Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Svchost.exe Trojan

Started by Memeology , Aug 13 2012 01:46 PM

  • Please log in to reply

#1
Memeology
Posted 13 August 2012 - 01:46 PM

Memeology

    New Member

  • Member
  • Pip
  • 1 posts
I've ran into a trojan on my computer that malwarebytes can't remove. My computer hasn't has any symptoms of a virus, But who knows what that thing is doing... Here's my OTL Log.

OTL logfile created on: 8/13/2012 2:26:12 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Loy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 64.56% Memory free
5.49 Gb Paging File | 4.02 Gb Available in Paging File | 73.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.41 Gb Total Space | 153.52 Gb Free Space | 69.03% Space Free | Partition Type: NTFS

Computer Name: LOY-PC | User Name: Loy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/13 14:25:58 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Loy\Downloads\OTL.exe
PRC - [2012/08/09 21:15:09 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/08/03 14:41:26 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
PRC - [2012/07/18 16:07:18 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/05/07 18:47:32 | 000,114,008 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\LVPrS64H.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009/07/28 22:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/14 21:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/07/13 17:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/03 14:41:26 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
MOD - [2012/07/18 16:07:17 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/04 01:20:54 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/04/19 08:22:48 | 000,502,032 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2012/03/20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/03/20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/03/20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/27 19:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/05/07 18:45:16 | 000,197,976 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2009/10/16 11:06:39 | 001,039,360 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxducoms.exe -- (lxdu_device)
SRV:64bit: - [2009/08/21 11:31:06 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/11 18:10:48 | 000,252,272 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/08/04 13:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/08/03 21:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/08/09 21:15:09 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/08/03 14:41:28 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/18 16:07:17 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/10/14 18:45:05 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxducoms.exe -- (lxdu_device)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/27 13:28:00 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/08/17 12:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 21:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/07/14 21:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/04 01:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/07/04 01:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/04 00:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/04/25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/02/22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/07/27 08:14:24 | 006,465,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2010/07/27 08:12:16 | 000,339,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010/07/27 08:11:38 | 000,271,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010/05/07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010/04/12 03:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/08/05 21:04:06 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/24 17:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/20 19:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 10:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/19 21:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 16:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 02:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2000/01/01 03:00:00 | 000,442,368 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV - [2010/11/01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {7164CDE6-4B4C-43E0-81DD-37C8C692B3E1}
IE:64bit: - HKLM\..\SearchScopes\{7164CDE6-4B4C-43E0-81DD-37C8C692B3E1}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\..\SearchScopes,DefaultScope = {B208FA9B-B463-40A9-B12B-154A1BA8C02E}
IE - HKLM\..\SearchScopes\{B208FA9B-B463-40A9-B12B-154A1BA8C02E}: "URL" = http://www.google.co...ng}&rlz=1I7TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2790392
IE - HKCU\..\SearchScopes,DefaultScope = {303D3C67-68D7-4EB9-A109-BF039B688604}
IE - HKCU\..\SearchScopes\{303D3C67-68D7-4EB9-A109-BF039B688604}: "URL" = http://www.google.co...TSNA_en___US395
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Blekko"
FF - prefs.js..browser.search.order.1: "Blekko"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Loy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/08/11 05:23:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/06/30 18:01:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/25 03:13:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/25 03:42:52 | 000,000,000 | ---D | M]

