I was surfing the Internet and working on my project this morning, everything worked just fine. Then all of a sudden I was no longer able to open my Firefox and Chrome.
Whenever I try to open my FireFox and Chrome, it will load up IE instead. I even have tried to open Chrome and FireFox directly from their directory using the main .exe files, but they still load IE instead of Chrome and FireFox.
This is really weird as this is the very 1st time I encounter problem such as this.
I've used Malwarebytes to do a quick scan and got some malwares removed, too bad I accidentally cleared the logs and viruses without saving the log files. After the removal of the Malwares, I'm still not able to open Chrome and Firefox, the problem still remains unchanged.
I think my PC is seriously infected by some unknown malwares.
I really do hope any expert here could help me as soon as possible.
Your help will be very much appreciated.
Thank you in advance.
Regards,
Wyatt
OTL Log:
OTL logfile created on: 29/8/2012 11:58:06 AM - Run 1
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Users\Wyatt\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004409 | Country: Malaysia | Language: ENM | Date Format: d/M/yyyy
5.91 Gb Total Physical Memory | 3.75 Gb Available Physical Memory | 63.49% Memory free
11.82 Gb Paging File | 9.39 Gb Available in Paging File | 79.43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 304.53 Gb Total Space | 243.04 Gb Free Space | 79.81% Space Free | Partition Type: NTFS
Drive E: | 146.48 Gb Total Space | 144.52 Gb Free Space | 98.66% Space Free | Partition Type: NTFS
Computer Name: WYATTPC | User Name: Wyatt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/08/29 11:48:57 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Wyatt\Desktop\OTL.exe
PRC - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/08 13:49:08 | 001,079,216 | ---- | M] (Shenzhen QVOD Technology Co.,Ltd) -- C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe
PRC - [2012/06/04 10:01:23 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/05/25 02:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Wyatt\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/07 01:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/02 01:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/05/19 15:16:48 | 000,995,392 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/05/19 15:16:36 | 000,921,664 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/05/13 11:35:27 | 000,054,568 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Dell\VideoStage\VSThumbParser.exe
PRC - [2011/04/23 00:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/04/22 09:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/11/06 13:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/10/06 11:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/06 11:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/02/24 11:25:30 | 000,214,408 | ---- | M] (PPStream Inc) -- C:\PPStream\PPSAP.exe
========== Modules (No Company Name) ==========
MOD - [2012/06/13 21:50:35 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0f59b7aebc4be73d5da020c88c72f33b\PresentationFramework.ni.dll
MOD - [2012/06/13 21:50:23 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\828e99a57411166ccc26d24be089ba44\System.Windows.Forms.ni.dll
MOD - [2012/06/13 21:50:18 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\502adc65e43b9d025cba1fd0bfa964a8\System.Drawing.ni.dll
MOD - [2012/06/13 21:50:15 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a6fc17fd5d463a675fa6c9bb7ed1ab73\PresentationCore.ni.dll
MOD - [2012/05/16 20:44:36 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\7dfba5d1d4bb05f6e4ea95ffa0f359a9\System.Core.ni.dll
MOD - [2012/05/14 10:45:00 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96a5c5331595b2dbc3a891ad1249e519\PresentationFramework.Aero.ni.dll
MOD - [2012/05/14 10:44:05 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\5b10c18a074132f1ae4a86d860cf9615\WindowsBase.ni.dll
MOD - [2012/05/14 10:44:00 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb0e4de1afd3f2efbbf39a5e39f646a\System.Xml.ni.dll
MOD - [2012/05/14 10:43:57 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2a5cbab122112cd4291b684e67460c16\System.Configuration.ni.dll
MOD - [2012/05/14 10:43:56 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\9447bd5b21a91081d4275b4c4401b1f9\System.ni.dll
MOD - [2012/05/14 10:43:46 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2ab531f4915cccb998c4e852fb7efd00\mscorlib.ni.dll
MOD - [2011/08/18 23:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/04/23 00:13:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
========== Services (SafeList) ==========
SRV:64bit: - [2012/08/23 11:57:48 | 000,502,064 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2012/05/27 16:36:14 | 000,040,048 | ---- | M] (SparkLabs) [Auto | Running] -- C:\Program Files\WiTopia\WiTopiaService.exe -- (WiTopiaService)
SRV:64bit: - [2012/03/20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2012/03/20 12:56:24 | 000,210,584 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2012/03/20 12:55:54 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/09/16 08:41:28 | 001,518,352 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/09/16 08:28:06 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/09/16 08:24:52 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/09/15 23:54:46 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/06/04 02:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/03/09 07:00:50 | 000,224,704 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2011/01/28 08:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/28 08:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/28 08:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2011/01/28 08:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/28 08:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/28 08:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/28 08:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/25 17:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/11/30 05:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010/09/23 08:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/08/20 23:02:30 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/22 22:11:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/13 19:51:50 | 000,024,576 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.4.2\bin\httpd.exe -- (wampapache)
SRV - [2012/04/19 15:45:02 | 009,693,696 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe -- (wampmysqld)
