Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Anti-Malware programs crash. BSOD iaStor.sys & STOP
Message
<blockquote data-quote="Dro_B" data-source="post: 95551" data-attributes="member: 4623"><p>I have a Lenovo IdeaPad y570</p><p>As I tried making this thread i got 1 BSOD with BOTH reasons. I read that even after a complete format people had the same problem, but if that is a quick fix I do not mind doing so. </p><p>When doing the guide to removing Malware laptop BSOD's as soon as I run the first program or any program. Was only able to get OTL Log. Laptop gets BSOD when scanning for aswMBR Log.</p><hr /><p></p><p>OTL logfile created on: 1/10/2013 4:52:00 PM - Run 1</p><p>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alessandro\Downloads</p><p>64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation</p><p>Internet Explorer (Version = 9.0.8112.16421)</p><p>Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy</p><p> </p><p>7.95 Gb Total Physical Memory | 5.73 Gb Available Physical Memory | 72.12% Memory free</p><p>15.89 Gb Paging File | 13.69 Gb Available in Paging File | 86.18% Paging File free</p><p>Paging file location(s): ?:\pagefile.sys [binary data]</p><p> </p><p>%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)</p><p>Drive C: | 714.01 Gb Total Space | 395.46 Gb Free Space | 55.39% Space Free | Partition Type: NTFS</p><p>Drive D: | 29.30 Gb Total Space | 26.11 Gb Free Space | 89.13% Space Free | Partition Type: NTFS</p><p>Drive E: | 165.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF</p><p> </p><p>Computer Name: ALESSANDRO-PC | User Name: Alessandro | Logged in as Administrator.</p><p>Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans</p><p>Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days</p><p> </p><p><span style="color: #E56717">========== Processes (SafeList) ==========</span></p><p> </p><p>PRC - C:\Users\Alessandro\Downloads\OTL.exe (OldTimer Tools)</p><p>PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)</p><p>PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)</p><p>PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)</p><p>PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)</p><p>PRC - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)</p><p>PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)</p><p>PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)</p><p>PRC - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe (Adobe Systems Incorporated)</p><p>PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)</p><p>PRC - C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)</p><p>PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)</p><p>PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)</p><p>PRC - C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)</p><p> </p><p> </p><p><span style="color: #E56717">========== Modules (No Company Name) ==========</span></p><p> </p><p>MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\d01a925ecd339eae8ea1da8488eb2283\System.Xml.Linq.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e43f80b6a3a40323520dd89cb77500a8\System.Windows.Forms.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll ()</p><p>MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll ()</p><p> </p><p> </p><p><span style="color: #E56717">========== Services (SafeList) ==========</span></p><p> </p><p>SRV:<strong>64bit:</strong> - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)</p><p>SRV:<strong>64bit:</strong> - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)</p><p>SRV:<strong>64bit:</strong> - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)</p><p>SRV:<strong>64bit:</strong> - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)</p><p>SRV:<strong>64bit:</strong> - (lxcz_device) -- C:\Windows\SysNative\lxczcoms.exe ( )</p><p>SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)</p><p>SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)</p><p>SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)</p><p>SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)</p><p>SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)</p><p>SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)</p><p>SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)</p><p>SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)</p><p>SRV - (SW2SVC) -- C:\Program Files (x86)\SecureW2\sw2_service.exe (SecureW2 B.V.)</p><p>SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)</p><p>SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)</p><p>SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)</p><p>SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)</p><p>SRV - (TVersityMediaServer) -- C:\ProgramData\TVersity\Media Server\MediaServer.exe ()</p><p>SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)</p><p>SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)</p><p>SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)</p><p>SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)</p><p>SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)</p><p>SRV - (Pharos Systems ComTaskMaster) -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)</p><p>SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)</p><p>SRV - (lxcz_device) -- C:\Windows\SysWOW64\lxczcoms.exe ( )</p><p> </p><p> </p><p><span style="color: #E56717">========== Driver Services (SafeList) ==========</span></p><p> </p><p>DRV:<strong>64bit:</strong> - (hitmanpro37) -- C:\Windows\SysNative\drivers\hitmanpro37.sys ()</p><p>DRV:<strong>64bit:</strong> - (85327485) -- C:\Windows\SysNative\drivers\83685537.sys ()</p><p>DRV:<strong>64bit:</strong> - (94288386) -- C:\Windows\SysNative\drivers\58912553.sys (Kaspersky Lab, GERT)</p><p>DRV:<strong>64bit:</strong> - (37158355) -- C:\Windows\SysNative\drivers\79932046.sys (Kaspersky Lab, GERT)</p><p>DRV:<strong>64bit:</strong> - (72474089) -- C:\Windows\SysNative\drivers\08043824.sys ()</p><p>DRV:<strong>64bit:</strong> - (91029346) -- C:\Windows\SysNative\drivers\31549354.sys ()</p><p>DRV:<strong>64bit:</strong> - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)</p><p>DRV:<strong>64bit:</strong> - (rzdaendpt) -- C:\Windows\SysNative\drivers\rzdaendpt.sys (Razer USA Ltd)</p><p>DRV:<strong>64bit:</strong> - (rzvkeyboard) -- C:\Windows\SysNative\drivers\rzvkeyboard.sys (Razer USA Ltd)</p><p>DRV:<strong>64bit:</strong> - (rzudd) -- C:\Windows\SysNative\drivers\rzudd.sys (Razer USA Ltd)</p><p>DRV:<strong>64bit:</strong> - (aswTdi) -- C:\windows\SysNative\drivers\aswTdi.sys (AVAST Software)</p><p>DRV:<strong>64bit:</strong> - (aswSnx) -- C:\windows\SysNative\drivers\aswSnx.sys (AVAST Software)</p><p>DRV:<strong>64bit:</strong> - (aswSP) -- C:\windows\SysNative\drivers\aswSP.sys (AVAST Software)</p><p>DRV:<strong>64bit:</strong> - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)</p><p>DRV:<strong>64bit:</strong> - (aswFsBlk) -- C:\windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)</p><p>DRV:<strong>64bit:</strong> - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)</p><p>DRV:<strong>64bit:</strong> - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)</p><p>DRV:<strong>64bit:</strong> - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)</p><p>DRV:<strong>64bit:</strong> - (EuMusDesignVirtualAudioCableWdm) -- C:\Windows\SysNative\drivers\vrtaucbl.sys (Eugene V. Muzychenko)</p><p>DRV:<strong>64bit:</strong> - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)</p><p>DRV:<strong>64bit:</strong> - (cbfs3) -- C:\Windows\SysNative\drivers\cbfs3.sys (EldoS Corporation)</p><p>DRV:<strong>64bit:</strong> - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)</p><p>DRV:<strong>64bit:</strong> - (DelayMan) -- C:\Windows\SysNative\drivers\delayman.sys (Ensurebit Inc.)</p><p>DRV:<strong>64bit:</strong> - (winioex) -- C:\Windows\SysNative\drivers\winioex.sys (Ensurebit Inc.)</p><p>DRV:<strong>64bit:</strong> - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)</p><p>DRV:<strong>64bit:</strong> - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)</p><p>DRV:<strong>64bit:</strong> - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)</p><p>DRV:<strong>64bit:</strong> - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)</p><p>DRV:<strong>64bit:</strong> - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)</p><p>DRV:<strong>64bit:</strong> - (BTWDPAN) -- C:\Windows\SysNative\drivers\btwdpan.sys (Broadcom Corporation.)</p><p>DRV:<strong>64bit:</strong> - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)</p><p>DRV:<strong>64bit:</strong> - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)</p><p>DRV:<strong>64bit:</strong> - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)</p><p>DRV:<strong>64bit:</strong> - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)</p><p>DRV:<strong>64bit:</strong> - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)</p><p>DRV:<strong>64bit:</strong> - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)</p><p>DRV:<strong>64bit:</strong> - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)</p><p>DRV:<strong>64bit:</strong> - (rtsuvc) -- C:\Windows\SysNative\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)</p><p>DRV:<strong>64bit:</strong> - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)</p><p>DRV:<strong>64bit:</strong> - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)</p><p>DRV:<strong>64bit:</strong> - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)</p><p>DRV:<strong>64bit:</strong> - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)</p><p>DRV:<strong>64bit:</strong> - (VKbms) -- C:\Windows\SysNative\drivers\VKbms.sys (Windows (R) Win 7 DDK provider)</p><p>DRV:<strong>64bit:</strong> - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (DAdderFltr) -- C:\Windows\SysNative\drivers\dadder.sys (Razer (Asia-Pacific) Pte Ltd)</p><p>DRV:<strong>64bit:</strong> - (SCDEmu) -- C:\windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)</p><p>DRV:<strong>64bit:</strong> - (HybridDisk) -- C:\Windows\SysNative\drivers\HybridDiskX64.sys (Lenovo.)</p><p>DRV:<strong>64bit:</strong> - (hybridcfile) -- C:\Windows\SysNative\drivers\HybridCFileX64.sys (Lenovo.)</p><p>DRV:<strong>64bit:</strong> - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)</p><p>DRV:<strong>64bit:</strong> - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)</p><p>DRV:<strong>64bit:</strong> - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)</p><p>DRV:<strong>64bit:</strong> - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)</p><p>DRV:<strong>64bit:</strong> - (Dot4Scan) -- C:\Windows\SysNative\drivers\Dot4Scan.sys (Microsoft Corporation)</p><p>DRV:<strong>64bit:</strong> - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )</p><p>DRV:<strong>64bit:</strong> - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)</p><p>DRV:<strong>64bit:</strong> - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)</p><p>DRV:<strong>64bit:</strong> - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)</p><p>DRV:<strong>64bit:</strong> - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)</p><p>DRV - (sf) -- D:\AeriaGames\SoldierFront\avital\soldierf64.sys ()</p><p>DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)</p><p>DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)</p><p> </p><p> </p><p><span style="color: #E56717">========== Standard Registry (SafeList) ==========</span></p><p> </p><p> </p><p><span style="color: #E56717">========== Internet Explorer ==========</span></p><p> </p><p>IE:<strong>64bit:</strong> - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]</p><p>IE:<strong>64bit:</strong> - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com</p><p>IE:<strong>64bit:</strong> - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}</p><p>IE:<strong>64bit:</strong> - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox</p><p>IE:<strong>64bit:</strong> - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]</p><p>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com</p><p>IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}</p><p>IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox</p><p>IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7</p><p> </p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN</p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]</p><p>IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com</p><p>IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}</p><p>IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox</p><p>IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7LENN_enUS483</p><p>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0</p><p>IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local></p><p> </p><p> </p><p><span style="color: #E56717">========== FireFox ==========</span></p><p> </p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found</p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)</p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)</p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found</p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF:<strong>64bit:</strong> - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)</p><p>FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found</p><p>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)</p><p>FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)</p><p>FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found</p><p>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)</p><p>FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found</p><p>FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)</p><p>FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)</p><p>FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Alessandro\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)</p><p>FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Alessandro\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()</p><p>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alessandro\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alessandro\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)</p><p>FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alessandro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)</p><p>FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Alessandro\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)</p><p>FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)</p><p> </p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/05/31 23:41:52 | 000,000,000 | ---D | M]</p><p>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\hotfix@mozilla.org: C:\Users\Alessandro\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix [2012/11/06 01:42:29 | 000,000,000 | ---D | M]</p><p>FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\hotfix@mozilla.org: C:\Users\Alessandro\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix [2012/11/06 01:42:29 | 000,000,000 | ---D | M]</p><p> </p><p>[2012/11/06 01:42:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alessandro\AppData\Roaming\Mozilla\Firefox\Extensions</p><p>[2012/11/06 01:42:29 | 000,000,000 | ---D | M] (Mozilla hotfix) -- C:\Users\Alessandro\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix</p><p> </p><p><span style="color: #E56717">========== Chrome ==========</span></p><p> </p><p>CHR - default_search_provider: Google (Enabled)</p><p>CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite117" alt=":eek:" title="Eek! :eek:" loading="lazy" data-shortname=":eek:" />riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}</p><p>CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}</p><p>CHR - Extension: Google Drive = C:\Users\Alessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\</p><p>CHR - Extension: YouTube = C:\Users\Alessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\</p><p>CHR - Extension: Google Search = C:\Users\Alessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\</p><p>CHR - Extension: avast! WebRep = C:\Users\Alessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\</p><p>CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Alessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\</p><p>CHR - Extension: Gmail = C:\Users\Alessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\</p><p> </p><p>O1 HOSTS File: ([2012/11/10 03:04:02 | 000,001,267 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts</p><p>O1 - Hosts: 127.0.0.1 localhost</p><p>O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com</p><p>O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com</p><p>O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com</p><p>O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com</p><p>O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com</p><p>O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net</p><p>O2:<strong>64bit:</strong> - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)</p><p>O2:<strong>64bit:</strong> - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)</p><p>O2:<strong>64bit:</strong> - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</p><p>O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)</p><p>O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)</p><p>O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)</p><p>O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)</p><p>O3:<strong>64bit:</strong> - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)</p><p>O3:<strong>64bit:</strong> - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.</p><p>O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)</p><p>O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.</p><p>O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.</p><p>O4 - HKLM..\Run: [] File not found</p><p>O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)</p><p>O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)</p><p>O4 - HKLM..\Run: [SecureW2 Tray] C:\Program Files (x86)\SecureW2\sw2_tray.exe (SecureW2 B.V.)</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0</p><p>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0</p><p>O8:<strong>64bit:</strong> - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()</p><p>O8:<strong>64bit:</strong> - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()</p><p>O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()</p><p>O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()</p><p>O9:<strong>64bit:</strong> - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()</p><p>O9:<strong>64bit:</strong> - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()</p><p>O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()</p><p>O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()</p><p>O10:<strong>64bit:</strong> - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)</p><p>O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)</p><p>O13<strong>64bit:</strong> - gopher Prefix: missing</p><p>O13 - gopher Prefix: missing</p><p>O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)</p><p>O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)</p><p>O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)</p><p>O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1</p><p>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D634D678-9C27-4244-A098-AC74C081371A}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\livecall - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\ms-help - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\msnim - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\skype4com - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\wlmailhtml - No CLSID value found</p><p>O18:<strong>64bit:</strong> - Protocol\Handler\wlpg - No CLSID value found</p><p>O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)</p><p>O20:<strong>64bit:</strong> - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)</p><p>O20:<strong>64bit:</strong> - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)</p><p>O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)</p><p>O20:<strong>64bit:</strong> - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)</p><p>O21:<strong>64bit:</strong> - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)</p><p>O21:<strong>64bit:</strong> - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.</p><p>O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)</p><p>O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.</p><p>O22:<strong>64bit:</strong> - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation)</p><p>O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)</p><p>O32 - HKLM CDRom: AutoRun - 1</p><p>O33 - MountPoints2\{0d471e02-f5e2-11e1-b5e4-dc0ea17b6639}\Shell - "" = AutoRun</p><p>O33 - MountPoints2\{0d471e02-f5e2-11e1-b5e4-dc0ea17b6639}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a</p><p>O33 - MountPoints2\F\Shell - "" = AutoRun</p><p>O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe</p><p>O34 - HKLM BootExecute: (autocheck autochk *)</p><p>O35:<strong>64bit:</strong> - HKLM\..comfile [open] -- "%1" %*</p><p>O35:<strong>64bit:</strong> - HKLM\..exefile [open] -- "%1" %*</p><p>O35 - HKLM\..comfile [open] -- "%1" %*</p><p>O35 - HKLM\..exefile [open] -- "%1" %*</p><p>O37:<strong>64bit:</strong> - HKLM\...com [@ = comfile] -- "%1" %*</p><p>O37:<strong>64bit:</strong> - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O37 - HKLM\...com [@ = comfile] -- "%1" %*</p><p>O37 - HKLM\...exe [@ = exefile] -- "%1" %*</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)</p><p>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)</p><p>O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)</p><p> </p><p><span style="color: #E56717">========== Files/Folders - Created Within 30 Days ==========</span></p><p> </p><p>[2013/01/10 16:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro</p><p>[2013/01/10 15:23:55 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\AppData\Roaming\ImgBurn</p><p>[2013/01/10 15:11:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn</p><p>[2013/01/10 15:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn</p><p>[2013/01/10 15:00:12 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\58912553.sys</p><p>[2013/01/10 14:52:16 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\79932046.sys</p><p>[2013/01/10 13:23:06 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\Desktop\mbar</p><p>[2013/01/10 13:18:40 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\AppData\Roaming\Malwarebytes</p><p>[2013/01/10 13:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware</p><p>[2013/01/10 13:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes</p><p>[2013/01/10 13:18:30 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys</p><p>[2013/01/10 13:18:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware</p><p>[2013/01/10 13:18:24 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\AppData\Local\Programs</p><p>[2013/01/10 13:18:14 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\Desktop\Malwarebytes Anti-Malware 1.70.0.1100 PRO Final [Cyclonoid]</p><p>[2013/01/09 21:38:35 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\AppData\Roaming\MotioninJoy</p><p>[2013/01/09 21:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy</p><p>[2013/01/09 21:36:03 | 001,721,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WdfCoInstaller01009.dll</p><p>[2013/01/09 21:36:03 | 000,328,712 | ---- | C] (Logitech Inc.) -- C:\windows\SysNative\MijFrc.dll</p><p>[2013/01/09 21:36:03 | 000,115,272 | ---- | C] (MotioninJoy) -- C:\windows\SysNative\drivers\MijXfilt.sys</p><p>[2013/01/09 21:36:03 | 000,074,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\xusb21.sys</p><p>[2013/01/09 21:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\MotioninJoy</p><p>[2013/01/09 21:13:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories</p><p>[2013/01/09 21:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Xbox 360 Accessories</p><p>[2013/01/09 20:55:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KONAMI</p><p>[2013/01/08 21:49:05 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\AppData\Local\{9FD2379F-9C01-41D5-A588-8D97B5880067}</p><p>[2013/01/08 21:41:07 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\AppData\Roaming\Xfire</p><p>[2013/01/08 21:40:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire</p><p>[2013/01/08 21:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire</p><p>[2013/01/08 21:40:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xfire</p><p>[2013/01/08 21:00:21 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\Desktop\dxtory shiz</p><p>[2013/01/08 19:55:42 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\Desktop\League of Legends</p><p>[2013/01/08 19:55:08 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\.swt</p><p>[2013/01/08 15:18:17 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll</p><p>[2013/01/08 15:18:12 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll</p><p>[2013/01/08 15:18:12 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll</p><p>[2013/01/08 15:18:04 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll</p><p>[2013/01/08 15:17:52 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll</p><p>[2013/01/08 15:17:52 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll</p><p>[2013/01/08 15:17:52 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll</p><p>[2013/01/08 15:17:52 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs</p><p>[2013/01/08 15:17:52 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs</p><p>[2013/01/08 15:17:52 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs</p><p>[2013/01/08 15:17:52 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs</p><p>[2013/01/08 15:17:52 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs</p><p>[2013/01/08 15:17:52 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs</p><p>[2013/01/08 15:17:52 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs</p><p>[2013/01/08 15:17:52 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs</p><p>[2013/01/08 15:17:52 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs</p><p>[2013/01/08 15:17:52 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs</p><p>[2013/01/08 15:17:52 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs</p><p>[2013/01/08 15:17:52 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs</p><p>[2013/01/08 15:17:52 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs</p><p>[2013/01/08 15:17:52 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs</p><p>[2013/01/08 15:17:52 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs</p><p>[2013/01/08 15:17:52 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs</p><p>[2013/01/08 15:17:52 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs</p><p>[2013/01/08 15:17:52 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs</p><p>[2013/01/08 15:17:52 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs</p><p>[2013/01/08 15:17:52 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs</p><p>[2013/01/08 15:17:51 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll</p><p>[2013/01/08 15:17:50 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs</p><p>[2013/01/08 15:17:50 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs</p><p>[2013/01/08 15:17:50 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs</p><p>[2013/01/08 15:17:50 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs</p><p>[2013/01/08 15:17:50 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs</p><p>[2013/01/08 15:17:50 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs</p><p>[2013/01/08 15:17:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs</p><p>[2013/01/08 15:17:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs</p><p>[2013/01/08 15:17:12 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll</p><p>[2013/01/08 15:17:12 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll</p><p>[2013/01/08 15:17:12 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll</p><p>[2013/01/08 15:17:12 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe</p><p>[2013/01/08 15:17:12 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll</p><p>[2013/01/08 15:17:12 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll</p><p>[2013/01/08 15:17:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll</p><p>[2013/01/08 15:17:12 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll</p><p>[2013/01/08 15:17:12 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll</p><p>[2013/01/08 15:17:11 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll</p><p>[2013/01/08 15:17:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll</p><p>[2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll</p><p>[2013/01/08 15:17:10 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe</p><p>[2013/01/08 15:17:10 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe</p><p>[2013/01/08 15:17:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll</p><p>[2013/01/08 15:17:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll</p><p>[2013/01/08 15:17:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll</p><p>[2013/01/08 15:17:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll</p><p>[2013/01/08 15:17:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll</p><p>[2013/01/08 15:17:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe</p><p>[2013/01/08 15:16:59 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe</p><p>[2013/01/07 23:33:06 | 000,054,072 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys</p><p>[2013/01/07 23:33:04 | 000,984,144 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys</p><p>[2013/01/07 23:33:04 | 000,285,328 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe</p><p>[2013/01/07 15:32:07 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\Desktop\CS110</p><p>[2012/12/30 12:03:36 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\AppData\Local\Razer</p><p>[2012/12/30 12:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer</p><p>[2012/12/30 11:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO</p><p>[2012/12/25 20:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tiancity</p><p>[2012/12/25 20:59:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tiancity</p><p>[2012/12/20 22:58:22 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\directx</p><p>[2012/12/20 22:11:52 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll</p><p>[2012/12/20 22:11:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll</p><p>[2012/12/20 22:11:51 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll</p><p>[2012/12/20 22:11:51 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll</p><p>[2012/12/19 23:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes</p><p>[2012/12/19 23:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod</p><p>[2012/12/19 23:27:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes</p><p>[2012/12/19 23:27:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes</p><p>[2012/12/19 23:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69</p><p>[2012/12/19 23:26:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi</p><p>[2012/12/15 03:00:46 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll</p><p>[2012/12/15 03:00:46 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll</p><p>[2012/12/15 03:00:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll</p><p>[2012/12/15 03:00:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll</p><p>[2012/12/15 03:00:46 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe</p><p>[2012/12/15 03:00:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe</p><p>[2012/12/15 03:00:46 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll</p><p>[2012/12/15 03:00:46 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll</p><p>[2012/12/15 03:00:45 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll</p><p>[2012/12/15 03:00:45 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl</p><p>[2012/12/15 03:00:45 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl</p><p>[2012/12/15 03:00:45 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll</p><p>[2012/12/15 03:00:43 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll</p><p>[2012/12/15 03:00:43 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll</p><p>[2012/12/15 03:00:43 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll</p><p>[2012/12/14 11:29:15 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll</p><p>[2012/12/14 11:29:14 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll</p><p>[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files - Modified Within 30 Days ==========</span></p><p> </p><p>[2013/01/10 16:52:00 | 000,000,928 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2489484666-2063322186-3143260510-1002UA.job</p><p>[2013/01/10 16:52:00 | 000,000,876 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2489484666-2063322186-3143260510-1002Core.job</p><p>[2013/01/10 16:51:33 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job</p><p>[2013/01/10 16:51:14 | 000,000,210 | ---- | M] () -- C:\windows\tasks\AutoKMS.job</p><p>[2013/01/10 16:51:13 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat</p><p>[2013/01/10 16:51:03 | 2103,332,863 | -HS- | M] () -- C:\hiberfil.sys</p><p>[2013/01/10 16:49:06 | 000,032,152 | ---- | M] () -- C:\windows\SysNative\drivers\hitmanpro37.sys</p><p>[2013/01/10 16:33:39 | 000,028,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/01/10 16:33:39 | 000,028,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>[2013/01/10 16:31:05 | 000,801,208 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI</p><p>[2013/01/10 16:31:05 | 000,676,344 | ---- | M] () -- C:\windows\SysNative\perfh009.dat</p><p>[2013/01/10 16:31:05 | 000,126,694 | ---- | M] () -- C:\windows\SysNative\perfc009.dat</p><p>[2013/01/10 15:12:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job</p><p>[2013/01/10 15:11:36 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk</p><p>[2013/01/10 15:02:59 | 000,208,216 | ---- | M] () -- C:\windows\SysNative\drivers\83685537.sys</p><p>[2013/01/10 15:00:12 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\58912553.sys</p><p>[2013/01/10 14:58:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job</p><p>[2013/01/10 14:52:16 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\79932046.sys</p><p>[2013/01/10 14:24:01 | 000,208,216 | ---- | M] () -- C:\windows\SysNative\drivers\08043824.sys</p><p>[2013/01/10 14:21:58 | 000,208,216 | ---- | M] () -- C:\windows\SysNative\drivers\31549354.sys</p><p>[2013/01/10 13:18:32 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>[2013/01/09 21:38:36 | 000,000,947 | ---- | M] () -- C:\Users\Alessandro\Application Data\Microsoft\Internet Explorer\Quick Launch\DS3 Tool.lnk</p><p>[2013/01/09 21:38:36 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\DS3 Tool.lnk</p><p>[2013/01/09 13:47:51 | 005,004,984 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT</p><p>[2013/01/09 01:11:59 | 000,778,028 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI</p><p>[2013/01/08 22:06:32 | 513,265,063 | ---- | M] () -- C:\Users\Alessandro\Desktop\Recording vs. Atmo.wmv</p><p>[2013/01/08 21:40:53 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\Xfire.lnk</p><p>[2013/01/08 19:58:25 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe</p><p>[2013/01/08 19:58:25 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl</p><p>[2013/01/07 23:33:04 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt</p><p>[2013/01/05 02:55:59 | 000,001,186 | ---- | M] () -- C:\Users\Alessandro\Desktop\Dxtory.lnk</p><p>[2013/01/02 12:59:24 | 000,000,040 | ---- | M] () -- C:\Users\Alessandro\Documents\cmd.bat</p><p>[2012/12/30 12:27:30 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf</p><p>[2012/12/30 12:27:07 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_rzdaendpt_01009.Wdf</p><p>[2012/12/16 12:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll</p><p>[2012/12/16 09:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll</p><p>[2012/12/16 09:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll</p><p>[2012/12/16 09:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll</p><p>[2012/12/15 03:18:47 | 000,475,136 | ---- | M] () -- C:\Users\Alessandro\Documents\Database1.accdb</p><p>[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys</p><p>[2012/12/14 14:50:36 | 000,666,112 | ---- | M] () -- C:\Users\Alessandro\Desktop\GameMerk_USF.exe</p><p>[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]</p><p> </p><p><span style="color: #E56717">========== Files Created - No Company Name ==========</span></p><p> </p><p>[2013/01/10 16:49:06 | 000,032,152 | ---- | C] () -- C:\windows\SysNative\drivers\hitmanpro37.sys</p><p>[2013/01/10 15:11:36 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk</p><p>[2013/01/10 15:11:36 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk</p><p>[2013/01/10 15:02:59 | 000,208,216 | ---- | C] () -- C:\windows\SysNative\drivers\83685537.sys</p><p>[2013/01/10 14:24:01 | 000,208,216 | ---- | C] () -- C:\windows\SysNative\drivers\08043824.sys</p><p>[2013/01/10 14:21:58 | 000,208,216 | ---- | C] () -- C:\windows\SysNative\drivers\31549354.sys</p><p>[2013/01/10 13:18:32 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk</p><p>[2013/01/09 21:36:04 | 000,000,947 | ---- | C] () -- C:\Users\Alessandro\Application Data\Microsoft\Internet Explorer\Quick Launch\DS3 Tool.lnk</p><p>[2013/01/09 21:36:04 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\DS3 Tool.lnk</p><p>[2013/01/08 21:53:24 | 513,265,063 | ---- | C] () -- C:\Users\Alessandro\Desktop\Recording vs. Atmo.wmv</p><p>[2013/01/08 21:40:53 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\Xfire.lnk</p><p>[2013/01/02 12:59:08 | 000,000,040 | ---- | C] () -- C:\Users\Alessandro\Documents\cmd.bat</p><p>[2012/12/30 12:27:30 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf</p><p>[2012/12/30 12:27:07 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_rzdaendpt_01009.Wdf</p><p>[2012/12/30 09:16:03 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk</p><p>[2012/12/29 15:28:13 | 000,001,534 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk</p><p>[2012/12/20 23:01:42 | 000,666,112 | ---- | C] () -- C:\Users\Alessandro\Desktop\GameMerk_USF.exe</p><p>[2012/12/14 13:59:35 | 000,475,136 | ---- | C] () -- C:\Users\Alessandro\Documents\Database1.accdb</p><p>[2012/12/07 15:40:40 | 000,042,440 | ---- | C] () -- C:\windows\SysWow64\xfcodec.dll</p><p>[2012/11/10 20:43:38 | 000,000,135 | ---- | C] () -- C:\windows\AutoKMS.ini</p><p>[2012/06/11 21:40:22 | 000,083,092 | ---- | C] () -- C:\windows\SysWow64\wbers.dat.dmp</p><p>[2012/06/10 20:54:17 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\unrar.dll</p><p>[2012/05/26 14:08:41 | 001,921,682 | -H-- | C] () -- C:\Users\Alessandro\AppData\Roaming\{9740782A-E637-4F7D-B7D754749EA57E18}</p><p>[2012/05/26 12:36:19 | 000,000,100 | ---- | C] () -- C:\windows\Lexstat.ini</p><p>[2012/05/26 12:36:05 | 001,224,704 | ---- | C] ( ) -- C:\windows\SysWow64\lxczserv.dll</p><p>[2012/05/26 12:36:05 | 000,991,232 | ---- | C] ( ) -- C:\windows\SysWow64\lxczusb1.dll</p><p>[2012/05/26 12:36:05 | 000,696,320 | ---- | C] ( ) -- C:\windows\SysWow64\lxczhbn3.dll</p><p>[2012/05/26 12:36:05 | 000,684,032 | ---- | C] ( ) -- C:\windows\SysWow64\lxczcomc.dll</p><p>[2012/05/26 12:36:05 | 000,643,072 | ---- | C] ( ) -- C:\windows\SysWow64\lxczpmui.dll</p><p>[2012/05/26 12:36:05 | 000,585,728 | ---- | C] ( ) -- C:\windows\SysWow64\lxczlmpm.dll</p><p>[2012/05/26 12:36:05 | 000,537,520 | ---- | C] ( ) -- C:\windows\SysWow64\lxczcoms.exe</p><p>[2012/05/26 12:36:05 | 000,421,888 | ---- | C] ( ) -- C:\windows\SysWow64\lxczcomm.dll</p><p>[2012/05/26 12:36:05 | 000,413,696 | ---- | C] () -- C:\windows\SysWow64\lxczutil.dll</p><p>[2012/05/26 12:36:05 | 000,413,696 | ---- | C] ( ) -- C:\windows\SysWow64\lxczinpa.dll</p><p>[2012/05/26 12:36:05 | 000,397,312 | ---- | C] ( ) -- C:\windows\SysWow64\lxcziesc.dll</p><p>[2012/05/26 12:36:05 | 000,385,968 | ---- | C] ( ) -- C:\windows\SysWow64\lxczih.exe</p><p>[2012/05/26 12:36:05 | 000,381,872 | ---- | C] ( ) -- C:\windows\SysWow64\lxczcfg.exe</p><p>[2012/05/26 12:36:05 | 000,274,432 | ---- | C] () -- C:\windows\SysWow64\LXCZinst.dll</p><p>[2012/05/26 12:36:05 | 000,181,168 | ---- | C] ( ) -- C:\windows\SysWow64\lxczppls.exe</p><p>[2012/05/26 12:36:05 | 000,163,840 | ---- | C] ( ) -- C:\windows\SysWow64\lxczprox.dll</p><p>[2012/05/26 12:36:05 | 000,094,208 | ---- | C] ( ) -- C:\windows\SysWow64\lxczpplc.dll</p><p>[2012/05/23 19:34:14 | 000,000,017 | ---- | C] () -- C:\Users\Alessandro\AppData\Local\resmon.resmoncfg</p><p>[2012/05/21 21:12:25 | 000,000,262 | ---- | C] () -- C:\windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini</p><p>[2012/03/19 22:31:16 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin</p><p>[2012/03/19 22:31:16 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin</p><p>[2012/03/19 22:25:58 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll</p><p>[2012/03/19 21:21:14 | 013,212,672 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll</p><p>[2012/01/15 15:34:44 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin</p><p>[2012/01/15 15:34:44 | 000,000,512 | ---- | C] () -- C:\windows\current.bin</p><p>[2012/01/15 15:19:19 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll</p><p>[2012/01/15 15:19:19 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll</p><p>[2012/01/15 15:19:19 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll</p><p>[2012/01/15 15:19:19 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll</p><p>[2012/01/15 15:19:14 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll</p><p>[2012/01/15 15:17:18 | 001,771,872 | ---- | C] () -- C:\windows\SysWow64\ColorBlindnessDLL.dll</p><p>[2012/01/15 15:17:18 | 000,087,392 | ---- | C] () -- C:\windows\SysWow64\LenovoRIC.interface.dll</p><p>[2012/01/15 15:17:18 | 000,083,296 | ---- | C] () -- C:\windows\SysWow64\GetASData.dll</p><p>[2012/01/15 15:17:18 | 000,080,480 | ---- | C] () -- C:\windows\SysWow64\WinIoEx.dll</p><p>[2012/01/15 15:17:18 | 000,058,720 | ---- | C] () -- C:\windows\SysWow64\LenovoRIC.stub.dll</p><p>[2012/01/15 15:06:30 | 000,778,028 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI</p><p>[2012/01/15 14:40:47 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin</p><p> </p><p><span style="color: #E56717">========== ZeroAccess Check ==========</span></p><p> </p><p>[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64</p><p> </p><p>[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64</p><p>"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Apartment</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]</p><p>"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Apartment</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64</p><p>"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Free</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]</p><p>"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)</p><p>"ThreadingModel" = Free</p><p> </p><p>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64</p><p>"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856</p></blockquote><p></p>
[QUOTE="Dro_B, post: 95551, member: 4623"] I have a Lenovo IdeaPad y570 As I tried making this thread i got 1 BSOD with BOTH reasons. I read that even after a complete format people had the same problem, but if that is a quick fix I do not mind doing so. When doing the guide to removing Malware laptop BSOD's as soon as I run the first program or any program. Was only able to get OTL Log. Laptop gets BSOD when scanning for aswMBR Log. [hr] OTL logfile created on: 1/10/2013 4:52:00 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alessandro\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.95 Gb Total Physical Memory | 5.73 Gb Available Physical Memory | 72.12% Memory free 15.89 Gb Paging File | 13.69 Gb Available in Paging File | 86.18% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 714.01 Gb Total Space | 395.46 Gb Free Space | 55.39% Space Free | Partition Type: NTFS Drive D: | 29.30 Gb Total Space | 26.11 Gb Free Space | 89.13% Space Free | Partition Type: NTFS Drive E: | 165.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: ALESSANDRO-PC | User Name: Alessandro | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - C:\Users\Alessandro\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd) PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software) PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) PRC - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe (Pharos Systems International) [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\e7b4706dfe18f29486dbaf5d35e01765\System.Runtime.DurableInstancing.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ef7642a4f2724135d445e2ea36582e78\SMDiagnostics.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\d01a925ecd339eae8ea1da8488eb2283\System.Xml.Linq.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e43f80b6a3a40323520dd89cb77500a8\System.Windows.Forms.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll () MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll () [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software) SRV:[b]64bit:[/b] - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV:[b]64bit:[/b] - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:[b]64bit:[/b] - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:[b]64bit:[/b] - (lxcz_device) -- C:\Windows\SysNative\lxczcoms.exe ( ) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (SW2SVC) -- C:\Program Files (x86)\SecureW2\sw2_service.exe (SecureW2 B.V.) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.) SRV - (TVersityMediaServer) -- C:\ProgramData\TVersity\Media Server\MediaServer.exe () SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (Pharos Systems ComTaskMaster) -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe (Pharos Systems International) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (lxcz_device) -- C:\Windows\SysWOW64\lxczcoms.exe ( ) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - (hitmanpro37) -- C:\Windows\SysNative\drivers\hitmanpro37.sys () DRV:[b]64bit:[/b] - (85327485) -- C:\Windows\SysNative\drivers\83685537.sys () DRV:[b]64bit:[/b] - (94288386) -- C:\Windows\SysNative\drivers\58912553.sys (Kaspersky Lab, GERT) DRV:[b]64bit:[/b] - (37158355) -- C:\Windows\SysNative\drivers\79932046.sys (Kaspersky Lab, GERT) DRV:[b]64bit:[/b] - (72474089) -- C:\Windows\SysNative\drivers\08043824.sys () DRV:[b]64bit:[/b] - (91029346) -- C:\Windows\SysNative\drivers\31549354.sys () DRV:[b]64bit:[/b] - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:[b]64bit:[/b] - (rzdaendpt) -- C:\Windows\SysNative\drivers\rzdaendpt.sys (Razer USA Ltd) DRV:[b]64bit:[/b] - (rzvkeyboard) -- C:\Windows\SysNative\drivers\rzvkeyboard.sys (Razer USA Ltd) DRV:[b]64bit:[/b] - (rzudd) -- C:\Windows\SysNative\drivers\rzudd.sys (Razer USA Ltd) DRV:[b]64bit:[/b] - (aswTdi) -- C:\windows\SysNative\drivers\aswTdi.sys (AVAST Software) DRV:[b]64bit:[/b] - (aswSnx) -- C:\windows\SysNative\drivers\aswSnx.sys (AVAST Software) DRV:[b]64bit:[/b] - (aswSP) -- C:\windows\SysNative\drivers\aswSP.sys (AVAST Software) DRV:[b]64bit:[/b] - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software) DRV:[b]64bit:[/b] - (aswFsBlk) -- C:\windows\SysNative\drivers\aswFsBlk.sys (AVAST Software) DRV:[b]64bit:[/b] - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software) DRV:[b]64bit:[/b] - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:[b]64bit:[/b] - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:[b]64bit:[/b] - (EuMusDesignVirtualAudioCableWdm) -- C:\Windows\SysNative\drivers\vrtaucbl.sys (Eugene V. Muzychenko) DRV:[b]64bit:[/b] - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:[b]64bit:[/b] - (cbfs3) -- C:\Windows\SysNative\drivers\cbfs3.sys (EldoS Corporation) DRV:[b]64bit:[/b] - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:[b]64bit:[/b] - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation) DRV:[b]64bit:[/b] - (DelayMan) -- C:\Windows\SysNative\drivers\delayman.sys (Ensurebit Inc.) DRV:[b]64bit:[/b] - (winioex) -- C:\Windows\SysNative\drivers\winioex.sys (Ensurebit Inc.) DRV:[b]64bit:[/b] - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:[b]64bit:[/b] - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy) DRV:[b]64bit:[/b] - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:[b]64bit:[/b] - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:[b]64bit:[/b] - (BTWDPAN) -- C:\Windows\SysNative\drivers\btwdpan.sys (Broadcom Corporation.) DRV:[b]64bit:[/b] - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.) DRV:[b]64bit:[/b] - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:[b]64bit:[/b] - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:[b]64bit:[/b] - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:[b]64bit:[/b] - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:[b]64bit:[/b] - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:[b]64bit:[/b] - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation) DRV:[b]64bit:[/b] - (rtsuvc) -- C:\Windows\SysNative\drivers\rtsuvc.sys (Realtek Semiconductor Corp.) DRV:[b]64bit:[/b] - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:[b]64bit:[/b] - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:[b]64bit:[/b] - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation) DRV:[b]64bit:[/b] - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:[b]64bit:[/b] - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:[b]64bit:[/b] - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:[b]64bit:[/b] - (VKbms) -- C:\Windows\SysNative\drivers\VKbms.sys (Windows (R) Win 7 DDK provider) DRV:[b]64bit:[/b] - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (DAdderFltr) -- C:\Windows\SysNative\drivers\dadder.sys (Razer (Asia-Pacific) Pte Ltd) DRV:[b]64bit:[/b] - (SCDEmu) -- C:\windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV:[b]64bit:[/b] - (HybridDisk) -- C:\Windows\SysNative\drivers\HybridDiskX64.sys (Lenovo.) DRV:[b]64bit:[/b] - (hybridcfile) -- C:\Windows\SysNative\drivers\HybridCFileX64.sys (Lenovo.) DRV:[b]64bit:[/b] - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:[b]64bit:[/b] - (Dot4Scan) -- C:\Windows\SysNative\drivers\Dot4Scan.sys (Microsoft Corporation) DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (sf) -- D:\AeriaGames\SoldierFront\avital\soldierf64.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7LENN_enUS483 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\windows\system32\npDeployJava1.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Alessandro\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Alessandro\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alessandro\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alessandro\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Alessandro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\electronicarts.com/GameFacePlugin: C:\Users\Alessandro\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/05/31 23:41:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\hotfix@mozilla.org: C:\Users\Alessandro\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix [2012/11/06 01:42:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\hotfix@mozilla.org: C:\Users\Alessandro\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix [2012/11/06 01:42:29 | 000,000,000 | ---D | M] [2012/11/06 01:42:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alessandro\AppData\Roaming\Mozilla\Firefox\Extensions [2012/11/06 01:42:29 | 000,000,000 | ---D | M] (Mozilla hotfix) -- C:\Users\Alessandro\AppData\Roaming\Mozilla\Firefox\Extensions\MozillaHotfix [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - Extension: Google Drive = C:\Users\Alessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\ CHR - Extension: YouTube = C:\Users\Alessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Alessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: avast! WebRep = C:\Users\Alessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Alessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Gmail = C:\Users\Alessandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/11/10 03:04:02 | 000,001,267 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com O1 - Hosts: 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net O2:[b]64bit:[/b] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software) O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd) O4 - HKLM..\Run: [SecureW2 Tray] C:\Program Files (x86)\SecureW2\sw2_tray.exe (SecureW2 B.V.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8:[b]64bit:[/b] - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8:[b]64bit:[/b] - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:[b]64bit:[/b] - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:[b]64bit:[/b] - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D634D678-9C27-4244-A098-AC74C081371A}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O22:[b]64bit:[/b] - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysNative\CbFsMntNtf3.dll (EldoS Corporation) O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0d471e02-f5e2-11e1-b5e4-dc0ea17b6639}\Shell - "" = AutoRun O33 - MountPoints2\{0d471e02-f5e2-11e1-b5e4-dc0ea17b6639}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/01/10 16:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013/01/10 15:23:55 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\AppData\Roaming\ImgBurn [2013/01/10 15:11:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn [2013/01/10 15:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn [2013/01/10 15:00:12 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\58912553.sys [2013/01/10 14:52:16 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\79932046.sys [2013/01/10 13:23:06 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\Desktop\mbar [2013/01/10 13:18:40 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\AppData\Roaming\Malwarebytes [2013/01/10 13:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/01/10 13:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/01/10 13:18:30 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2013/01/10 13:18:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/01/10 13:18:24 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\AppData\Local\Programs [2013/01/10 13:18:14 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\Desktop\Malwarebytes Anti-Malware 1.70.0.1100 PRO Final [Cyclonoid] [2013/01/09 21:38:35 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\AppData\Roaming\MotioninJoy [2013/01/09 21:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy [2013/01/09 21:36:03 | 001,721,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WdfCoInstaller01009.dll [2013/01/09 21:36:03 | 000,328,712 | ---- | C] (Logitech Inc.) -- C:\windows\SysNative\MijFrc.dll [2013/01/09 21:36:03 | 000,115,272 | ---- | C] (MotioninJoy) -- C:\windows\SysNative\drivers\MijXfilt.sys [2013/01/09 21:36:03 | 000,074,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\xusb21.sys [2013/01/09 21:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\MotioninJoy [2013/01/09 21:13:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories [2013/01/09 21:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Xbox 360 Accessories [2013/01/09 20:55:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KONAMI [2013/01/08 21:49:05 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\AppData\Local\{9FD2379F-9C01-41D5-A588-8D97B5880067} [2013/01/08 21:41:07 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\AppData\Roaming\Xfire [2013/01/08 21:40:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xfire [2013/01/08 21:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Xfire [2013/01/08 21:40:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xfire [2013/01/08 21:00:21 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\Desktop\dxtory shiz [2013/01/08 19:55:42 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\Desktop\League of Legends [2013/01/08 19:55:08 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\.swt [2013/01/08 15:18:17 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll [2013/01/08 15:18:12 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll [2013/01/08 15:18:12 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll [2013/01/08 15:18:04 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll [2013/01/08 15:17:52 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll [2013/01/08 15:17:52 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll [2013/01/08 15:17:52 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll [2013/01/08 15:17:52 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs [2013/01/08 15:17:52 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs [2013/01/08 15:17:52 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs [2013/01/08 15:17:52 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs [2013/01/08 15:17:52 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs [2013/01/08 15:17:52 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs [2013/01/08 15:17:52 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs [2013/01/08 15:17:52 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs [2013/01/08 15:17:52 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs [2013/01/08 15:17:52 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs [2013/01/08 15:17:52 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs [2013/01/08 15:17:52 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs [2013/01/08 15:17:52 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs [2013/01/08 15:17:52 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs [2013/01/08 15:17:52 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs [2013/01/08 15:17:52 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs [2013/01/08 15:17:52 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs [2013/01/08 15:17:52 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs [2013/01/08 15:17:52 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs [2013/01/08 15:17:52 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs [2013/01/08 15:17:51 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll [2013/01/08 15:17:50 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs [2013/01/08 15:17:50 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs [2013/01/08 15:17:50 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs [2013/01/08 15:17:50 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs [2013/01/08 15:17:50 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs [2013/01/08 15:17:50 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs [2013/01/08 15:17:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs [2013/01/08 15:17:50 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs [2013/01/08 15:17:12 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll [2013/01/08 15:17:12 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll [2013/01/08 15:17:12 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll [2013/01/08 15:17:12 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe [2013/01/08 15:17:12 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll [2013/01/08 15:17:12 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll [2013/01/08 15:17:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll [2013/01/08 15:17:12 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll [2013/01/08 15:17:12 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll [2013/01/08 15:17:11 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013/01/08 15:17:11 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013/01/08 15:17:11 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013/01/08 15:17:11 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013/01/08 15:17:11 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll [2013/01/08 15:17:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013/01/08 15:17:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013/01/08 15:17:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013/01/08 15:17:11 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013/01/08 15:17:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013/01/08 15:17:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013/01/08 15:17:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013/01/08 15:17:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013/01/08 15:17:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013/01/08 15:17:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013/01/08 15:17:11 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013/01/08 15:17:11 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013/01/08 15:17:10 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe [2013/01/08 15:17:10 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe [2013/01/08 15:17:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013/01/08 15:17:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013/01/08 15:17:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/01/08 15:17:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013/01/08 15:17:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013/01/08 15:17:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe [2013/01/08 15:16:59 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe [2013/01/07 23:33:06 | 000,054,072 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys [2013/01/07 23:33:04 | 000,984,144 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys [2013/01/07 23:33:04 | 000,285,328 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe [2013/01/07 15:32:07 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\Desktop\CS110 [2012/12/30 12:03:36 | 000,000,000 | ---D | C] -- C:\Users\Alessandro\AppData\Local\Razer [2012/12/30 12:03:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer [2012/12/30 11:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO [2012/12/25 20:59:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tiancity [2012/12/25 20:59:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tiancity [2012/12/20 22:58:22 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\directx [2012/12/20 22:11:52 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll [2012/12/20 22:11:52 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll [2012/12/20 22:11:51 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll [2012/12/20 22:11:51 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll [2012/12/19 23:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/12/19 23:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/12/19 23:27:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/12/19 23:27:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012/12/19 23:27:26 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012/12/19 23:26:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/12/15 03:00:46 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012/12/15 03:00:46 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012/12/15 03:00:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012/12/15 03:00:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012/12/15 03:00:46 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2012/12/15 03:00:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2012/12/15 03:00:46 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012/12/15 03:00:46 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012/12/15 03:00:45 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2012/12/15 03:00:45 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2012/12/15 03:00:45 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2012/12/15 03:00:45 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2012/12/15 03:00:43 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2012/12/15 03:00:43 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2012/12/15 03:00:43 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2012/12/14 11:29:15 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll [2012/12/14 11:29:14 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/01/10 16:52:00 | 000,000,928 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2489484666-2063322186-3143260510-1002UA.job [2013/01/10 16:52:00 | 000,000,876 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2489484666-2063322186-3143260510-1002Core.job [2013/01/10 16:51:33 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/10 16:51:14 | 000,000,210 | ---- | M] () -- C:\windows\tasks\AutoKMS.job [2013/01/10 16:51:13 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/01/10 16:51:03 | 2103,332,863 | -HS- | M] () -- C:\hiberfil.sys [2013/01/10 16:49:06 | 000,032,152 | ---- | M] () -- C:\windows\SysNative\drivers\hitmanpro37.sys [2013/01/10 16:33:39 | 000,028,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/10 16:33:39 | 000,028,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/10 16:31:05 | 000,801,208 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013/01/10 16:31:05 | 000,676,344 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013/01/10 16:31:05 | 000,126,694 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013/01/10 15:12:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/10 15:11:36 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2013/01/10 15:02:59 | 000,208,216 | ---- | M] () -- C:\windows\SysNative\drivers\83685537.sys [2013/01/10 15:00:12 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\58912553.sys [2013/01/10 14:58:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/01/10 14:52:16 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\79932046.sys [2013/01/10 14:24:01 | 000,208,216 | ---- | M] () -- C:\windows\SysNative\drivers\08043824.sys [2013/01/10 14:21:58 | 000,208,216 | ---- | M] () -- C:\windows\SysNative\drivers\31549354.sys [2013/01/10 13:18:32 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/09 21:38:36 | 000,000,947 | ---- | M] () -- C:\Users\Alessandro\Application Data\Microsoft\Internet Explorer\Quick Launch\DS3 Tool.lnk [2013/01/09 21:38:36 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\DS3 Tool.lnk [2013/01/09 13:47:51 | 005,004,984 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013/01/09 01:11:59 | 000,778,028 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI [2013/01/08 22:06:32 | 513,265,063 | ---- | M] () -- C:\Users\Alessandro\Desktop\Recording vs. Atmo.wmv [2013/01/08 21:40:53 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\Xfire.lnk [2013/01/08 19:58:25 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2013/01/08 19:58:25 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2013/01/07 23:33:04 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt [2013/01/05 02:55:59 | 000,001,186 | ---- | M] () -- C:\Users\Alessandro\Desktop\Dxtory.lnk [2013/01/02 12:59:24 | 000,000,040 | ---- | M] () -- C:\Users\Alessandro\Documents\cmd.bat [2012/12/30 12:27:30 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf [2012/12/30 12:27:07 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_rzdaendpt_01009.Wdf [2012/12/16 12:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll [2012/12/16 09:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll [2012/12/16 09:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll [2012/12/16 09:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll [2012/12/15 03:18:47 | 000,475,136 | ---- | M] () -- C:\Users\Alessandro\Documents\Database1.accdb [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012/12/14 14:50:36 | 000,666,112 | ---- | M] () -- C:\Users\Alessandro\Desktop\GameMerk_USF.exe [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/01/10 16:49:06 | 000,032,152 | ---- | C] () -- C:\windows\SysNative\drivers\hitmanpro37.sys [2013/01/10 15:11:36 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk [2013/01/10 15:11:36 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk [2013/01/10 15:02:59 | 000,208,216 | ---- | C] () -- C:\windows\SysNative\drivers\83685537.sys [2013/01/10 14:24:01 | 000,208,216 | ---- | C] () -- C:\windows\SysNative\drivers\08043824.sys [2013/01/10 14:21:58 | 000,208,216 | ---- | C] () -- C:\windows\SysNative\drivers\31549354.sys [2013/01/10 13:18:32 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/09 21:36:04 | 000,000,947 | ---- | C] () -- C:\Users\Alessandro\Application Data\Microsoft\Internet Explorer\Quick Launch\DS3 Tool.lnk [2013/01/09 21:36:04 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\DS3 Tool.lnk [2013/01/08 21:53:24 | 513,265,063 | ---- | C] () -- C:\Users\Alessandro\Desktop\Recording vs. Atmo.wmv [2013/01/08 21:40:53 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\Xfire.lnk [2013/01/02 12:59:08 | 000,000,040 | ---- | C] () -- C:\Users\Alessandro\Documents\cmd.bat [2012/12/30 12:27:30 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_rzudd_01009.Wdf [2012/12/30 12:27:07 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_rzdaendpt_01009.Wdf [2012/12/30 09:16:03 | 000,001,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk [2012/12/29 15:28:13 | 000,001,534 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk [2012/12/20 23:01:42 | 000,666,112 | ---- | C] () -- C:\Users\Alessandro\Desktop\GameMerk_USF.exe [2012/12/14 13:59:35 | 000,475,136 | ---- | C] () -- C:\Users\Alessandro\Documents\Database1.accdb [2012/12/07 15:40:40 | 000,042,440 | ---- | C] () -- C:\windows\SysWow64\xfcodec.dll [2012/11/10 20:43:38 | 000,000,135 | ---- | C] () -- C:\windows\AutoKMS.ini [2012/06/11 21:40:22 | 000,083,092 | ---- | C] () -- C:\windows\SysWow64\wbers.dat.dmp [2012/06/10 20:54:17 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\unrar.dll [2012/05/26 14:08:41 | 001,921,682 | -H-- | C] () -- C:\Users\Alessandro\AppData\Roaming\{9740782A-E637-4F7D-B7D754749EA57E18} [2012/05/26 12:36:19 | 000,000,100 | ---- | C] () -- C:\windows\Lexstat.ini [2012/05/26 12:36:05 | 001,224,704 | ---- | C] ( ) -- C:\windows\SysWow64\lxczserv.dll [2012/05/26 12:36:05 | 000,991,232 | ---- | C] ( ) -- C:\windows\SysWow64\lxczusb1.dll [2012/05/26 12:36:05 | 000,696,320 | ---- | C] ( ) -- C:\windows\SysWow64\lxczhbn3.dll [2012/05/26 12:36:05 | 000,684,032 | ---- | C] ( ) -- C:\windows\SysWow64\lxczcomc.dll [2012/05/26 12:36:05 | 000,643,072 | ---- | C] ( ) -- C:\windows\SysWow64\lxczpmui.dll [2012/05/26 12:36:05 | 000,585,728 | ---- | C] ( ) -- C:\windows\SysWow64\lxczlmpm.dll [2012/05/26 12:36:05 | 000,537,520 | ---- | C] ( ) -- C:\windows\SysWow64\lxczcoms.exe [2012/05/26 12:36:05 | 000,421,888 | ---- | C] ( ) -- C:\windows\SysWow64\lxczcomm.dll [2012/05/26 12:36:05 | 000,413,696 | ---- | C] () -- C:\windows\SysWow64\lxczutil.dll [2012/05/26 12:36:05 | 000,413,696 | ---- | C] ( ) -- C:\windows\SysWow64\lxczinpa.dll [2012/05/26 12:36:05 | 000,397,312 | ---- | C] ( ) -- C:\windows\SysWow64\lxcziesc.dll [2012/05/26 12:36:05 | 000,385,968 | ---- | C] ( ) -- C:\windows\SysWow64\lxczih.exe [2012/05/26 12:36:05 | 000,381,872 | ---- | C] ( ) -- C:\windows\SysWow64\lxczcfg.exe [2012/05/26 12:36:05 | 000,274,432 | ---- | C] () -- C:\windows\SysWow64\LXCZinst.dll [2012/05/26 12:36:05 | 000,181,168 | ---- | C] ( ) -- C:\windows\SysWow64\lxczppls.exe [2012/05/26 12:36:05 | 000,163,840 | ---- | C] ( ) -- C:\windows\SysWow64\lxczprox.dll [2012/05/26 12:36:05 | 000,094,208 | ---- | C] ( ) -- C:\windows\SysWow64\lxczpplc.dll [2012/05/23 19:34:14 | 000,000,017 | ---- | C] () -- C:\Users\Alessandro\AppData\Local\resmon.resmoncfg [2012/05/21 21:12:25 | 000,000,262 | ---- | C] () -- C:\windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini [2012/03/19 22:31:16 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2012/03/19 22:31:16 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2012/03/19 22:25:58 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll [2012/03/19 21:21:14 | 013,212,672 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll [2012/01/15 15:34:44 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin [2012/01/15 15:34:44 | 000,000,512 | ---- | C] () -- C:\windows\current.bin [2012/01/15 15:19:19 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll [2012/01/15 15:19:19 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll [2012/01/15 15:19:19 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll [2012/01/15 15:19:19 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll [2012/01/15 15:19:14 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll [2012/01/15 15:17:18 | 001,771,872 | ---- | C] () -- C:\windows\SysWow64\ColorBlindnessDLL.dll [2012/01/15 15:17:18 | 000,087,392 | ---- | C] () -- C:\windows\SysWow64\LenovoRIC.interface.dll [2012/01/15 15:17:18 | 000,083,296 | ---- | C] () -- C:\windows\SysWow64\GetASData.dll [2012/01/15 15:17:18 | 000,080,480 | ---- | C] () -- C:\windows\SysWow64\WinIoEx.dll [2012/01/15 15:17:18 | 000,058,720 | ---- | C] () -- C:\windows\SysWow64\LenovoRIC.stub.dll [2012/01/15 15:06:30 | 000,778,028 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2012/01/15 14:40:47 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856[/hr] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