[2012/02/24 09:22:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Loy\AppData\Roaming\Mozilla\Extensions
[2012/07/13 02:34:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Loy\AppData\Roaming\Mozilla\Firefox\Profiles\2s4iao4f.default\extensions
[2012/05/28 17:40:01 | 000,000,000 | ---D | M] (Tightrope Interactive, Inc. Toolbar) -- C:\Users\Loy\AppData\Roaming\Mozilla\Firefox\Profiles\2s4iao4f.default\extensions\toolbar@Freshy
[2012/07/25 04:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Loy\AppData\Roaming\Mozilla\Firefox\Profiles\32xqamuh.default\extensions
[2012/07/25 04:35:15 | 000,000,919 | ---- | M] () -- C:\Users\Loy\AppData\Roaming\Mozilla\Firefox\Profiles\32xqamuh.default\searchplugins\conduit.xml
[2012/05/28 17:48:29 | 000,002,419 | ---- | M] () -- C:\Users\Loy\AppData\Roaming\Mozilla\Firefox\Profiles\32xqamuh.default\searchplugins\searchuscom.xml
[2012/05/21 08:04:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/07 23:46:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/25 03:13:18 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\LOY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\32XQAMUH.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2099/01/01 12:00:00 | 000,004,819 | ---- | M] () (No name found) -- C:\USERS\LOY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\32XQAMUH.DEFAULT\EXTENSIONS\[email protected]
[2012/07/18 16:07:18 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/09 22:32:18 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/06/18 13:57:09 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/02 19:18:37 | 000,002,134 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml
[2012/06/18 13:57:09 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://search.condui...SearchSource=48
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://search.condui...SearchSource=48
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Loy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Loy\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\Loy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Loy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SiteAdvisor = C:\Users\Loy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.2_0\
CHR - Extension: Gmail = C:\Users\Loy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/10 01:33:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120630175831.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120630175833.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files (x86)\Lexmark Printable Web\bho.dll ()
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CD3FEA81-A221-4E47-983E-F7DA6E62B59D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Loy\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: vectorvest.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: vectorvest.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53ABD400-D240-44BB-8214-B62FCBA89761}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/13 04:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\NightSoulMS
[2012/08/13 03:59:54 | 000,000,000 | ---D | C] -- C:\Users\Loy\AppData\Roaming\Foxit Software
[2012/08/13 01:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\MapleStory
[2012/08/10 01:44:41 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/08/10 01:33:54 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/08/10 01:14:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/08/10 01:14:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/08/10 01:14:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/08/10 01:12:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/10 01:12:35 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/08/10 00:45:13 | 000,000,000 | ---D | C] -- C:\Users\Loy\AppData\Local\{E19751BE-D3B5-4E58-9F4B-57A135AB5FF1}
[2012/08/10 00:44:41 | 000,000,000 | ---D | C] -- C:\Users\Loy\AppData\Local\{E8E99765-84DA-4AB5-BB67-AEE02CF10AEF}
[2012/08/09 21:58:37 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\RTCOM
[2012/08/09 21:57:56 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\WavesGUILib.dll
[2012/08/09 21:57:53 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\windows\SysNative\SRSWOW64.dll
[2012/08/09 21:57:52 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\windows\SysNative\SRSTSX64.dll
[2012/08/09 21:57:52 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\windows\SysNative\SRSTSH64.dll
[2012/08/09 21:57:52 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\windows\SysNative\SRSHP64.dll
[2012/08/09 21:57:49 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\windows\SysNative\SFNHK64.dll
[2012/08/09 21:57:49 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\windows\SysNative\SFCOM64.dll
[2012/08/09 21:57:49 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\windows\SysNative\SFAPO64.dll
[2012/08/09 21:57:49 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\windows\SysWow64\SFCOM.dll
[2012/08/09 21:57:48 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RTEEP64A.dll
[2012/08/09 21:57:48 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RTEEL64A.dll
[2012/08/09 21:57:48 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RTEEG64A.dll
[2012/08/09 21:57:47 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\windows\SysNative\R4EEP64A.dll
[2012/08/09 21:57:47 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\windows\SysNative\R4EED64A.dll
[2012/08/09 21:57:47 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RP3DHT64.dll
[2012/08/09 21:57:47 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RP3DAA64.dll
[2012/08/09 21:57:47 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\windows\SysNative\RTEED64A.dll
[2012/08/09 21:57:47 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\windows\SysNative\R4EEL64A.dll
[2012/08/09 21:57:47 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\windows\SysNative\R4EEA64A.dll
[2012/08/09 21:57:47 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\windows\SysNative\R4EEG64A.dll
[2012/08/09 21:57:46 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxAudioRealtek264.dll
[2012/08/09 21:57:46 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxVolumeSDAPO.dll
[2012/08/09 21:57:45 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxAudioRealtek.dll
[2012/08/09 21:57:45 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxAudioEQ.dll
[2012/08/09 21:57:45 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxAudioAPOShell64.dll
[2012/08/09 21:57:45 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\windows\SysNative\KAAPORT64.dll
[2012/08/09 21:57:45 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxAudioAPO30.dll
[2012/08/09 21:57:45 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\windows\SysNative\MaxxAudioAPO20.dll
[2012/08/09 21:57:43 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\windows\SysNative\FMAPO64.dll
[2012/08/09 21:57:43 | 001,756,264 | ---- | C] (DTS) -- C:\windows\SysNative\DTSS2SpeakerDLL64.dll
[2012/08/09 21:57:43 | 001,568,360 | ---- | C] (DTS) -- C:\windows\SysNative\DTSS2HeadphoneDLL64.dll
[2012/08/09 21:57:43 | 000,712,296 | ---- | C] (DTS) -- C:\windows\SysNative\DTSSymmetryDLL64.dll
[2012/08/09 21:57:43 | 000,693,352 | ---- | C] (DTS) -- C:\windows\SysNative\DTSVoiceClarityDLL64.dll
[2012/08/09 21:57:43 | 000,537,456 | ---- | C] (DTS) -- C:\windows\SysNative\DTSU2PLFX64.dll
[2012/08/09 21:57:43 | 000,524,656 | ---- | C] (DTS) -- C:\windows\SysNative\DTSU2PGFX64.dll
[2012/08/09 21:57:43 | 000,491,112 | ---- | C] (DTS) -- C:\windows\SysNative\DTSNeoPCDLL64.dll
[2012/08/09 21:57:43 | 000,449,392 | ---- | C] (DTS) -- C:\windows\SysNative\DTSU2PREC64.dll
[2012/08/09 21:57:43 | 000,432,744 | ---- | C] (DTS) -- C:\windows\SysNative\DTSLimiterDLL64.dll
[2012/08/09 21:57:43 | 000,428,648 | ---- | C] (DTS) -- C:\windows\SysNative\DTSGainCompensatorDLL64.dll
[2012/08/09 21:57:43 | 000,242,792 | ---- | C] (DTS) -- C:\windows\SysNative\DTSLFXAPO64.dll
[2012/08/09 21:57:43 | 000,242,792 | ---- | C] (DTS) -- C:\windows\SysNative\DTSGFXAPO64.dll
[2012/08/09 21:57:43 | 000,241,768 | ---- | C] (DTS) -- C:\windows\SysNative\DTSGFXAPONS64.dll
[2012/08/09 21:57:42 | 001,486,952 | ---- | C] (DTS) -- C:\windows\SysNative\DTSBoostDLL64.dll
[2012/08/09 21:57:42 | 000,728,680 | ---- | C] (DTS) -- C:\windows\SysNative\DTSBassEnhancementDLL64.dll
[2012/08/09 21:41:03 | 000,069,632 | ---- | C] (AMD) -- C:\windows\SysNative\coinst_8.97.100.3.dll
[2012/08/09 21:40:56 | 000,120,320 | ---- | C] (AMD) -- C:\windows\SysNative\atitmm64.dll
[2012/08/09 21:40:53 | 000,021,504 | ---- | C] (AMD) -- C:\windows\SysNative\atimuixx.dll
[2012/08/09 21:31:54 | 000,000,000 | ---D | C] -- C:\Users\Loy\AppData\Local\Innovative Solutions
[2012/08/09 21:14:44 | 000,000,000 | ---D | C] -- C:\Users\Loy\AppData\Local\PunkBuster
[2012/08/09 21:02:10 | 000,000,000 | ---D | C] -- C:\Users\Loy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
[2012/08/09 20:43:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/08/09 20:41:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/08/09 20:40:46 | 000,000,000 | ---D | C] -- C:\Perfect World Entertainment
[2012/08/09 19:58:16 | 000,000,000 | ---D | C] -- C:\Users\Loy\AppData\Roaming\SystemRequirementsLab
[2012/08/08 03:36:38 | 000,000,000 | ---D | C] -- C:\Users\Loy\AppData\Roaming\vlc
[2012/08/08 03:34:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012/08/08 03:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2012/08/08 03:30:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2012/08/07 18:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/07 18:07:47 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/08/07 18:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/25 05:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2012/07/25 05:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/07/25 05:19:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012/07/25 05:18:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012/07/25 05:17:57 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH
[2012/07/25 05:17:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2012/07/25 05:15:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2012/07/25 05:14:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/07/25 05:13:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2012/07/25 04:35:06 | 000,000,000 | ---D | C] -- C:\Users\Loy\AppData\Local\CRE
[2012/07/25 04:34:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/07/25 04:34:53 | 000,000,000 | ---D | C] -- C:\Users\Loy\AppData\Local\Conduit
[2012/07/25 04:34:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BitTorrent
[2012/07/25 04:34:01 | 000,000,000 | ---D | C] -- C:\Users\Loy\AppData\Roaming\BitTorrent
[2012/07/25 03:46:33 | 000,000,000 | ---D | C] -- C:\Users\Loy\AppData\Local\Macromedia
[2012/07/25 03:39:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2012/07/25 03:11:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/25 03:09:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/25 03:09:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/25 03:09:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/07/25 02:52:41 | 000,000,000 | ---D | C] -- C:\Users\Loy\AppData\Local\MediaMonkey
[2012/07/25 02:51:21 | 000,000,000 | ---D | C] -- C:\Users\Loy\AppData\Roaming\MediaMonkey
[2012/07/25 02:51:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
[2012/07/25 02:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaMonkey
[2012/07/25 02:49:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MediaMonkey
[2012/07/23 19:13:48 | 000,000,000 | ---D | C] -- C:\Users\Loy\AppData\Local\{8DAF317A-514A-4AE8-A975-5C3D70FF8195}
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/13 14:31:48 | 000,001,839 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2012/08/13 14:23:03 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/13 14:23:03 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/13 14:20:02 | 000,000,892 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/13 14:15:37 | 000,000,888 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/13 14:14:39 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/08/13 14:14:18 | 2211,577,856 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/13 04:41:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/08/13 03:26:02 | 000,000,920 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2998717039-2020828254-3327319184-1001UA.job
[2012/08/12 20:07:30 | 000,000,898 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2998717039-2020828254-3327319184-1001Core.job
[2012/08/10 01:33:27 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/08/09 21:26:21 | 000,283,032 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.xtr
[2012/08/09 21:26:21 | 000,283,032 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.exe
[2012/08/09 21:21:58 | 000,298,016 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.ex0
[2012/08/09 21:15:09 | 000,076,888 | ---- | M] () -- C:\windows\SysWow64\PnkBstrA.exe
[2012/08/09 20:48:32 | 000,803,578 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/08/09 20:48:32 | 000,681,318 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/08/09 20:48:32 | 000,129,906 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/08/09 20:48:20 | 000,803,578 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/08/09 13:19:50 | 000,003,584 | ---- | M] () -- C:\Users\Loy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/09 13:19:50 | 000,000,116 | ---- | M] () -- C:\windows\NeroDigital.ini
[2012/08/07 18:08:17 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/29 00:22:09 | 000,002,292 | ---- | M] () -- C:\Users\Loy\Desktop\Google Chrome.lnk
[2012/07/25 17:04:42 | 000,441,696 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/07/25 03:39:18 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2012/07/25 03:11:37 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/25 02:51:21 | 000,001,058 | ---- | M] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/10 01:14:09 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/08/10 01:14:09 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/08/10 01:14:09 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/08/10 01:14:09 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/08/10 01:14:09 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/08/09 21:57:47 | 000,293,889 | ---- | C] () -- C:\windows\SysNative\drivers\RTAIODAT.DAT
[2012/08/09 21:41:03 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2012/08/09 21:41:03 | 000,204,952 | ---- | C] () -- C:\windows\SysNative\ativvsvl.dat
