Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

No Internet Access After Getting SVCHost Virus


  • Please log in to reply

#1
tayperk012

tayperk012

    New Member

  • Member
  • Pip
  • 2 posts
So my computers been running fine until a couple weeks ago when it wouldn't connect to the internet. It can find my routers signal but when I try to connect, the router is listed as an "unidentified network" and gets no internet access. I suspect that the virus came from downloading software off the internet but not certain. I have listed logs from MALWARE BYTES ANTI-MALWARE and OTL. I have also listed a tutorial at the bottom that was unsuccessful with removing the virus. PLEASE HELP!

I ran malware bytes anti malware and saw 2 infected files labled SVCHOST.EXE in the windows folder, tried to get rid of them but does nothing. Here is the log I got from malware bytes:



Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.04.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tay Perk :: TAYPERK-PC [administrator]

3/20/2012 7:23:50 AM
mbam-log-2012-03-20 (07-23-50).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 442119
Time elapsed: 59 minute(s), 23 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 6008 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)




I also ran OTL and here is a log with the results:


OTL logfile created on: 3/20/2012 8:28:51 AM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Tay Perk\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 5.52 Gb Available Physical Memory | 69.13% Memory free
15.96 Gb Paging File | 13.32 Gb Available in Paging File | 83.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.22 Gb Total Space | 116.01 Gb Free Space | 12.62% Space Free | Partition Type: NTFS
Drive D: | 4.32 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 446.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive J: | 930.86 Gb Total Space | 2.56 Gb Free Space | 0.28% Space Free | Partition Type: NTFS
Drive K: | 596.17 Gb Total Space | 1.82 Gb Free Space | 0.31% Space Free | Partition Type: NTFS
Drive X: | 12.25 Gb Total Space | 4.72 Gb Free Space | 38.56% Space Free | Partition Type: NTFS

Computer Name: TAYPERK-PC | User Name: Tay Perk | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/20 19:57:30 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Tay Perk\Desktop\OTL.exe
PRC - [2012/01/13 14:53:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/09/06 12:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/09 17:02:04 | 001,176,064 | ---- | M] (W3i, LLC) -- C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
PRC - [2011/08/01 12:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/01/12 07:08:56 | 001,523,360 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
PRC - [2010/11/17 10:35:40 | 001,440,240 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
PRC - [2010/11/17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/09/13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/13 18:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/05/24 20:39:52 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2010/03/10 16:26:30 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/12/15 14:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/06 15:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/11 04:22:03 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 06:35:39 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dd56ffc9d534de278c79420dcce058a4\System.Core.ni.dll
MOD - [2011/10/13 06:34:50 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\60c320dbe033e8ff4830cdc059933f2c\IAStorUtil.ni.dll
MOD - [2011/10/13 06:34:50 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ebfad289d9759034cd3a887802fadb5b\IAStorCommon.ni.dll
MOD - [2011/10/13 03:28:33 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07cdef1a740151932dcf161f3306bd9c\PresentationFramework.Aero.ni.dll
MOD - [2011/10/13 03:28:16 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\70e2ca33ffa52c743285dc5b4910a229\PresentationFramework.ni.dll
MOD - [2011/10/13 03:28:08 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/13 03:28:04 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/13 03:28:02 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7c94a121334aeca7553c7f01290740f0\PresentationCore.ni.dll
MOD - [2011/10/13 03:27:56 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/13 03:27:53 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/13 03:27:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/13 03:27:50 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/13 03:27:46 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/01/12 07:08:52 | 000,060,416 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\zlib1.dll
MOD - [2010/11/24 22:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 13:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/11/17 10:35:40 | 001,440,240 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
MOD - [2010/11/17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/11/17 10:35:28 | 000,657,904 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\BBEngineAS.dll
MOD - [2009/12/15 14:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/12/15 14:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/04/14 15:01:38 | 000,245,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/04/14 15:01:38 | 000,200,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/03/13 12:45:12 | 000,158,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2010/10/07 21:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/17 18:03:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/03/10 11:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/03/30 13:11:01 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/11/25 05:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 05:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/09/14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/09/13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/08/25 20:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/25 11:39:52 | 000,246,256 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/11 20:50:59 | 000,056,408 | ---- | M] (NCH Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stdriver64.sys -- (stdriver)
DRV:64bit: - [2011/05/26 18:30:39 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/04/14 15:01:38 | 000,441,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/04/14 15:01:38 | 000,283,744 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/04/14 15:01:38 | 000,190,520 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/04/14 15:01:38 | 000,094,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/04/14 15:01:38 | 000,075,160 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/04/14 15:01:38 | 000,063,056 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/03/13 12:20:10 | 000,639,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/03/13 12:20:10 | 000,156,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/15 20:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/09/24 18:46:32 | 000,116,752 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/09/21 22:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/09/14 07:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/06/08 07:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2010/05/20 18:42:44 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010/05/17 18:35:30 | 006,853,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/17 17:30:28 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/09 16:23:28 | 000,018,328 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\inidvd.sys -- (INIDVD)
DRV:64bit: - [2010/04/08 04:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - No CLSID value found
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:0.1.2008d
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.9
FF - prefs.js..extensions.enabledItems: [email protected]:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.5
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tay Perk\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tay Perk\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/12/26 21:36:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3C5F0F00-683D-4847-89C8-E7AF64FD1CFB}: C:\Program Files (x86)\RelevantKnowledge
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/06 20:55:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/04/01 14:28:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tay Perk\AppData\Roaming\Mozilla\Extensions
[2011/04/01 14:28:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tay Perk\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/01/09 17:03:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tay Perk\AppData\Roaming\Mozilla\Firefox\Profiles\o6cigq2o.default\extensions
[2012/02/07 21:34:45 | 000,000,000 | ---D | M] (FreeSoundRecorder Community Toolbar) -- C:\Users\Tay Perk\AppData\Roaming\Mozilla\Firefox\Profiles\o6cigq2o.default\extensions\{32b29df0-2237-4370-9a29-37cebb730e9b}
[2011/05/28 17:04:43 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Tay Perk\AppData\Roaming\Mozilla\Firefox\Profiles\o6cigq2o.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/12/07 20:28:01 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Tay Perk\AppData\Roaming\Mozilla\Firefox\Profiles\o6cigq2o.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/12/12 00:53:17 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Tay Perk\AppData\Roaming\Mozilla\Firefox\Profiles\o6cigq2o.default\extensions\{d3f0d092-3351-4a77-ac67-1afa44baef52}
[2011/12/06 19:15:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/01 14:27:58 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/04/01 14:27:58 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/04/01 14:27:58 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/04/01 14:27:58 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/04/01 14:27:58 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/04/01 14:27:58 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2011/04/01 14:27:58 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES (X86)\CELTX\EXTENSIONS\[email protected]
[2012/01/06 20:55:04 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/04/14 15:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2012/01/06 20:55:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/06 20:55:01 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Tay Perk\AppData\Local\Google\Chrome\Application\17.0.963.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Tay Perk\AppData\Local\Google\Chrome\Application\17.0.963.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Tay Perk\AppData\Local\Google\Chrome\Application\17.0.963.46\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Tay Perk\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Tay Perk\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Tay Perk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Tay Perk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: SiteAdvisor = C:\Users\Tay Perk\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.2_0\
CHR - Extension: Vuze Remote = C:\Users\Tay Perk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\2.3.1.12_0\
CHR - Extension: Gmail = C:\Users\Tay Perk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2010/04/30 14:56:09 | 000,001,798 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111218213032.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20111218213032.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BitLeader)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [InstallIQUpdater] C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe (W3i, LLC)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [wmiEventcdrom] rundll32.exe "C:\Users\Tay Perk\AppData\Local\AcroMobileVdm\wmiEventcdrom.dll",SyncobjLite sysapiLite File not found
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tay Perk\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Tay Perk\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF1D988C-4758-4923-A91B-9DACFD097E26}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/18 16:12:18 | 000,000,088 | ---- | M] () - G:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2010/04/07 20:11:23 | 000,000,000 | ---D | M] - K:\autorun -- [ NTFS ]
O32 - AutoRun File - [2010/03/03 00:48:02 | 000,000,117 | -H-- | M] () - K:\autorun.bak -- [ NTFS ]
O32 - AutoRun File - [2010/01/29 02:44:48 | 000,000,134 | -H-- | M] () - K:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - X:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{5a36dcf6-5c87-11e0-90f3-782bcb934832}\Shell - "" = AutoRun
O33 - MountPoints2\{5a36dcf6-5c87-11e0-90f3-782bcb934832}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/03/20 08:26:03 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Tay Perk\Documents\mbam--setup-1.60.1.1000.exe
[2012/03/20 08:26:03 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Tay Perk\Desktop\OTL.exe
[2012/03/20 07:18:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/03/12 06:47:51 | 000,000,000 | ---D | C] -- C:\Users\Tay Perk\Imported Footage
[2012/03/08 05:21:10 | 000,000,000 | ---D | C] -- C:\Users\Tay Perk\MY BEST SHORT FILMS
[2012/02/27 14:29:00 | 000,000,000 | ---D | C] -- C:\Users\Tay Perk\Documents\2-27-12 The Algophobic
[2012/02/27 13:16:14 | 000,000,000 | ---D | C] -- C:\Users\Tay Perk\Documents\2-27-12 Signing Off DVD Export for TX Film Fest
[2012/02/19 19:56:19 | 000,000,000 | ---D | C] -- C:\Users\Tay Perk\Documents\2-19-12 Signing Off Brighter Night and Morning Blu Ray Export
[2011/05/26 18:30:39 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Tay Perk\AppData\Roaming\pcouffin.sys
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Tay Perk\Documents\*.tmp files -> C:\Users\Tay Perk\Documents\*.tmp -> ]
[1 C:\Users\Tay Perk\Desktop\*.tmp files -> C:\Users\Tay Perk\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/20 20:01:58 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Tay Perk\Documents\mbam--setup-1.60.1.1000.exe
[2012/03/20 19:57:30 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Tay Perk\Desktop\OTL.exe
[2012/03/20 08:27:49 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/20 08:27:03 | 000,727,246 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/20 08:27:03 | 000,624,384 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/20 08:27:03 | 000,106,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/20 08:23:13 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4272765642-382786121-160702507-1001UA.job
[2012/03/20 07:24:05 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/20 07:24:05 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/20 07:18:58 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2012/03/20 07:16:48 | 000,000,316 | -HS- | M] () -- C:\Windows\tasks\NNAHVA.job
[2012/03/20 07:16:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/20 07:16:34 | 2133,676,031 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/20 07:07:45 | 000,004,766 | ---- | M] () -- C:\Users\Tay Perk\Documents\Back up HKEY CURRENT CONFIG.reg
[2012/03/20 07:07:24 | 064,456,756 | ---- | M] () -- C:\Users\Tay Perk\Documents\Back up HKEY USERS.reg
[2012/03/20 07:06:56 | 213,821,868 | ---- | M] () -- C:\Users\Tay Perk\Documents\Back up HKEY LOCAL MACHINE.reg
[2012/03/20 07:06:32 | 033,677,348 | ---- | M] () -- C:\Users\Tay Perk\Documents\Back up HKEY CURRENT USER.reg
[2012/03/20 07:06:17 | 063,349,370 | ---- | M] () -- C:\Users\Tay Perk\Documents\Back up HKEY CLASSES ROOT.reg
[2012/03/20 06:47:26 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/03/20 02:52:04 | 000,450,235 | ---- | M] () -- C:\Users\Tay Perk\Documents\Taylor Perkins Resume for Store Jobs.pdf
[2012/03/20 02:34:14 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/03/19 17:09:04 | 955,962,129 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/16 09:31:32 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4272765642-382786121-160702507-1001Core.job
[2012/03/15 08:16:04 | 001,814,573 | ---- | M] () -- C:\Users\Tay Perk\Prank War Sketch 3-9 8pm.prproj
[2012/03/09 20:32:05 | 001,600,633 | ---- | M] () -- C:\Users\Tay Perk\Prank War Sketch.prproj
[2012/03/08 06:13:08 | 000,165,466 | ---- | M] () -- C:\Users\Tay Perk\Royal Tennen CC Dave Test GOOD.aep
[2012/03/02 01:54:59 | 000,103,529 | ---- | M] () -- C:\Users\Tay Perk\Prank Sketch CC Test.aep
[2012/02/28 16:04:57 | 001,186,138 | ---- | M] () -- C:\Users\Tay Perk\adams.prproj
[2012/02/28 15:50:55 | 104,982,021 | ---- | M] () -- C:\Users\Tay Perk\Documents\Steph Wedding 010.MOV
[2012/02/28 15:50:45 | 438,275,415 | ---- | M] () -- C:\Users\Tay Perk\Documents\Steph Wedding 013.MOV
[2012/02/28 15:50:45 | 067,413,260 | ---- | M] () -- C:\Users\Tay Perk\Documents\Steph Wedding 014.MOV
[2012/02/28 15:50:45 | 054,709,718 | ---- | M] () -- C:\Users\Tay Perk\Documents\Steph Wedding 012.MOV
[2012/02/28 15:50:44 | 228,656,873 | ---- | M] () -- C:\Users\Tay Perk\Documents\Steph Wedding 011.MOV
[2012/02/28 15:50:44 | 097,670,780 | ---- | M] () -- C:\Users\Tay Perk\Documents\Steph Wedding 007.MOV
[2012/02/28 15:50:44 | 084,167,040 | ---- | M] () -- C:\Users\Tay Perk\Documents\Steph Wedding 008.MOV
[2012/02/28 15:50:44 | 051,746,834 | ---- | M] () -- C:\Users\Tay Perk\Documents\Steph Wedding 006.MOV
[2012/02/28 15:50:44 | 034,431,606 | ---- | M] () -- C:\Users\Tay Perk\Documents\Steph Wedding 005.MOV
[2012/02/28 15:50:44 | 011,886,024 | ---- | M] () -- C:\Users\Tay Perk\Documents\Steph Wedding 004.MOV
[2012/02/28 15:50:44 | 005,617,071 | ---- | M] () -- C:\Users\Tay Perk\Documents\Steph Wedding 009.MOV
[2012/02/27 14:56:20 | 015,097,801 | ---- | M] () -- C:\Users\Tay Perk\Documents\2-27-12 The Algophobic.ncor
[2012/02/27 14:29:23 | 000,143,005 | ---- | M] () -- C:\Users\Tay Perk\2-27-12 The Algophobic New Song CC.xmp
[2012/02/27 14:28:12 | 001,305,410 | ---- | M] () -- C:\Users\Tay Perk\2-27-12 The Algophobic New Song CC.m2v.xmpses
[2012/02/27 14:11:29 | 014,977,765 | ---- | M] () -- C:\Users\Tay Perk\Documents\2-27-12 Signing Off DVD Export for TX Film Fest.ncor
[2012/02/27 13:16:50 | 002,465,874 | ---- | M] () -- C:\Users\Tay Perk\2-25-12 Signing Off Brighter Night and Morning Fixed Audio DVD Export.xmp
[2012/02/25 17:41:51 | 005,941,556 | ---- | M] () -- C:\Users\Tay Perk\2-25-12 Signing Off Brighter Night and Morning Fixed Audio DVD Export.m2v.xmpses
[2012/02/21 13:53:06 | 014,977,825 | ---- | M] () -- C:\Users\Tay Perk\Documents\The Algophobic DVD.ncor
[2012/02/21 12:58:01 | 006,220,854 | ---- | M] () -- C:\Users\Tay Perk\Documents\Acting Class Sketch.Still001.bmp
[2012/02/21 01:48:47 | 014,974,509 | ---- | M] () -- C:\Users\Tay Perk\Documents\2-19-12 Signing Off Brighter Night and Morning Blu Ray Export.ncor
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Tay Perk\Documents\*.tmp files -> C:\Users\Tay Perk\Documents\*.tmp -> ]
[1 C:\Users\Tay Perk\Desktop\*.tmp files -> C:\Users\Tay Perk\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/20 07:07:45 | 000,004,766 | ---- | C] () -- C:\Users\Tay Perk\Documents\Back up HKEY CURRENT CONFIG.reg
[2012/03/20 07:07:22 | 064,456,756 | ---- | C] () -- C:\Users\Tay Perk\Documents\Back up HKEY USERS.reg
[2012/03/20 07:06:46 | 213,821,868 | ---- | C] () -- C:\Users\Tay Perk\Documents\Back up HKEY LOCAL MACHINE.reg
[2012/03/20 07:06:32 | 033,677,348 | ---- | C] () -- C:\Users\Tay Perk\Documents\Back up HKEY CURRENT USER.reg
[2012/03/20 07:06:04 | 063,349,370 | ---- | C] () -- C:\Users\Tay Perk\Documents\Back up HKEY CLASSES ROOT.reg
[2012/03/20 02:52:01 | 000,450,235 | ---- | C] () -- C:\Users\Tay Perk\Documents\Taylor Perkins Resume for Store Jobs.pdf
[2012/03/09 20:48:33 | 001,814,573 | ---- | C] () -- C:\Users\Tay Perk\Prank War Sketch 3-9 8pm.prproj
[2012/03/09 17:00:14 | 000,019,905 | ---- | C] () -- C:\Users\Tay Perk\anonymous.jpg
[2012/03/08 06:09:56 | 000,165,466 | ---- | C] () -- C:\Users\Tay Perk\Royal Tennen CC Dave Test GOOD.aep
[2012/03/02 01:54:59 | 000,103,529 | ---- | C] () -- C:\Users\Tay Perk\Prank Sketch CC Test.aep
[2012/03/02 00:54:42 | 001,600,633 | ---- | C] () -- C:\Users\Tay Perk\Prank War Sketch.prproj
[2012/02/28 15:50:12 | 005,617,071 | ---- | C] () -- C:\Users\Tay Perk\Documents\Steph Wedding 009.MOV
[2012/02/28 15:50:09 | 084,167,040 | ---- | C] () -- C:\Users\Tay Perk\Documents\Steph Wedding 008.MOV
[2012/02/28 15:50:06 | 097,670,780 | ---- | C] () -- C:\Users\Tay Perk\Documents\Steph Wedding 007.MOV
[2012/02/28 15:50:04 | 051,746,834 | ---- | C] () -- C:\Users\Tay Perk\Documents\Steph Wedding 006.MOV
[2012/02/28 15:50:03 | 034,431,606 | ---- | C] () -- C:\Users\Tay Perk\Documents\Steph Wedding 005.MOV
[2012/02/28 15:50:03 | 011,886,024 | ---- | C] () -- C:\Users\Tay Perk\Documents\Steph Wedding 004.MOV
[2012/02/28 15:50:00 | 067,413,260 | ---- | C] () -- C:\Users\Tay Perk\Documents\Steph Wedding 014.MOV
[2012/02/28 15:49:47 | 438,275,415 | ---- | C] () -- C:\Users\Tay Perk\Documents\Steph Wedding 013.MOV
[2012/02/28 15:49:45 | 054,709,718 | ---- | C] () -- C:\Users\Tay Perk\Documents\Steph Wedding 012.MOV
[2012/02/28 15:49:38 | 228,656,873 | ---- | C] () -- C:\Users\Tay Perk\Documents\Steph Wedding 011.MOV
[2012/02/28 15:49:35 | 104,982,021 | ---- | C] () -- C:\Users\Tay Perk\Documents\Steph Wedding 010.MOV
[2012/02/28 15:46:23 | 001,186,138 | ---- | C] () -- C:\Users\Tay Perk\adams.prproj
[2012/02/27 14:29:00 | 015,097,801 | ---- | C] () -- C:\Users\Tay Perk\Documents\2-27-12 The Algophobic.ncor
[2012/02/27 14:28:13 | 000,143,005 | ---- | C] () -- C:\Users\Tay Perk\2-27-12 The Algophobic New Song CC.xmp
[2012/02/27 14:14:19 | 001,305,410 | ---- | C] () -- C:\Users\Tay Perk\2-27-12 The Algophobic New Song CC.m2v.xmpses
[2012/02/27 13:16:14 | 014,977,765 | ---- | C] () -- C:\Users\Tay Perk\Documents\2-27-12 Signing Off DVD Export for TX Film Fest.ncor
[2012/02/25 17:41:56 | 002,465,874 | ---- | C] () -- C:\Users\Tay Perk\2-25-12 Signing Off Brighter Night and Morning Fixed Audio DVD Export.xmp
[2012/02/25 16:31:10 | 005,941,556 | ---- | C] () -- C:\Users\Tay Perk\2-25-12 Signing Off Brighter Night and Morning Fixed Audio DVD Export.m2v.xmpses
[2012/02/21 12:58:01 | 006,220,854 | ---- | C] () -- C:\Users\Tay Perk\Documents\Acting Class Sketch.Still001.bmp
[2012/02/19 19:56:18 | 014,974,509 | ---- | C] () -- C:\Users\Tay Perk\Documents\2-19-12 Signing Off Brighter Night and Morning Blu Ray Export.ncor
[2011/12/30 21:14:30 | 000,002,422 | -HS- | C] () -- C:\Users\Tay Perk\AppData\Local\ylq77ep03yp0nyflbufb170445n8baa528q03lwrnt3
[2011/12/30 21:14:30 | 000,002,422 | -HS- | C] () -- C:\ProgramData\ylq77ep03yp0nyflbufb170445n8baa528q03lwrnt3
[2011/12/28 17:16:43 | 000,011,400 | -HS- | C] () -- C:\Users\Tay Perk\AppData\Local\8vjpf57xjha86a7q6gyxfap861465r070u16dg
[2011/12/28 17:16:43 | 000,011,400 | -HS- | C] () -- C:\ProgramData\8vjpf57xjha86a7q6gyxfap861465r070u16dg
[2011/12/26 21:52:59 | 000,000,342 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011/12/15 23:47:25 | 000,006,476 | -HS- | C] () -- C:\Users\Tay Perk\AppData\Local\3g08vp6i02b052
[2011/12/15 23:47:25 | 000,006,476 | -HS- | C] () -- C:\ProgramData\3g08vp6i02b052
[2011/12/15 16:32:45 | 000,009,412 | -HS- | C] () -- C:\Users\Tay Perk\AppData\Local\122677m6s337x050g433o4kda1a3
[2011/12/15 16:32:45 | 000,009,412 | -HS- | C] () -- C:\ProgramData\122677m6s337x050g433o4kda1a3
[2011/12/06 01:36:18 | 000,010,722 | -HS- | C] () -- C:\Users\Tay Perk\AppData\Local\d6qk87q7oy5hio
[2011/12/06 01:36:18 | 000,010,722 | -HS- | C] () -- C:\ProgramData\d6qk87q7oy5hio
[2011/12/05 22:08:41 | 000,000,132 | ---- | C] () -- C:\Users\Tay Perk\AppData\Roaming\Adobe IllExport Filter CS5 Prefs
[2011/12/05 20:20:20 | 000,000,132 | ---- | C] () -- C:\Users\Tay Perk\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/11/18 15:48:13 | 000,001,456 | ---- | C] () -- C:\Users\Tay Perk\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/08/25 19:01:24 | 000,000,132 | ---- | C] () -- C:\Users\Tay Perk\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/07/31 13:31:38 | 003,854,848 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2011/07/19 14:08:04 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/07/19 14:06:48 | 000,259,584 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2011/07/19 14:06:36 | 000,158,208 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2011/07/19 14:06:34 | 001,524,224 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2011/07/19 14:06:34 | 000,096,768 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2011/07/19 14:06:32 | 000,145,920 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2011/07/19 14:06:30 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2011/07/19 14:06:30 | 000,113,664 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2011/07/19 14:06:28 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2011/07/19 14:06:28 | 000,211,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2011/07/14 13:25:14 | 000,010,752 | ---- | C] () -- C:\Users\Tay Perk\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/30 08:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/05/26 18:33:08 | 000,611,840 | ---- | C] () -- C:\Windows\SysWow64\DVD43.dll
[2011/05/26 18:30:39 | 000,099,384 | ---- | C] () -- C:\Users\Tay Perk\AppData\Roaming\inst.exe
[2011/05/26 18:30:39 | 000,007,859 | ---- | C] () -- C:\Users\Tay Perk\AppData\Roaming\pcouffin.cat
[2011/05/26 18:30:39 | 000,001,167 | ---- | C] () -- C:\Users\Tay Perk\AppData\Roaming\pcouffin.inf
[2011/05/23 02:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/04/20 01:00:52 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/04/18 18:22:22 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/04/18 16:25:22 | 000,000,034 | -H-- | C] () -- C:\Windows\SysWow64\Converter_sysquict.dat
[2011/04/12 12:08:34 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/01 15:54:00 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/03/30 14:58:16 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/30 13:11:27 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/03/30 13:11:27 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/03/30 13:11:27 | 000,001,264 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011/03/30 13:11:27 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011/03/30 13:11:27 | 000,001,247 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011/03/03 06:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011/03/03 06:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2011/03/03 06:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011/03/03 06:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011/03/03 06:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011/03/03 06:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011/03/03 06:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011/03/03 06:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2011/03/03 06:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011/03/03 06:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2011/03/03 06:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011/03/03 06:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011/03/03 06:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2010/08/18 14:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini

========== LOP Check ==========

[2011/12/26 22:05:34 | 000,000,000 | ---D | M] -- C:\Users\Tay Perk\AppData\Roaming\Amazon
[2011/04/20 01:34:01 | 000,000,000 | ---D | M] -- C:\Users\Tay Perk\AppData\Roaming\AnvSoft
[2011/05/01 15:35:21 | 000,000,000 | ---D | M] -- C:\Users\Tay Perk\AppData\Roaming\Audacity
[2012/01/31 20:29:06 | 000,000,000 | ---D | M] -- C:\Users\Tay Perk\AppData\Roaming\Azureus
[2011/05/23 19:36:53 | 000,000,000 | ---D | M] -- C:\Users\Tay Perk\AppData\Roaming\Canon
[2011/04/16 18:15:41 | 000,000,000 | ---D | M] -- C:\Users\Tay Perk\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/17 01:05:42 | 000,000,000 | ---D | M] -- C:\Users\Tay Perk\AppData\Roaming\Digiarty
[2011/08/02 23:43:07 | 000,000,000 | ---D | M] -- C:\Users\Tay Perk\AppData\Roaming\DVDVideoSoft
[2011/05/28 17:04:43 | 000,000,000 | ---D | M] -- C:\Users\Tay Perk\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/04/01 14:28:28 | 000,000,000 | ---D | M] -- C:\Users\Tay Perk\AppData\Roaming\Greyfirst
[2011/06/01 03:14:21 | 000,000,000 | ---D | M] -- C:\Users\Tay Perk\AppData\Roaming\ImgBurn
[2011/08/02 20:15:24 | 000,000,000 | ---D | M] -- C:\Users\Tay Perk\AppData\Roaming\Leawo
[2011/08/02 20:15:24 | 000,000,000 | ---D | M] -- C:\Users\Tay Perk\AppData\Roaming\Leawo Video2AVI v2
[2011/08/02 20:15:24 | 000,000,000 | ---D | M] -- C:\Users\Tay Perk\AppData\Roaming\Moyea
[2011/10/18 19:49:45 | 000,000,000 | ---D | M] -- C:\Users\Tay Perk\AppData\Roaming\NCH Swift Sound
[2011/04/01 16:58:36 | 000,000,000 | ---D | M] -- C:\Users\Tay Perk\AppData\Roaming\PACE Anti-Piracy
[2011/04/11 12:09:39 | 000,000,000 | ---D | M] -- C:\Users\Tay Perk\AppData\Roaming\PCDr
[2011/09/11 03:51:21 | 000,000,000 | ---D | M] -- C:\Users\Tay Perk\AppData\Roaming\Red Kawa
[2011/09/19 19:12:27 | 000,000,000 | ---D | M] -- C:\Users\Tay Perk\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
[2012/03/20 02:52:54 | 000,000,000 | ---D | M] -- C:\Users\Tay Perk\AppData\Roaming\SoftGrid Client
[2011/04/03 19:10:57 | 000,000,000 | ---D | M] -- C:\Users\Tay Perk\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/04/12 12:09:01 | 000,000,000 | ---D | M] -- C:\Users\Tay Perk\AppData\Roaming\TP
[2011/11/17 00:25:02 | 000,000,000 | ---D | M] -- C:\Users\Tay Perk\AppData\Roaming\Ulead Systems
[2011/05/26 18:30:44 | 000,000,000 | ---D | M] -- C:\Users\Tay Perk\AppData\Roaming\Vso
[2012/03/20 07:16:48 | 000,000,316 | -HS- | M] () -- C:\Windows\Tasks\NNAHVA.job
[2012/03/20 06:47:26 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/01/08 05:20:52 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/03/20 02:34:14 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



< End of report >



I found a tutorial on how to manually remove the virus off guidesandtips.blogspot.com called "Technomatic Blog" and tried removing it that way but WAS NOT able to locate any SVCHost File or similar file. Here is the tutorial that it gave me:

Edited by OldTimer, 22 March 2012 - 07:10 AM.
Unauthorized content removed

  • 0

Advertisements


#2
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello tayperk012 and welcome to GeeksToGo :)

My nickname is GLeobas and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.

  • 0

#3
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

# Step 1 #

Your OTL log is old. So, I need you to generated a new OTL log.

Run the OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • In Extra Registry, select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    msconfig
    drives
    %SYSTEMDRIVE%\*.*
    %systemdrive%\drivers\*.exe
    %systemroot%\system32\drivers\*.* /90
    %PROGRAMFILES%\*.*
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U /s
    HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /rs
    HKLM\SOFTWARE\CLIENTS\Startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic


# Step 2 #

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


# Step 3 #

Please download Farbar Service Scanner and run it on the computer.
Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP