lnk [2012/05/15 00.59.03 | 000,002,011 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Continue SweetIM Installation.lnk [2012/05/15 00.40.23 | 000,093,295 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\BONIFICO GIUGNO 2011.htm [2012/05/15 00.40.20 | 000,089,980 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WindLayout cv europeo angela piacente.htm [2012/05/15 00.39.09 | 000,043,298 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Voucher-RI-70564-4A054281.pdf [2012/05/15 00.26.50 | 000,054,141 | ---- | C] () -- C:\Documents and Settings\Administrator\Documenti\aest treno alghero sassari.pdf [2012/05/15 00.23.39 | 004,417,456 | ---- | C] () -- C:\Documents and Settings\Administrator\Documenti\TimeTable_Easy_Alghero_Bus.pdf [2012/05/15 00.18.22 | 000,071,444 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\010.pdf [2012/05/15 00.15.15 | 000,008,322 | ---- | C] () -- C:\Documents and Settings\Administrator\Documenti\arst sardegna fertilia olbia.pdf [2012/05/15 00.13.06 | 000,008,322 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ast sardegna fertilia sassari.pdf [2012/05/15 00.12.54 | 000,086,386 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\porownaj_konta_citihandlowy.pdf [2012/05/15 00.10.48 | 000,031,005 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\POLIZZA.pdf [2012/05/15 00.10.36 | 000,008,067 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CERTIFICATO DI ASSICURAZIONE.htm [2012/05/15 00.04.32 | 000,031,005 | ---- | C] () -- C:\Documents and Settings\Administrator\Documenti\car-hire-insurance.pdf [2012/05/15 00.03.22 | 000,001,261 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\3208897895.rar [2012/05/15 00.02.41 | 000,000,453 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ClearProg.lnk [2011/12/09 18.26.46 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Dati applicazioni\.backup.dm [2010/10/21 13.12.36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [color=#E56717]========== LOP Check ==========[/color] [2012/05/15 00.16.25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\Awry [2010/01/26 19.22.58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\DVDFab [2010/01/31 12.32.51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\Gadu-Gadu 10 [2011/11/28 17.57.52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\Image Zone Express [2012/06/06 13.30.44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\ipla [2012/03/03 12.28.04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\Leadertech [2010/02/12 17.53.11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\Nokia [2012/06/06 13.47.36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\Odezx [2011/10/15 21.30.01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\OpenCandy [2010/01/31 12.38.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\OpenFM [2010/02/12 17.23.45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\PC Suite [2011/11/28 17.47.48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\PickaVamMaterina [2010/03/23 23.26.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\Printer Info Cache [2010/11/26 13.44.42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\RDRM [2010/01/29 03.54.20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\Skinux [2012/05/15 00.16.25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\Uhcuez [2011/10/15 21.30.28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\Uniblue [2010/01/26 19.21.21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Dati applicazioni\Vso [2009/11/10 16.36.53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\File Monster [2010/02/12 17.20.49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\Installations [2012/06/05 06.12.11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\ipla [2010/01/31 12.40.32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\OpenFM [2010/02/12 17.23.34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite [2011/05/31 18.34.45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dati applicazioni\RDRM [2012/06/06 13.30.41 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\DriverScanner.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Files - Unicode (All) ==========[/color] [2012/01/08 19.33.35 | 000,000,304 | ---- | M] ()(C:\Documents and Settings\Administrator\Desktop\Centrum Projektów - Aktualnosci - Jakie drewno na dom z drewna - w?arnia - projekty domów letniskowych.url) -- C:\Documents and Settings\Administrator\Desktop\Centrum Projektów - Aktualności - Jakie drewno na dom z drewna - wꤺarnia - projekty domów letniskowych.url [2012/01/08 19.33.35 | 000,000,304 | ---- | C] ()(C:\Documents and Settings\Administrator\Desktop\Centrum Projektów - Aktualnosci - Jakie drewno na dom z drewna - w?arnia - projekty domów letniskowych.url) -- C:\Documents and Settings\Administrator\Desktop\Centrum Projektów - Aktualności - Jakie drewno na dom z drewna - wꤺarnia - projekty domów letniskowych.url < End of report >