SRV - [2012/04/05 13:08:34 | 002,143,552 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/18 23:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/05/19 15:16:48 | 000,995,392 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/05/19 15:16:46 | 001,335,360 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/05/19 15:16:36 | 000,921,664 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/04/23 00:13:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/22 09:32:26 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/11/06 13:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/10/06 11:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/06 11:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/08/26 10:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/19 03:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/05/27 16:36:34 | 000,038,368 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\visctap0901.sys -- (visctap0901)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2012/02/22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2012/02/22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2012/02/22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/09 19:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/11/15 01:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/18 16:26:52 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/09/15 23:48:24 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/09/15 23:48:24 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/02 16:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/07/21 06:21:50 | 000,406,336 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011/07/21 06:21:50 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011/06/22 05:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/06/22 05:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/19 15:17:04 | 000,053,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/05/19 15:17:02 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2011/05/13 16:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/04/23 00:13:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/04/20 03:07:48 | 001,930,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2011/04/11 03:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 13:29:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/01/25 17:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/21 01:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/11/30 05:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/21 11:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 11:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/07 07:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/30 08:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/03/19 17:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 08:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/09/25 10:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2006/11/02 02:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/03/29 16:32:12 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.my/
IE - HKCU\..\SearchScopes,DefaultScope = {1FF7973D-AB0A-496d-82C1-4EADBBA11E7B}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 78.46.186.201:8080
========== FireFox ==========
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@spoon.net/Spoon Plugin 3.33: C:\Program Files (x86)\Spoon\3.33.0.13\npMozillaSpoonPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Wyatt\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Wyatt\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/04 10:01:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012/07/09 09:43:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/22 22:11:24 | 000,000,000 | ---D | M]
[2012/07/08 20:07:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wyatt\AppData\Roaming\Mozilla\Extensions
[2012/08/04 16:07:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wyatt\AppData\Roaming\Mozilla\Firefox\Profiles\lhiax2av.default\extensions
[2012/07/17 19:00:36 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Wyatt\AppData\Roaming\Mozilla\Firefox\Profiles\lhiax2av.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2012/07/08 20:07:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/22 22:11:24 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/15 06:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/15 06:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.chromefans.org/
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Wyatt\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Wyatt\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Wyatt\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Wyatt\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Orbit Downloader (Enabled) = C:\Users\Wyatt\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java Platform SE 7 U3 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\windows\system32\npDeployJava1.dll
CHR - plugin: QvodInsert (Enabled) = C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Wyatt\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Wyatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.7_0\
CHR - Extension: YouTube = C:\Users\Wyatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Wyatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: User-Agent Switcher for Chrome = C:\Users\Wyatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg\1.0.17_0\
CHR - Extension: Silver Bird = C:\Users\Wyatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic\1.9.8.12_0\
CHR - Extension: PageSpeed Insights (by Google) = C:\Users\Wyatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplegfbjlmmehdoakndmohflojccocli\2.0.1.0_0\
CHR - Extension: Andrew@ChromeFans = C:\Users\Wyatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn\4.7.9_0\
CHR - Extension: Eye Dropper = C:\Users\Wyatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka\0.2.6_0\
CHR - Extension: Adobe Shadow = C:\Users\Wyatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijoeapleklopieoejahbpdnhkjjgddem\1.0.295_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Wyatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Power Editor = C:\Users\Wyatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgbefhffiiongohodpopckdcalediegk\1.1_0\
CHR - Extension: Keyword Researcher = C:\Users\Wyatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnbgfbemdoolmminolmdjdkaehibphme\1.3.5_0\
CHR - Extension: Session Manager = C:\Users\Wyatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc\3.4.3_0\
CHR - Extension: Google Mail Checker = C:\Users\Wyatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\
CHR - Extension: Ghostery = C:\Users\Wyatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.0.0_0\
CHR - Extension: SEO for Chrome = C:\Users\Wyatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj\0.9.5_0\
CHR - Extension: Bolt Save and Share = C:\Users\Wyatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofmipocdiiichlijcngflajilbpkkfhj\7.2_0\
CHR - Extension: Google Global = C:\Users\Wyatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojgmigafbpedhdilmemphfklkbghlphi\1.0_0\
CHR - Extension: Gmail = C:\Users\Wyatt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2012/07/01 19:34:53 | 000,000,997 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 p202backup1
O1 - Hosts: 127.0.0.1 secure.tune-up.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120615120604.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120708221926.dll (McAfee, Inc.)
O2 - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files (x86)\QvodPlayer\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QvodTerminal] C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD Technology Co.,Ltd)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [cXaGIRs26G] C:\ProgramData\tPpoMGqKOlVS7\lkLHEhzuYyFh9QtR\6bnrnMQT68p26\fgtOcmiAiFWjDr\hyARX5gJ5Q4ojs7D\yfqhk7WLIwISFCY\CLu5kdOYgh.exe ()
O4 - HKCU..\Run: [PPS Accelerator] C:\PPStream\PPSAP.exe (PPStream Inc)
O4 - Startup: C:\Users\Wyatt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Wyatt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Wyatt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnk = C:\PPStream\PPStream.exe (PPStream Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.3.1)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23CEA19E-5F6E-4926-9576-4A14C5FD2D1D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DEFA122-E95D-462F-9299-AD5B16D1B808}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E013816E-E046-4682-912F-95A931CA0CA5}: DhcpNameServer = 8.8.8.8 10.118.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3A7F187-D150-424B-AC10-752DA5E5DA6B}: DhcpNameServer = 203.82.64.129 203.82.64.145
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\WINDOWS\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\WINDOWS\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/08/29 11:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/08/29 11:48:47 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Wyatt\Desktop\OTL.exe
[2012/08/29 10:41:16 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\Desktop\2012_08_29
[2012/08/29 01:48:52 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\Desktop\GeoIP-111_20120821
[2012/08/29 01:41:57 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\Desktop\stm-mobile-tracker-v1.0
[2012/08/29 00:56:42 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{E37FF305-0D3D-4AD6-BBAC-F080B3462F69}
[2012/08/28 20:46:05 | 000,000,000 | ---D | C] -- C:\ProgramData\WLSetup
[2012/08/28 18:51:19 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\Desktop\DingFengOnline.com
[2012/08/28 12:43:03 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\Desktop\assaulter___android_app___at_t_only___us
[2012/08/28 10:15:15 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{6E6A61B7-ED67-4F5D-A4BB-050BB12BF8F2}
[2012/08/27 20:56:23 | 000,000,000 | -HSD | C] -- C:\ProgramData\tPpoMGqKOlVS7
[2012/08/27 20:53:00 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{068D4653-AA93-462E-A88A-2FA4E8CB38FA}
[2012/08/27 13:07:46 | 028,206,113 | ---- | C] (Nrsft) -- C:\ProgramData\39G9JuXb.exe
[2012/08/27 10:17:28 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{3E426EB7-DA06-46C0-ACA6-288515C88210}
[2012/08/25 15:23:04 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{2EC0C6D7-1030-46D5-8185-698F6D991424}
[2012/08/24 22:01:17 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{75659C52-77FA-452C-AED5-30EB4C60A5D9}
[2012/08/24 10:21:05 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2012/08/24 10:21:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows
[2012/08/24 10:00:34 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{59AE2A81-17B9-400F-B27C-9E553CFB51F6}
[2012/08/23 10:01:44 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{E506D366-44D3-4B57-AF0A-B35B4F76C425}
[2012/08/22 20:42:54 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{F14E26B8-8ADF-4ED1-BA58-2500EEA5759F}
[2012/08/22 10:11:48 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{31700CF1-9944-4574-99C0-918E2106651A}
[2012/08/21 14:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PPStream
[2012/08/20 21:52:31 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{6729ABF3-5BA8-44C3-B62A-FC4ED010F6F2}
[2012/08/13 09:57:32 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{57C438A8-546E-4EB0-A5E3-2592B94105F9}
[2012/08/13 09:57:11 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{68BD906A-E5F5-4EF1-8146-F486819A20B6}
[2012/08/12 15:18:37 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{4B3A59F8-D53B-46EE-A3CE-203B1A06B051}
[2012/08/12 15:18:25 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{1E0B16BC-D5D3-4E74-90FA-0D41E806927E}
[2012/08/11 21:38:56 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{7A59877F-0C00-4919-BF8D-1FADF7A93512}
[2012/08/11 21:38:43 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{10442D2B-910E-4BE8-9BAB-D847B1174D27}
[2012/08/11 18:22:34 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{F2AC72C0-094F-47D8-95A8-5AD7BB7922D2}
[2012/08/10 20:28:46 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{14E3FDAA-E7E8-47E5-846E-C20DED3F5437}
[2012/08/10 20:28:20 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{B8C23830-99D6-417B-A5BF-C5A532264467}
[2012/08/10 00:05:38 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{41BE42AC-B3CA-44CD-83E2-44D643B94753}
[2012/08/10 00:04:59 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{F8B6EA29-56A0-47CE-B622-A5F801C1B50A}
[2012/08/09 10:05:06 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{CB42FCB7-DCC7-495B-BC71-CE700ABB4FD3}
[2012/08/09 10:04:41 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{33CE7BAA-21B0-443A-90DA-2D88B6EE69D1}
[2012/08/08 22:04:01 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{46944525-46C5-4D83-822C-04D2B774CA5A}
[2012/08/08 22:03:38 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{A951F826-FEAE-49EF-8BC6-F786334D42BC}
[2012/08/08 10:01:24 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{E24C71D0-A26D-41EA-BEF8-AD44387734AC}
[2012/08/08 10:00:00 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{2008F4C5-A3B8-4266-B7E4-4C7A9A7CAF8D}
[2012/08/07 11:28:26 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\Documents\Ding Feng Online Sdn. Bhd. Expenses
[2012/08/07 10:04:12 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{86D812CA-4BCF-494A-AC1F-54AC66C08F56}
[2012/08/07 10:03:57 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{B5B75F53-936B-406B-848E-7A28BB3FE33F}
[2012/08/06 19:45:10 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/08/06 09:55:53 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{1B41E7E8-E78B-415C-88F6-B2EFD8ECECEC}
[2012/08/06 09:55:32 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{C7037975-82CC-4666-8F51-9B1CCEAD4958}
[2012/08/05 19:32:21 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{53697573-42BF-4508-9532-AAAD00FD2780}
[2012/08/05 19:32:08 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{5423C077-9459-499C-A04D-0B56D3F80D0F}
[2012/08/05 01:01:12 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{D39B384D-D044-4E86-AE7A-3DF9263A317B}
[2012/08/05 01:00:58 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{A81C6659-579D-44DF-93FB-D8C561BDE51D}
[2012/08/03 22:35:14 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{1D526AE9-6AE0-447A-9A4D-56B2BA1DA209}
[2012/08/03 22:34:34 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{3CB31B0C-9EAF-46B8-A742-D8BE4D8BEE4E}
[2012/08/03 14:37:06 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\Desktop\Mobile Campaigns
[2012/08/03 09:56:51 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{B2FD9365-2FD1-4789-B6C4-40B1F10DCC2F}
[2012/08/03 09:56:13 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{99011B57-85B0-487F-961E-66DC20DE2B29}
[2012/08/02 23:26:38 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\Desktop\WAP - Sweepstakes - English
[2012/08/02 21:52:47 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{77596EE1-A471-4D14-9FD7-9455632151B0}
[2012/08/02 21:52:31 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{18D44C6E-FF44-4992-9B11-6A81BDC87F8D}
[2012/08/02 09:51:59 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{55E0A88A-744F-4614-B3ED-A18F0B192706}
[2012/08/02 09:51:22 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{1C45EA2E-1732-4D4E-B36A-A475B9025980}
[2012/08/01 18:59:44 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{587829B2-DB8D-444A-8855-4FFC79B7ACF5}
[2012/08/01 18:59:26 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{8DDDB56F-E4CC-4893-8E9B-A6C78B002DDE}
[2012/07/31 22:28:37 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{C0869E73-AA1E-409D-A754-E0DF99A26E72}
[2012/07/31 22:28:24 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{23DF5E08-9E66-42D1-BBF3-6B064A2C52B6}
[2012/07/31 10:26:59 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{A09AAD2F-BFA9-43B0-977D-A880A801289A}
[2012/07/31 10:26:10 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{BB40EBD5-2EAF-4754-9B4F-5B1F25F717B2}
[2012/07/30 16:21:33 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{02A8F06A-03AD-4E2D-9694-2F3EE006E9D8}
[2012/07/30 16:21:07 | 000,000,000 | ---D | C] -- C:\Users\Wyatt\AppData\Local\{9EE2AA0B-A40A-4263-B181-F2087B380D7B}
[2012/07/30 15:54:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Shadow
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/08/29 12:02:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/08/29 12:01:56 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/29 12:01:56 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/29 11:57:00 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1415409250-421658165-2567368482-1001UA.job
[2012/08/29 11:52:35 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/08/29 11:52:29 | 464,711,679 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/29 11:48:57 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Wyatt\Desktop\OTL.exe
[2012/08/29 10:36:19 | 000,000,000 | ---- | M] () -- C:\windows\tasks\wdc.dll
[2012/08/29 10:36:01 | 029,949,449 | ---- | M] () -- C:\ProgramData\CmU4kIPXlQ6g.cpl
[2012/08/29 10:32:26 | 000,193,953 | ---- | M] () -- C:\Users\Wyatt\Desktop\Surge Portal IO 140118 (2012-08-24).pdf
[2012/08/29 01:58:45 | 000,040,549 | ---- | M] () -- C:\Users\Wyatt\Desktop\Server Usage.jpg
[2012/08/29 01:48:56 | 085,337,936 | ---- | M] () -- C:\Users\Wyatt\Desktop\GeoIP-113_20120807.zip
[2012/08/29 01:48:11 | 063,100,819 | ---- | M] () -- C:\Users\Wyatt\Desktop\GeoIP-111_20120821.tar.gz
[2012/08/29 01:34:57 | 002,621,072 | ---- | M] () -- C:\Users\Wyatt\Desktop\stm-mobile-tracker-v1.0.zip
[2012/08/29 01:24:04 | 000,034,533 | ---- | M] () -- C:\Users\Wyatt\Desktop\namecheap-order7026225.pdf
[2012/08/28 22:40:33 | 000,018,216 | ---- | M] () -- C:\Users\Wyatt\Desktop\28 August.pdf
[2012/08/28 20:46:04 | 028,055,177 | ---- | M] () -- C:\ProgramData\OWoE1QVAj.cpl
[2012/08/28 17:59:25 | 000,012,297 | ---- | M] () -- C:\Users\Wyatt\Desktop\Invoice-71233.pdf
[2012/08/28 15:08:55 | 000,783,940 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/08/28 15:08:55 | 000,655,542 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/08/28 15:08:55 | 000,122,156 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/08/27 20:56:23 | 000,000,216 | ---- | M] () -- C:\ProgramData\e264e8fd60264f390a09782012019fad12372fe4
[2012/08/27 19:10:26 | 000,001,456 | ---- | M] () -- C:\Users\Wyatt\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/08/27 13:08:08 | 000,403,456 | ---- | M] () -- C:\ProgramData\6xCC8Jcn.exe
[2012/08/27 13:07:57 | 028,206,113 | ---- | M] (Nrsft) -- C:\ProgramData\39G9JuXb.exe
[2012/08/26 19:57:03 | 000,000,856 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1415409250-421658165-2567368482-1001Core.job
[2012/08/24 11:38:58 | 000,001,034 | ---- | M] () -- C:\Users\Wyatt\Desktop\AIM.lnk
[2012/08/22 10:59:36 | 000,002,413 | ---- | M] () -- C:\Users\Wyatt\Desktop\Google Chrome.lnk
[2012/08/21 15:32:00 | 004,969,960 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/08/21 14:59:09 | 000,000,706 | ---- | M] () -- C:\Users\Wyatt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnk
[2012/08/21 14:59:07 | 000,000,678 | ---- | M] () -- C:\Users\Wyatt\Application Data\Microsoft\Internet Explorer\Quick Launch\PPS影音.lnk
[2012/08/21 14:59:07 | 000,000,654 | ---- | M] () -- C:\Users\Public\Desktop\PPS影音.lnk
[2012/08/02 15:12:16 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/08/01 19:16:24 | 000,284,291 | ---- | M] () -- C:\Users\Wyatt\Desktop\DF Online.jpg
[2012/07/30 16:23:49 | 000,000,955 | ---- | M] () -- C:\Users\Wyatt\Desktop\Adobe Shadow.lnk
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/08/29 10:36:19 | 000,000,000 | ---- | C] () -- C:\windows\tasks\wdc.dll
[2012/08/29 10:36:00 | 029,949,449 | ---- | C] () -- C:\ProgramData\CmU4kIPXlQ6g.cpl
[2012/08/29 10:32:26 | 000,193,953 | ---- | C] () -- C:\Users\Wyatt\Desktop\Surge Portal IO 140118 (2012-08-24).pdf
[2012/08/29 01:58:45 | 000,040,549 | ---- | C] () -- C:\Users\Wyatt\Desktop\Server Usage.jpg
[2012/08/29 01:44:40 | 085,337,936 | ---- | C] () -- C:\Users\Wyatt\Desktop\GeoIP-113_20120807.zip
[2012/08/29 01:44:28 | 063,100,819 | ---- | C] () -- C:\Users\Wyatt\Desktop\GeoIP-111_20120821.tar.gz
[2012/08/29 01:34:48 | 002,621,072 | ---- | C] () -- C:\Users\Wyatt\Desktop\stm-mobile-tracker-v1.0.zip
[2012/08/29 01:24:03 | 000,034,533 | ---- | C] () -- C:\Users\Wyatt\Desktop\namecheap-order7026225.pdf
[2012/08/28 22:40:32 | 000,018,216 | ---- | C] () -- C:\Users\Wyatt\Desktop\28 August.pdf
[2012/08/28 20:46:04 | 028,055,177 | ---- | C] () -- C:\ProgramData\OWoE1QVAj.cpl
[2012/08/28 17:59:25 | 000,012,297 | ---- | C] () -- C:\Users\Wyatt\Desktop\Invoice-71233.pdf
[2012/08/27 13:08:36 | 000,000,216 | ---- | C] () -- C:\ProgramData\e264e8fd60264f390a09782012019fad12372fe4
[2012/08/27 13:08:04 | 000,403,456 | ---- | C] () -- C:\ProgramData\6xCC8Jcn.exe
[2012/08/21 14:59:10 | 000,000,666 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PPS 影音.lnk
[2012/08/21 14:59:09 | 000,000,706 | ---- | C] () -- C:\Users\Wyatt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PPS.lnk
[2012/08/21 14:59:07 | 000,000,678 | ---- | C] () -- C:\Users\Wyatt\Application Data\Microsoft\Internet Explorer\Quick Launch\PPS影音.lnk
[2012/08/21 14:59:07 | 000,000,654 | ---- | C] () -- C:\Users\Public\Desktop\PPS影音.lnk
[2012/08/01 19:16:23 | 000,284,291 | ---- | C] () -- C:\Users\Wyatt\Desktop\DF Online.jpg
[2012/07/30 16:23:49 | 000,000,955 | ---- | C] () -- C:\Users\Wyatt\Desktop\Adobe Shadow.lnk
[2012/06/26 22:43:57 | 000,187,432 | -H-- | C] () -- C:\windows\SysWow64\mlfcache.dat
[2012/06/06 12:15:56 | 000,000,248 | ---- | C] () -- C:\windows\Brpfx04a.ini
[2012/06/06 12:15:56 | 000,000,094 | ---- | C] () -- C:\windows\brpcfx.ini
[2012/06/06 12:15:32 | 000,003,303 | ---- | C] () -- C:\windows\BRPARAM.INI
[2012/06/06 12:13:45 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\BRTCPCON.DLL
[2012/06/06 12:13:41 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\BRLMW03A.INI