[2012/08/09 21:41:03 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2012/08/09 21:41:03 | 000,157,144 | ---- | C] () -- C:\windows\SysNative\ativvsva.dat
[2012/08/09 21:41:01 | 002,852,480 | ---- | C] () -- C:\windows\SysWow64\atiumdva.cap
[2012/08/09 21:40:58 | 002,818,784 | ---- | C] () -- C:\windows\SysNative\atiumd6a.cap
[2012/08/09 21:40:56 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2012/08/09 21:40:56 | 000,003,917 | ---- | C] () -- C:\windows\SysNative\atipblag.dat
[2012/08/09 21:40:55 | 000,038,177 | ---- | C] () -- C:\windows\atiogl.xml
[2012/08/09 21:40:51 | 000,618,823 | ---- | C] () -- C:\windows\SysNative\atiicdxx.dat
[2012/08/09 21:40:44 | 000,246,000 | ---- | C] () -- C:\windows\SysWow64\atiapfxx.blb
[2012/08/09 21:40:44 | 000,246,000 | ---- | C] () -- C:\windows\SysNative\atiapfxx.blb
[2012/08/09 21:14:51 | 000,283,032 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.xtr
[2012/08/09 20:41:03 | 000,298,016 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.ex0
[2012/08/09 20:41:03 | 000,283,032 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2012/08/09 20:40:56 | 003,130,440 | ---- | C] () -- C:\windows\SysWow64\pbsvc_blr.exe
[2012/08/09 20:40:56 | 000,076,888 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2012/08/09 13:19:50 | 000,003,584 | ---- | C] () -- C:\Users\Loy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/08 03:30:18 | 000,696,832 | ---- | C] () -- C:\windows\SysNative\xvidcore.dll
[2012/08/08 03:30:18 | 000,645,632 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2012/08/08 03:30:18 | 000,255,488 | ---- | C] () -- C:\windows\SysNative\xvidvfw.dll
[2012/08/08 03:30:18 | 000,173,568 | ---- | C] () -- C:\windows\SysNative\xvid.ax
[2012/08/08 03:30:18 | 000,153,088 | ---- | C] () -- C:\windows\SysWow64\xvid.ax
[2012/08/08 03:30:17 | 000,240,640 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2012/08/07 18:08:17 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/25 03:39:18 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2012/07/25 03:27:44 | 000,193,536 | ---- | C] () -- C:\Users\Loy\Desktop\Maplestory.exe
[2012/07/25 03:26:54 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/07/25 03:11:37 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/25 02:51:21 | 000,001,058 | ---- | C] () -- C:\Users\Public\Desktop\MediaMonkey.lnk
[2012/07/06 02:57:50 | 000,085,504 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2012/03/24 17:10:25 | 000,000,000 | ---- | C] () -- C:\Users\Loy\AppData\Roaming\wklnhst.dat
[2011/04/18 18:24:14 | 000,000,028 | ---- | C] () -- C:\windows\pdf995.ini
[2011/04/18 18:21:59 | 000,000,142 | ---- | C] () -- C:\windows\wpd99.drv
[2011/04/18 18:21:58 | 000,047,616 | ---- | C] () -- C:\windows\SysWow64\pdf995mon64.dll
[2011/04/17 22:43:44 | 000,000,116 | ---- | C] () -- C:\windows\NeroDigital.ini
[2011/02/09 02:31:24 | 000,202,920 | -H-- | C] () -- C:\windows\SysWow64\mlfcache.dat
[2010/11/17 23:50:49 | 000,000,056 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat
[2010/11/12 16:33:24 | 000,681,984 | ---- | C] ( ) -- C:\windows\SysWow64\LXDUhcp.dll
[2010/11/12 16:33:21 | 000,300,032 | ---- | C] () -- C:\windows\SysWow64\lxdugrd.dll
[2010/10/24 15:57:46 | 000,803,578 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/09/05 17:33:12 | 000,651,264 | ---- | C] ( ) -- C:\windows\SysWow64\lxdupmui.dll
[2010/09/05 17:33:12 | 000,594,944 | ---- | C] () -- C:\windows\SysWow64\LXDUinst.dll
[2010/09/05 17:33:12 | 000,364,544 | ---- | C] ( ) -- C:\windows\SysWow64\lxduinpa.dll
[2010/09/05 17:33:12 | 000,339,968 | ---- | C] ( ) -- C:\windows\SysWow64\lxduiesc.dll
[2010/09/05 17:33:12 | 000,335,872 | ---- | C] () -- C:\windows\SysWow64\lxducomx.dll
[2010/09/05 17:33:11 | 001,069,056 | ---- | C] ( ) -- C:\windows\SysWow64\lxduserv.dll
[2010/09/05 17:33:11 | 000,860,160 | ---- | C] ( ) -- C:\windows\SysWow64\lxduusb1.dll
[2010/09/05 17:33:11 | 000,761,856 | ---- | C] ( ) -- C:\windows\SysWow64\lxducomc.dll
[2010/09/05 17:33:11 | 000,684,032 | ---- | C] ( ) -- C:\windows\SysWow64\lxduhbn3.dll
[2010/09/05 17:33:11 | 000,589,824 | ---- | C] ( ) -- C:\windows\SysWow64\lxducoms.exe
[2010/09/05 17:33:11 | 000,577,536 | ---- | C] ( ) -- C:\windows\SysWow64\lxdulmpm.dll
[2010/09/05 17:33:11 | 000,376,832 | ---- | C] ( ) -- C:\windows\SysWow64\lxducomm.dll
[2010/09/05 17:33:11 | 000,364,544 | ---- | C] ( ) -- C:\windows\SysWow64\lxducfg.exe
[2010/09/05 17:33:11 | 000,323,584 | ---- | C] ( ) -- C:\windows\SysWow64\lxduih.exe
[2010/09/05 17:17:30 | 001,036,288 | ---- | C] () -- C:\windows\SysWow64\lxdudrs.dll
[2010/09/05 17:17:30 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\lxducaps.dll
[2010/09/05 17:17:30 | 000,069,632 | ---- | C] () -- C:\windows\SysWow64\lxducnv4.dll
[2010/09/05 16:37:54 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI

========== LOP Check ==========

[2012/07/27 03:58:25 | 000,000,000 | ---D | M] -- C:\Users\Loy\AppData\Roaming\3CF3D
[2012/08/13 03:59:33 | 000,000,000 | ---D | M] -- C:\Users\Loy\AppData\Roaming\BitTorrent
[2011/04/25 13:39:46 | 000,000,000 | ---D | M] -- C:\Users\Loy\AppData\Roaming\Broderbund
[2010/10/02 20:36:48 | 000,000,000 | ---D | M] -- C:\Users\Loy\AppData\Roaming\DVDVideoSoft
[2012/08/13 03:59:54 | 000,000,000 | ---D | M] -- C:\Users\Loy\AppData\Roaming\Foxit Software
[2012/05/28 17:44:48 | 000,000,000 | ---D | M] -- C:\Users\Loy\AppData\Roaming\Freshy
[2010/10/02 18:20:08 | 000,000,000 | ---D | M] -- C:\Users\Loy\AppData\Roaming\InfraRecorder
[2012/01/30 09:39:20 | 000,000,000 | ---D | M] -- C:\Users\Loy\AppData\Roaming\IObit
[2010/09/05 16:50:17 | 000,000,000 | ---D | M] -- C:\Users\Loy\AppData\Roaming\Leadertech
[2010/11/12 16:48:43 | 000,000,000 | ---D | M] -- C:\Users\Loy\AppData\Roaming\Lexmark Productivity Studio
[2012/07/25 04:38:45 | 000,000,000 | ---D | M] -- C:\Users\Loy\AppData\Roaming\MediaMonkey
[2010/09/05 16:42:31 | 000,000,000 | ---D | M] -- C:\Users\Loy\AppData\Roaming\OpenOffice.org
[2011/04/18 18:24:16 | 000,000,000 | ---D | M] -- C:\Users\Loy\AppData\Roaming\pdf995
[2012/08/09 19:58:16 | 000,000,000 | ---D | M] -- C:\Users\Loy\AppData\Roaming\SystemRequirementsLab
[2012/01/22 15:25:49 | 000,000,000 | ---D | M] -- C:\Users\Loy\AppData\Roaming\TaxCut
[2012/02/07 20:07:04 | 000,000,000 | ---D | M] -- C:\Users\Loy\AppData\Roaming\TeamViewer
[2012/03/24 17:10:31 | 000,000,000 | ---D | M] -- C:\Users\Loy\AppData\Roaming\Template
[2010/09/19 23:38:47 | 000,000,000 | ---D | M] -- C:\Users\Loy\AppData\Roaming\Toshiba
[2012/07/25 04:31:26 | 000,000,000 | ---D | M] -- C:\Users\Loy\AppData\Roaming\uTorrent
[2011/04/02 11:52:58 | 000,000,000 | ---D | M] -- C:\Users\Loy\AppData\Roaming\WhiteSmoke
[2011/07/16 00:22:49 | 000,000,000 | ---D | M] -- C:\Users\Loy\AppData\Roaming\WildTangent
[2010/09/05 16:45:49 | 000,000,000 | ---D | M] -- C:\Users\Loy\AppData\Roaming\WinBatch
[2011/07/30 00:01:48 | 000,000,000 | ---D | M] -- C:\Users\Loy\AppData\Roaming\Windows Live Writer
[2012/08/12 20:07:30 | 000,000,898 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2998717039-2020828254-3327319184-1001Core.job
[2012/08/13 03:26:02 | 000,000,920 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2998717039-2020828254-3327319184-1001UA.job
[2012/04/21 13:34:51 | 000,032,530 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Gammo
Posted 16 August 2012 - 08:02 AM

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP