This topic is locked
I believe my Internet Explorer is being hijacked, no matter how I change the homepage URL, it will always redirect to www.hao123.com.
It's really annoying and hopefully someone here could help me out.
Your help will be very much appreciated.
Thanks in advance!
OTL Log:
OTL logfile created on: 3/31/2013 2:39:47 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wyatt.Wyatt-PC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.91 Gb Total Physical Memory | 3.92 Gb Available Physical Memory | 66.25% Memory free
11.82 Gb Paging File | 9.78 Gb Available in Paging File | 82.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 304.53 Gb Total Space | 258.51 Gb Free Space | 84.89% Space Free | Partition Type: NTFS
Drive E: | 146.48 Gb Total Space | 142.07 Gb Free Space | 96.99% Space Free | Partition Type: NTFS
Computer Name: WYATT-PC | User Name: Wyatt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/03/31 02:39:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wyatt.Wyatt-PC\Desktop\OTL.exe
PRC - [2013/03/07 21:48:32 | 001,234,544 | ---- | M] (Shenzhen QVOD Technology Co.,Ltd) -- C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe
PRC - [2013/01/28 11:21:00 | 000,081,840 | ---- | M] (Shenzhen QVOD Technology Co.,Ltd) -- C:\Program Files (x86)\QvodPlayer\QvodMon.exe
PRC - [2012/12/19 03:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/10/08 11:42:54 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/05/19 15:16:48 | 000,995,392 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/05/19 15:16:46 | 001,335,360 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/05/19 15:16:36 | 000,921,664 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/05/19 15:16:34 | 000,839,744 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2010/11/06 13:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/06 13:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/10/06 11:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/06 11:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
========== Modules (No Company Name) ==========
MOD - [2013/03/10 23:08:00 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll
MOD - [2013/03/10 23:08:00 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll
MOD - [2013/03/10 22:48:16 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/03/10 22:47:50 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/03/10 22:47:45 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/03/10 22:47:36 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/03/10 22:47:33 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/03/10 22:47:30 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/03/10 22:47:30 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/03/10 22:47:21 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011/04/23 00:13:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll
========== Services (SafeList) ==========
SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/09/16 08:41:28 | 001,518,352 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/09/16 08:28:06 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/09/16 08:24:52 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/09/15 23:54:46 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/06/04 02:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/01/25 17:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/11/30 05:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/14 09:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 18:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/03/13 16:57:59 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/07 22:30:44 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/19 03:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/08 11:42:54 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/05/13 13:30:40 | 000,018,432 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe -- (wampapache)
SRV - [2012/04/19 16:02:32 | 008,177,664 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe -- (wampmysqld)
SRV - [2011/05/19 15:16:48 | 000,995,392 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/05/19 15:16:46 | 001,335,360 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/05/19 15:16:36 | 000,921,664 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/11/06 13:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/10/06 11:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/06 11:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/19 03:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/11 05:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/08 11:42:36 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/10/08 11:42:14 | 000,284,008 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2012/08/23 22:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 22:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 22:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 14:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/18 16:26:52 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/09/15 23:48:24 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/09/15 23:48:24 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/07/21 06:21:50 | 000,406,336 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011/07/21 06:21:50 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011/07/20 08:54:06 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/07/20 05:13:42 | 000,282,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/06/22 05:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/06/22 05:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/19 15:17:04 | 000,053,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/05/19 15:17:02 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2011/05/13 16:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/04/11 03:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 13:29:20 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/01/25 17:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/21 01:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/11/30 05:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/21 11:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/07 07:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/30 08:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/03/19 17:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/14 09:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 09:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 09:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 04:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 04:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 04:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 04:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/09/25 10:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2006/11/02 02:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/14 09:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..network.proxy.http: "187.185.71.90"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodInsert: C:\Program Files (x86)\QvodPlayer\npQvodInsert.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@qvod.com/QvodShare: C:\Program Files (x86)\QvodPlayer\npShareModule.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\KuaiWanInsert: C:\Program Files (x86)\QvodPlayer\AddIn\KWWebgame\npKWWebGame.dll (Shenzhen QVOD Technology Co.,Ltd)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/11 00:31:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2013/03/10 15:42:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\mozilla\Extensions
[2013/03/10 15:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/07 22:31:00 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/03/07 22:30:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/07 22:30:20 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Google Docs = C:\Users\Wyatt.Wyatt-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: MeasureIt! = C:\Users\Wyatt.Wyatt-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aonjhmdcgbgikgjapjckfkefpphjpgma\1.1.3_0\
CHR - Extension: Google Drive = C:\Users\Wyatt.Wyatt-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Wyatt.Wyatt-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Wyatt.Wyatt-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: PageSpeed Insights (by Google) = C:\Users\Wyatt.Wyatt-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gplegfbjlmmehdoakndmohflojccocli\2.0.2.3_0\
CHR - Extension: PageRank Status = C:\Users\Wyatt.Wyatt-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdkkfheckcdppiaiabobmennhijkknn\7.3.0_0\
CHR - Extension: Eye Dropper = C:\Users\Wyatt.Wyatt-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdcmlfkchdmnmnmheododdhjedfccka\0.2.6_0\
CHR - Extension: Session Manager = C:\Users\Wyatt.Wyatt-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mghenlmbmjcpehccoangkdpagbcbkdpc\3.4.5_0\
CHR - Extension: Google Mail Checker = C:\Users\Wyatt.Wyatt-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: Ghostery = C:\Users\Wyatt.Wyatt-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.0_0\
CHR - Extension: SEO Global For Google Search\u2122 = C:\Users\Wyatt.Wyatt-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojgmigafbpedhdilmemphfklkbghlphi\5.1_0\
CHR - Extension: Gmail = C:\Users\Wyatt.Wyatt-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2013/03/13 12:22:37 | 000,000,909 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 p202backup1
O1 - Hosts: 127.0.0.1 p202backup2
O2:64bit: - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D298} - C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.83.0\QvodExtend_x64.dll (Shenzhen QVOD Technology Co.,Ltd)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (QvodExtend) - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files (x86)\QvodPlayer\QvodExtend\5.0.83.0\QvodExtend.dll (Shenzhen QVOD Technology Co.,Ltd)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [QvodTerminal] C:\Program Files (x86)\QvodPlayer\QvodTerminal.exe (Shenzhen QVOD Technology Co.,Ltd)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Wunderlist] C:\Users\Wyatt.Wyatt-PC\AppData\Local\Apps\2.0\2TGTCL6G.YC7\GT3KOM2A.7H7\wund..tion_45ec1bcecca77a53_0002.0000_764351e8af09666f\Wunderlist.exe (6 Wunderkinder GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DEFA122-E95D-462F-9299-AD5B16D1B808}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\WINDOWS\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\WINDOWS\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/03/31 02:39:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wyatt.Wyatt-PC\Desktop\OTL.exe
[2013/03/29 21:43:22 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\Desktop\New folder
[2013/03/28 12:01:20 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Local\ElevatedDiagnostics
[2013/03/27 18:53:31 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\Desktop\Dragon_City_Mobile_Applift
[2013/03/21 12:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\purevpn
[2013/03/21 12:30:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PureVPN
[2013/03/21 12:30:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PureVPN
[2013/03/20 15:09:52 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\Desktop\Stack Adwords Banners
[2013/03/19 13:15:22 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\FileZilla
[2013/03/19 13:15:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2013/03/19 13:15:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2013/03/19 10:51:02 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\Desktop\StackIdeas Facebook
[2013/03/17 21:59:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/03/17 17:31:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Baidu
[2013/03/17 17:31:17 | 000,000,000 | ---D | C] -- C:\ProgramData\KuaiWan
[2013/03/17 17:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\QvodPlayer
[2013/03/17 17:30:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QvodPlayer
[2013/03/14 11:16:34 | 000,000,000 | --SD | C] -- C:\Users\Wyatt.Wyatt-PC\Google Drive
[2013/03/14 11:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/03/13 20:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/13 20:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/13 20:18:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/13 18:07:05 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\com.springbox.mobilizer
[2013/03/13 18:07:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobilizer
[2013/03/13 12:21:51 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013/03/13 12:21:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2013/03/13 12:21:49 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\Notepad++
[2013/03/13 12:21:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2013/03/13 12:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WampServer
[2013/03/13 12:13:57 | 000,000,000 | ---D | C] -- C:\wamp
[2013/03/12 13:37:14 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Local\Macromedia
[2013/03/12 12:46:56 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Local\6_Wunderkinder_GmbH
[2013/03/12 11:30:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/03/12 11:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/03/11 17:36:11 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\Desktop\StackIdeas
[2013/03/11 15:56:45 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\NVIDIA
[2013/03/11 00:33:56 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Local\Apple Computer
[2013/03/11 00:33:55 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\Apple Computer
[2013/03/11 00:33:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/03/11 00:33:50 | 000,000,000 | ---D | C] -- C:\windows\SysNative\DRVSTORE
[2013/03/11 00:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/03/11 00:33:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/03/11 00:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/03/11 00:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/03/11 00:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/03/11 00:32:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/03/11 00:32:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/03/11 00:31:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/03/11 00:31:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/03/11 00:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/03/11 00:31:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/03/11 00:31:05 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Local\Apple
[2013/03/11 00:31:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/03/11 00:31:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/03/11 00:26:09 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Local\TechSmith
[2013/03/11 00:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
[2013/03/11 00:25:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TechSmith
[2013/03/11 00:23:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013/03/11 00:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2013/03/11 00:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013/03/10 23:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/10 23:56:01 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/03/10 23:56:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/10 23:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/03/10 23:31:17 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2013/03/10 23:31:17 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2013/03/10 21:38:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013/03/10 21:34:46 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\KeePass
[2013/03/10 21:33:28 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\6Wunderkinder
[2013/03/10 21:32:58 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\6 Wunderkinder GmbH
[2013/03/10 21:31:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/03/10 21:30:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2013/03/10 21:29:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2013/03/10 21:29:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/03/10 21:28:19 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH
[2013/03/10 21:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/03/10 21:26:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2013/03/10 21:25:48 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Local\Microsoft Help
[2013/03/10 21:25:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/03/10 21:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013/03/10 21:25:35 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/03/10 21:18:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/03/10 21:18:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/03/10 21:11:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeePass Password Safe 2
[2013/03/10 21:10:40 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/03/10 21:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013/03/10 21:10:35 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\WinRAR
[2013/03/10 21:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2013/03/10 21:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/03/10 21:02:56 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Local\Adobe
[2013/03/10 21:02:08 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\Skype
[2013/03/10 20:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2013/03/10 20:59:13 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\Malwarebytes
[2013/03/10 20:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/10 20:59:00 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Local\Programs
[2013/03/10 20:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/03/10 20:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/03/10 20:57:19 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Support Center
[2013/03/10 16:37:16 | 000,000,000 | ---D | C] -- C:\windows\SMINST
[2013/03/10 15:42:15 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Local\Mozilla
[2013/03/10 15:42:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/03/10 15:42:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/03/10 15:42:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/10 15:40:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/03/10 15:39:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/03/10 15:38:56 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Local\Google
[2013/03/10 15:38:37 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Local\Apps
[2013/03/10 15:38:35 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Local\Deployment
[2013/03/10 15:38:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/03/10 15:37:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/03/10 14:05:06 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Local\Downloaded Installations
[2013/03/10 14:01:24 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\PCDr
[2013/03/10 14:00:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr
[2013/03/10 13:45:06 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Local\Nero_AG
[2013/03/10 13:35:32 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\Roxio Log Files
[2013/03/10 13:34:49 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\Mozilla
[2013/03/10 13:33:08 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\Macromedia
[2013/03/10 13:33:07 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\Adobe
[2013/03/10 13:30:11 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\Fingertapps
[2013/03/10 13:30:11 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\Dell
[2013/03/10 13:30:05 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Local\Dell
[2013/03/10 13:29:52 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\Intel Corporation
[2013/03/10 13:29:44 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\Dell Touch Zone
[2013/03/10 13:29:32 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\Roxio
[2013/03/10 13:29:20 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\Creative
[2013/03/10 13:28:53 | 000,000,000 | R--D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/03/10 13:28:53 | 000,000,000 | R--D | C] -- C:\Users\Wyatt.Wyatt-PC\Searches
[2013/03/10 13:28:53 | 000,000,000 | R--D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/03/10 13:28:53 | 000,000,000 | -H-D | C] -- C:\Users\Wyatt.Wyatt-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/03/10 13:28:43 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\Identities
[2013/03/10 13:28:40 | 000,000,000 | R--D | C] -- C:\Users\Wyatt.Wyatt-PC\Contacts
[2013/03/10 13:28:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/10 13:28:34 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Local\VirtualStore
[2013/03/10 13:24:18 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\Intel
[2013/03/10 13:24:16 | 000,000,000 | -HSD | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Local\Temporary Internet Files
[2013/03/10 13:24:16 | 000,000,000 | -HSD | C] -- C:\Users\Wyatt.Wyatt-PC\Templates
[2013/03/10 13:24:16 | 000,000,000 | -HSD | C] -- C:\Users\Wyatt.Wyatt-PC\Start Menu
[2013/03/10 13:24:16 | 000,000,000 | -HSD | C] -- C:\Users\Wyatt.Wyatt-PC\SendTo
[2013/03/10 13:24:16 | 000,000,000 | -HSD | C] -- C:\Users\Wyatt.Wyatt-PC\Recent
[2013/03/10 13:24:16 | 000,000,000 | -HSD | C] -- C:\Users\Wyatt.Wyatt-PC\PrintHood
[2013/03/10 13:24:16 | 000,000,000 | -HSD | C] -- C:\Users\Wyatt.Wyatt-PC\NetHood
[2013/03/10 13:24:16 | 000,000,000 | -HSD | C] -- C:\Users\Wyatt.Wyatt-PC\Documents\My Videos
[2013/03/10 13:24:16 | 000,000,000 | -HSD | C] -- C:\Users\Wyatt.Wyatt-PC\Documents\My Pictures
[2013/03/10 13:24:16 | 000,000,000 | -HSD | C] -- C:\Users\Wyatt.Wyatt-PC\Documents\My Music
[2013/03/10 13:24:16 | 000,000,000 | -HSD | C] -- C:\Users\Wyatt.Wyatt-PC\My Documents
[2013/03/10 13:24:16 | 000,000,000 | -HSD | C] -- C:\Users\Wyatt.Wyatt-PC\Local Settings
[2013/03/10 13:24:16 | 000,000,000 | -HSD | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Local\History
[2013/03/10 13:24:16 | 000,000,000 | -HSD | C] -- C:\Users\Wyatt.Wyatt-PC\Cookies
[2013/03/10 13:24:16 | 000,000,000 | -HSD | C] -- C:\Users\Wyatt.Wyatt-PC\Application Data
[2013/03/10 13:24:16 | 000,000,000 | -HSD | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Local\Application Data
[2013/03/10 13:24:15 | 000,000,000 | --SD | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\Microsoft
[2013/03/10 13:24:15 | 000,000,000 | R--D | C] -- C:\Users\Wyatt.Wyatt-PC\Videos
[2013/03/10 13:24:15 | 000,000,000 | R--D | C] -- C:\Users\Wyatt.Wyatt-PC\Saved Games
[2013/03/10 13:24:15 | 000,000,000 | R--D | C] -- C:\Users\Wyatt.Wyatt-PC\Pictures
[2013/03/10 13:24:15 | 000,000,000 | R--D | C] -- C:\Users\Wyatt.Wyatt-PC\Music
[2013/03/10 13:24:15 | 000,000,000 | R--D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/03/10 13:24:15 | 000,000,000 | R--D | C] -- C:\Users\Wyatt.Wyatt-PC\Links
[2013/03/10 13:24:15 | 000,000,000 | R--D | C] -- C:\Users\Wyatt.Wyatt-PC\Favorites
[2013/03/10 13:24:15 | 000,000,000 | R--D | C] -- C:\Users\Wyatt.Wyatt-PC\Downloads
[2013/03/10 13:24:15 | 000,000,000 | R--D | C] -- C:\Users\Wyatt.Wyatt-PC\Documents
[2013/03/10 13:24:15 | 000,000,000 | R--D | C] -- C:\Users\Wyatt.Wyatt-PC\Desktop
[2013/03/10 13:24:15 | 000,000,000 | R--D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/03/10 13:24:15 | 000,000,000 | -H-D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData
[2013/03/10 13:24:15 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Local\Temp
[2013/03/10 13:24:15 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Local\SoftThinks
[2013/03/10 13:24:15 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\Roaming
[2013/03/10 13:24:15 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Local\Microsoft
[2013/03/10 13:24:15 | 000,000,000 | ---D | C] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\Media Center Programs
========== Files - Modified Within 30 Days ==========
[2013/03/31 02:39:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wyatt.Wyatt-PC\Desktop\OTL.exe
[2013/03/31 01:54:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/03/31 01:44:00 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/30 16:40:37 | 000,000,954 | ---- | M] () -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\coreavc.ini
[2013/03/30 15:44:02 | 000,000,892 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/30 15:29:45 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/30 15:29:45 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/30 13:41:51 | 000,800,318 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/03/30 13:41:51 | 000,675,892 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/03/30 13:41:51 | 000,126,500 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/03/30 13:37:18 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/03/30 13:37:14 | 464,711,679 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/27 18:48:02 | 004,465,753 | ---- | M] () -- C:\Users\Wyatt.Wyatt-PC\Desktop\Dragon_City_Mobile_Applift.zip
[2013/03/27 12:10:09 | 000,018,746 | ---- | M] () -- C:\Users\Wyatt.Wyatt-PC\Desktop\bad_bad_bad.png
[2013/03/27 11:56:13 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/03/27 11:17:14 | 000,001,456 | ---- | M] () -- C:\Users\Wyatt.Wyatt-PC\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/03/21 12:30:51 | 000,001,867 | ---- | M] () -- C:\Users\Public\Desktop\PureVPN.lnk
[2013/03/19 13:15:15 | 000,002,002 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2013/03/18 19:19:07 | 000,045,084 | ---- | M] () -- C:\Users\Wyatt.Wyatt-PC\Desktop\DraftExample.jpg
[2013/03/18 19:12:15 | 000,071,062 | ---- | M] () -- C:\Users\Wyatt.Wyatt-PC\Desktop\DraftExample2.jpg
[2013/03/18 19:00:37 | 000,051,903 | ---- | M] () -- C:\Users\Wyatt.Wyatt-PC\Desktop\DraftExample3.jpg
[2013/03/15 10:45:29 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/14 18:18:06 | 000,813,816 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/03/14 11:16:34 | 000,001,708 | ---- | M] () -- C:\Users\Wyatt.Wyatt-PC\Desktop\Google Drive Folder.lnk
[2013/03/13 18:07:03 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\Mobilizer.lnk
[2013/03/13 12:21:51 | 000,001,067 | ---- | M] () -- C:\Users\Wyatt.Wyatt-PC\Desktop\Notepad++.lnk
[2013/03/13 12:15:34 | 000,000,591 | ---- | M] () -- C:\Users\Wyatt.Wyatt-PC\Desktop\WampServer.lnk
[2013/03/12 11:31:21 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2013/03/11 17:48:41 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/03/11 04:21:07 | 000,108,227 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2013/03/11 04:21:07 | 000,108,227 | ---- | M] () -- C:\windows\SysNative\license.rtf
[2013/03/11 00:33:53 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/03/11 00:20:20 | 005,037,928 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/03/11 00:15:36 | 000,001,109 | ---- | M] () -- C:\Users\Wyatt.Wyatt-PC\Desktop\Adobe Photoshop CS6 (64 Bit).lnk
[2013/03/10 23:56:05 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/10 21:32:59 | 000,000,326 | ---- | M] () -- C:\Users\Wyatt.Wyatt-PC\Desktop\Wunderlist.appref-ms
[2013/03/10 21:11:28 | 000,001,107 | ---- | M] () -- C:\Users\Wyatt.Wyatt-PC\Desktop\KeePass 2.lnk
[2013/03/10 20:59:35 | 000,001,971 | ---- | M] () -- C:\Users\Wyatt.Wyatt-PC\Desktop\Update Checker.lnk
[2013/03/10 15:54:10 | 000,002,281 | ---- | M] () -- C:\Users\Wyatt.Wyatt-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/10 15:42:11 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/03/10 15:36:49 | 000,001,439 | ---- | M] () -- C:\Users\Wyatt.Wyatt-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
========== Files Created - No Company Name ==========
[2013/03/27 18:47:50 | 004,465,753 | ---- | C] () -- C:\Users\Wyatt.Wyatt-PC\Desktop\Dragon_City_Mobile_Applift.zip
[2013/03/27 12:10:09 | 000,018,746 | ---- | C] () -- C:\Users\Wyatt.Wyatt-PC\Desktop\bad_bad_bad.png
[2013/03/21 12:30:51 | 000,001,867 | ---- | C] () -- C:\Users\Public\Desktop\PureVPN.lnk
[2013/03/19 13:15:15 | 000,002,002 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2013/03/18 19:00:37 | 000,051,903 | ---- | C] () -- C:\Users\Wyatt.Wyatt-PC\Desktop\DraftExample3.jpg
[2013/03/18 18:37:33 | 000,071,062 | ---- | C] () -- C:\Users\Wyatt.Wyatt-PC\Desktop\DraftExample2.jpg
[2013/03/17 17:37:02 | 000,000,954 | ---- | C] () -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\coreavc.ini
[2013/03/14 11:16:34 | 000,001,708 | ---- | C] () -- C:\Users\Wyatt.Wyatt-PC\Desktop\Google Drive Folder.lnk
[2013/03/13 18:07:03 | 000,000,895 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobilizer.lnk
[2013/03/13 18:07:03 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\Mobilizer.lnk
[2013/03/13 12:21:51 | 000,001,067 | ---- | C] () -- C:\Users\Wyatt.Wyatt-PC\Desktop\Notepad++.lnk
[2013/03/13 12:15:34 | 000,000,591 | ---- | C] () -- C:\Users\Wyatt.Wyatt-PC\Desktop\WampServer.lnk
[2013/03/12 13:37:06 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/03/12 11:31:21 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2013/03/12 11:31:11 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/03/11 19:37:20 | 000,045,084 | ---- | C] () -- C:\Users\Wyatt.Wyatt-PC\Desktop\DraftExample.jpg
[2013/03/11 19:27:45 | 000,001,456 | ---- | C] () -- C:\Users\Wyatt.Wyatt-PC\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/03/11 17:48:41 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/03/11 01:45:45 | 464,711,679 | -HS- | C] () -- C:\hiberfil.sys
[2013/03/11 00:33:53 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/03/11 00:31:04 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/03/11 00:14:16 | 000,001,109 | ---- | C] () -- C:\Users\Wyatt.Wyatt-PC\Desktop\Adobe Photoshop CS6 (64 Bit).lnk
[2013/03/11 00:10:57 | 000,001,077 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
[2013/03/11 00:09:26 | 000,001,209 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2013/03/11 00:07:54 | 000,001,039 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2013/03/11 00:06:48 | 000,001,171 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
[2013/03/11 00:00:44 | 000,001,355 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2013/03/11 00:00:32 | 000,001,521 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2013/03/10 23:56:04 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/10 22:20:15 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/03/10 22:01:56 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/03/10 21:32:59 | 000,000,326 | ---- | C] () -- C:\Users\Wyatt.Wyatt-PC\Desktop\Wunderlist.appref-ms
[2013/03/10 21:18:10 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/03/10 21:11:28 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
[2013/03/10 21:11:28 | 000,001,107 | ---- | C] () -- C:\Users\Wyatt.Wyatt-PC\Desktop\KeePass 2.lnk
[2013/03/10 20:59:35 | 000,002,001 | ---- | C] () -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2013/03/10 20:59:35 | 000,001,971 | ---- | C] () -- C:\Users\Wyatt.Wyatt-PC\Desktop\Update Checker.lnk
[2013/03/10 20:58:55 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/03/10 15:42:10 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/03/10 15:42:10 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/03/10 15:40:19 | 000,002,281 | ---- | C] () -- C:\Users\Wyatt.Wyatt-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/10 15:40:19 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/03/10 15:39:04 | 000,000,896 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/10 15:39:02 | 000,000,892 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/10 15:36:49 | 000,001,439 | ---- | C] () -- C:\Users\Wyatt.Wyatt-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/03/10 13:28:58 | 000,001,411 | ---- | C] () -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/03/10 13:28:54 | 000,001,445 | ---- | C] () -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/03/10 13:28:10 | 000,001,975 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[2013/03/10 13:24:15 | 000,000,290 | ---- | C] () -- C:\Users\Wyatt.Wyatt-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/03/10 13:24:15 | 000,000,272 | ---- | C] () -- C:\Users\Wyatt.Wyatt-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/02/01 13:52:34 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012/02/01 13:52:34 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2012/02/01 13:52:34 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/02/01 13:52:33 | 013,356,032 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2012/02/01 13:52:33 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2012/02/01 12:28:00 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
[2012/02/01 12:23:20 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/11/17 04:49:04 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2011/11/17 04:49:01 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini
[2011/11/17 04:49:01 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2011/11/17 04:49:01 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2011/11/17 04:49:01 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
[2011/11/17 04:49:01 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2011/11/17 04:49:01 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2011/11/17 04:49:01 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2011/11/17 03:25:01 | 000,813,816 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
========== ZeroAccess Check ==========
[2009/07/14 12:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\shell32.dll -- [2012/06/09 13:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 12:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\fastprox.dll -- [2009/07/14 09:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 11:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\SysNative\wbem\wbemess.dll -- [2009/07/14 09:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/03/10 21:33:28 | 000,000,000 | ---D | M] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\6Wunderkinder
[2013/03/13 18:07:05 | 000,000,000 | ---D | M] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\com.springbox.mobilizer
[2013/03/19 13:50:02 | 000,000,000 | ---D | M] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\FileZilla
[2013/03/10 13:30:11 | 000,000,000 | ---D | M] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\Fingertapps
[2013/03/29 12:47:12 | 000,000,000 | ---D | M] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\KeePass
[2013/03/13 12:22:39 | 000,000,000 | ---D | M] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\Notepad++
[2013/03/10 14:03:09 | 000,000,000 | ---D | M] -- C:\Users\Wyatt.Wyatt-PC\AppData\Roaming\PCDr
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2013/03/17 17:31:26 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\快播软件
[2013/03/17 17:31:25 | 000,001,943 | ---- | M] ()(C:\Users\Wyatt.Wyatt-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\??.lnk) -- C:\Users\Wyatt.Wyatt-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\快播.lnk
[2013/03/17 17:31:25 | 000,001,943 | ---- | C] ()(C:\Users\Wyatt.Wyatt-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\??.lnk) -- C:\Users\Wyatt.Wyatt-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\快播.lnk
< End of report >
Sign In
Create Account