[2012/05/04 17:39:10 | 000,001,456 | ---- | C] () -- C:\Users\Wyatt\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/04/18 21:41:28 | 000,645,632 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2012/04/18 21:41:28 | 000,240,640 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2012/02/01 13:52:34 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012/02/01 13:52:34 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012/02/01 13:52:34 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/02/01 13:52:33 | 013,356,032 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2012/02/01 13:52:33 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2012/02/01 12:28:00 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
[2012/02/01 12:23:20 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/11/17 04:49:04 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2011/11/17 04:49:01 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini
[2011/11/17 04:49:01 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2011/11/17 04:49:01 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2011/11/17 04:49:01 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
[2011/11/17 04:49:01 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2011/11/17 04:49:01 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2011/11/17 04:49:01 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2011/11/17 03:25:01 | 000,778,156 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
========== LOP Check ==========
[2012/06/06 12:04:23 | 000,000,000 | ---D | M] -- C:\Users\Wyatt\AppData\Roaming\Canon
[2012/07/05 17:25:34 | 000,000,000 | ---D | M] -- C:\Users\Wyatt\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/07/11 03:09:07 | 000,000,000 | ---D | M] -- C:\Users\Wyatt\AppData\Roaming\com.springbox.mobilizer
[2012/06/02 16:56:22 | 000,000,000 | ---D | M] -- C:\Users\Wyatt\AppData\Roaming\DiskAid
[2012/08/29 11:55:02 | 000,000,000 | ---D | M] -- C:\Users\Wyatt\AppData\Roaming\Dropbox
[2012/07/19 13:20:26 | 000,000,000 | ---D | M] -- C:\Users\Wyatt\AppData\Roaming\FileZilla
[2012/04/18 20:36:18 | 000,000,000 | ---D | M] -- C:\Users\Wyatt\AppData\Roaming\Fingertapps
[2012/06/27 14:43:54 | 000,000,000 | ---D | M] -- C:\Users\Wyatt\AppData\Roaming\IDT
[2012/06/26 22:41:25 | 000,000,000 | ---D | M] -- C:\Users\Wyatt\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2012/04/24 19:14:46 | 000,000,000 | ---D | M] -- C:\Users\Wyatt\AppData\Roaming\Notepad++
[2012/06/21 21:39:52 | 000,000,000 | ---D | M] -- C:\Users\Wyatt\AppData\Roaming\Orbit
[2012/04/18 21:05:10 | 000,000,000 | ---D | M] -- C:\Users\Wyatt\AppData\Roaming\PCDr
[2012/08/29 11:54:00 | 000,000,000 | ---D | M] -- C:\Users\Wyatt\AppData\Roaming\PPStream
[2012/04/18 21:27:54 | 000,000,000 | ---D | M] -- C:\Users\Wyatt\AppData\Roaming\ProgSense
[2012/05/11 18:05:23 | 000,000,000 | ---D | M] -- C:\Users\Wyatt\AppData\Roaming\SoftGrid Client
[2012/07/16 17:40:59 | 000,000,000 | ---D | M] -- C:\Users\Wyatt\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/04/18 21:14:00 | 000,000,000 | ---D | M] -- C:\Users\Wyatt\AppData\Roaming\TP
[2012/08/07 18:09:29 | 000,000,000 | ---D | M] -- C:\Users\Wyatt\AppData\Roaming\TuneUp Software
[2012/07/14 02:05:59 | 000,000,000 | ---D | M] -- C:\Users\Wyatt\AppData\Roaming\WiTopia
[2012/08/09 10:01:39 | 000,032,598 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2012/08/29 10:36:19 | 000,000,000 | ---- | M] () -- C:\windows\Tasks\wdc.dll
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2012/07/18 22:50:29 | 000,000,040 | ---- | M] ()(C:\windows\SysNative\@?) -- C:\windows\SysNative\@Ñ
[2012/07/18 22:50:29 | 000,000,040 | ---- | C] ()(C:\windows\SysNative\@?) -- C:\windows\SysNative\@Ñ
< End of report >
Edited by WyffGoaL, 28 August 2012 - 10:30 PM.