Artemis virus infection/black screen

View previous topic View next topic Go down

Artemis virus infection/black screen

Post by deborahkha on Mon Jan 02, 2012 12:01 am

A few days ago I picked up a virus on my laptop and it crashed my system with the blue screen of death. After starting in Safe Mode and running Malwarebytes Anti-Malware and McAfee several times, I can now do a normal boot up, but all I get is a black Desktop screen and most all my program icons are missing. McAfee said it quarantined the virus Artemis !D456B8509BD7. Please help me recover my Desktop and get completely rid of this virus. I am attaching the OLT logs however I had not had a chance to run the aswMBR.exe program. Thanks.

OTL logfile created on: 1/1/2012 4:29:47 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\deborahkha\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.65 Gb Available Physical Memory | 32.43% Memory free
4.22 Gb Paging File | 2.24 Gb Available in Paging File | 53.24% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 464.29 Gb Total Space | 281.34 Gb Free Space | 60.60% Space Free | Partition Type: NTFS

Computer Name: DEBORAHKHA-PC | User Name: deborahkha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/01 16:27:17 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\deborahkha\Downloads\OTL.com
PRC - [2011/12/20 00:03:48 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/12/20 00:03:12 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/12/17 12:42:36 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/12/02 03:00:28 | 002,603,704 | ---- | M] (Crawler.com) -- C:\Program Files\Inbox\CToolbar.exe
PRC - [2011/12/02 03:00:26 | 001,403,904 | -H-- | M] (Crawler.com) -- c:\Program Files\Inbox\CMail.exe
PRC - [2011/11/22 17:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2010/12/16 13:21:06 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/01/15 06:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/13 02:39:16 | 000,431,472 | ---- | M] (Juniper Networks) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
PRC - [2008/03/21 07:42:00 | 000,204,920 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2008/03/21 01:20:10 | 000,327,800 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/09/19 13:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/08/15 17:31:50 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2007/08/03 16:09:34 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2007/06/15 23:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2007/05/22 18:32:52 | 000,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2007/04/25 13:14:16 | 004,444,160 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/03/29 12:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/03/29 12:39:18 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2007/02/25 23:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/02/22 18:32:12 | 000,118,784 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
PRC - [2007/02/16 19:40:50 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
PRC - [2007/01/25 20:47:50 | 000,136,816 | -H-- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2006/11/14 22:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/14 03:09:51 | 000,519,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\520428aab583490165e87a78d9f1d0c1\TCrdMain.ni.exe
MOD - [2011/10/14 03:03:12 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/14 03:01:42 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/14 02:57:32 | 000,224,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2c472b6ac873a7ff2ebc5bb9eb0f9ce0\PresentationFramework.Classic.ni.dll
MOD - [2011/10/14 02:56:46 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll
MOD - [2011/10/14 02:55:22 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll
MOD - [2011/10/14 02:45:20 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll
MOD - [2011/10/14 02:44:28 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll
MOD - [2011/10/14 02:44:14 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/14 02:43:22 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2007/09/13 17:11:18 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2006/11/09 20:27:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/11/08 20:08:30 | 000,009,216 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2006/10/10 13:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 13:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - [2011/12/20 00:03:48 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/12/20 00:03:12 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/17 15:38:42 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/12/16 13:21:06 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/13 02:39:16 | 000,431,472 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2008/03/21 07:42:00 | 000,204,920 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2008/03/21 01:20:10 | 000,327,800 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/09/24 19:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/09/19 13:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/29 12:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/02/25 23:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/02/16 19:40:50 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) [Auto | Running] -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service)
SRV - [2007/01/25 20:47:50 | 000,136,816 | -H-- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/11/14 22:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2004/08/16 18:03:50 | 000,114,786 | ---- | M] (SonicWALL, Inc.) [On_Demand | Stopped] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe -- (RampartSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/12/20 00:03:15 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/12/17 01:52:07 | 000,024,192 | ---- | M] (Keyspan) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usa19h2kp.sys -- (USA19H2KP)
DRV - [2011/12/17 01:52:06 | 000,704,000 | ---- | M] (Keyspan) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usa19h2k.sys -- (USA19H)
DRV - [2011/12/17 01:52:04 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2011/12/17 01:52:03 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2011/12/17 01:52:01 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2011/12/17 01:52:00 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2011/12/17 01:51:55 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2011/12/17 01:51:52 | 000,088,896 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2011/12/17 01:51:51 | 000,252,416 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2011/12/17 01:51:47 | 000,078,032 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\RCFOX.SYS -- (RCFOX)
DRV - [2011/12/17 01:51:23 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2011/12/17 01:51:23 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2011/12/17 01:51:22 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2011/12/17 01:51:15 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2011/12/17 01:51:14 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2011/12/17 01:51:14 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2011/12/17 01:51:11 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2011/12/17 01:51:06 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/12/17 01:51:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2011/12/17 00:21:10 | 000,014,664 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\GetSusp.sys -- (GetSusp)
DRV - [2011/10/15 13:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/10/15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/10/15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/10/15 13:16:16 | 000,165,680 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/10/15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/10/15 13:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/10/15 13:16:16 | 000,064,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/10/15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/07/24 17:46:08 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/02/28 14:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {f24df03f-d7f1-40b8-a63a-9d2be4908f39} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Maps4PC_0c.com/Plugin: C:\Program Files\Maps4PC_0c\bar\1.bin\NP0cStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsnffpl.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\deborahkha\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/10 06:36:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\0cffxtbr@Maps4PC_0c.com: C:\Program Files\Maps4PC_0c\bar\1.bin [2011/12/28 20:35:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/19 09:41:09 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/01/01 15:50:22 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\deborahkha\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\Maps4PC_0c\bar\1.bin\NP0cStub.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\deborahkha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\deborahkha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: SiteAdvisor = C:\Users\deborahkha\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\deborahkha\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Users\deborahkha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2001/08/23 01:00:00 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Inbox.com Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Inbox\ctbr.dll (Crawler.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111225232200.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (&Inbox.com Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Inbox\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [CrawlerMail] c:\Program Files\Inbox\CMail.exe (Crawler.com)
O4 - HKCU..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O8 - Extra context menu item: Inbox Search - tbr:iemenu File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} [You must be registered and logged in to see this link.] (Musicnotes Viewer)
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} [You must be registered and logged in to see this link.] (WebWatch Class)
O16 - DPF: {89AA55A4-B9E2-430F-BAE3-1436DAB56A4E} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} [You must be registered and logged in to see this link.] (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} [You must be registered and logged in to see this link.] (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.231.160.10 216.231.160.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CB7A4F3-9A18-4BFA-828B-D5AD2EDD9B90}: DhcpNameServer = 172.16.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63909570-3A01-4129-8C16-7C0245669337}: DhcpNameServer = 216.231.160.10 216.231.160.2
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Inbox\ctbr.dll (Crawler.com)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/01 15:50:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/12/28 21:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/12/28 21:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/28 21:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/12/28 18:27:54 | 000,000,000 | ---D | C] -- C:\Users\deborahkha\AppData\Roaming\Malwarebytes
[2011/12/28 18:27:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/28 18:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/28 18:27:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/28 18:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/28 13:39:52 | 000,000,000 | ---D | C] -- C:\Users\deborahkha\AppData\Roaming\RealNetworks
[2011/12/28 06:33:56 | 000,000,000 | -H-D | C] -- C:\Users\deborahkha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2011/12/19 18:23:52 | 000,000,000 | -H-D | C] -- C:\Users\deborahkha\Documents\My Received Files
[2011/12/19 13:57:36 | 000,000,000 | RH-D | C] -- C:\Users\deborahkha\Documents\Inbox.com Virtual Storage
[2011/12/19 13:55:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox.com Toolbar
[2011/12/19 13:54:43 | 000,000,000 | -H-D | C] -- C:\Program Files\Inbox
[2011/12/17 01:08:47 | 000,000,000 | -H-D | C] -- C:\smartsolve
[2011/12/17 01:00:18 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/12/17 00:45:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/17 00:29:17 | 000,000,000 | -H-D | C] -- C:\Users\deborahkha\Desktop\McAfee VR Tools
[2011/12/17 00:21:10 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\GetSusp.sys
[2011/12/17 00:13:21 | 000,000,000 | -H-D | C] -- C:\Users\deborahkha\Desktop\mcafee
[2011/12/15 03:14:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/15 03:14:16 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/15 03:14:16 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/15 03:14:15 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/15 03:14:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/15 03:14:11 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/14 21:55:59 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/14 21:55:57 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/14 21:55:29 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/14 21:55:24 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/14 21:45:32 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/14 21:45:23 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/09 23:28:17 | 000,000,000 | -H-D | C] -- C:\Users\deborahkha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recover My Files v4
[2011/12/09 23:28:12 | 000,000,000 | ---D | C] -- C:\Program Files\GetData
[2011/12/09 23:27:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\TEMP
[2011/12/09 22:02:33 | 000,000,000 | -H-D | C] -- C:\Users\deborahkha\AppData\Local\LogMeIn Rescue Applet
[2006/10/31 10:08:36 | 000,018,944 | ---- | C] ( ) -- C:\Windows\System32\Implode.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/01 16:19:18 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/01 15:55:47 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/01 15:50:57 | 000,001,746 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2012/01/01 15:44:46 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/01 15:44:46 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/01 15:44:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/01 15:43:34 | 2135,326,720 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/31 22:50:57 | 209,790,561 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/29 09:00:13 | 000,001,356 | ---- | M] () -- C:\Users\deborahkha\AppData\Local\d3d9caps.dat
[2011/12/29 01:54:04 | 000,000,426 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2011/12/28 21:49:05 | 000,001,844 | -H-- | M] () -- C:\Users\deborahkha\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (2).lnk
[2011/12/28 21:42:20 | 000,001,844 | -H-- | M] () -- C:\Users\deborahkha\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/12/28 21:07:06 | 000,001,106 | ---- | M] () -- C:\Users\deborahkha\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/28 21:07:06 | 000,001,082 | ---- | M] () -- C:\Users\deborahkha\Desktop\Spybot - Search & Destroy.lnk
[2011/12/28 18:27:23 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/28 15:48:16 | 000,003,085 | -H-- | M] () -- C:\Users\deborahkha\Desktop\WWT ¦ Mars.lnk
[2011/12/28 15:48:16 | 000,003,085 | -H-- | M] () -- C:\Users\deborahkha\Desktop\WorldWide Telescope.lnk
[2011/12/28 15:48:16 | 000,001,770 | -H-- | M] () -- C:\Users\deborahkha\Desktop\StenoCAT 32.lnk
[2011/12/28 15:48:16 | 000,000,986 | -H-- | M] () -- C:\Users\deborahkha\Desktop\Upgrade to Paltalk Extreme.lnk
[2011/12/28 15:48:16 | 000,000,210 | -H-- | M] () -- C:\Users\deborahkha\Desktop\System Check.lnk
[2011/12/28 15:48:15 | 000,002,252 | -H-- | M] () -- C:\Users\deborahkha\Desktop\Start Stop Universal.lnk
[2011/12/28 15:48:15 | 000,001,956 | -H-- | M] () -- C:\Users\deborahkha\Desktop\Recover My Files.lnk
[2011/12/28 15:48:14 | 000,001,753 | -H-- | M] () -- C:\Users\deborahkha\Desktop\Paltalk Messenger.lnk
[2011/12/28 15:48:13 | 000,001,854 | -H-- | M] () -- C:\Users\deborahkha\Desktop\Get Tech Support.lnk
[2011/12/28 15:48:13 | 000,001,814 | -H-- | M] () -- C:\Users\deborahkha\Desktop\Internet Explorer.lnk
[2011/12/28 15:48:12 | 000,000,156 | -H-- | M] () -- C:\Users\deborahkha\Desktop\From Recycle Bin.lnk
[2011/12/28 12:44:47 | 000,000,646 | -H-- | M] () -- C:\Users\deborahkha\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2011/12/27 20:06:13 | 004,998,575 | -H-- | M] () -- C:\Users\deborahkha\Desktop\DSCF3283.JPG
[2011/12/27 20:05:30 | 006,378,152 | -H-- | M] () -- C:\Users\deborahkha\Desktop\DSCF3288.JPG
[2011/12/27 18:00:00 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011/12/24 08:39:30 | 028,804,642 | -H-- | M] () -- C:\Users\deborahkha\Desktop\Strange-Universe-32k-121511.mp3
[2011/12/20 00:03:15 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIRfsClientNP.dll
[2011/12/20 00:03:13 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIinit.dll
[2011/12/20 00:03:13 | 000,030,592 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\LMIport.dll
[2011/12/17 15:43:04 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/17 15:43:04 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/17 12:42:37 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/12/17 01:52:12 | 000,014,072 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\vproeventmonitor.sys
[2011/12/17 01:52:10 | 000,037,864 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\v2imount.sys
[2011/12/17 01:52:07 | 000,024,192 | ---- | M] (Keyspan) -- C:\Windows\System32\drivers\usa19h2kp.sys
[2011/12/17 01:52:06 | 000,704,000 | ---- | M] (Keyspan) -- C:\Windows\System32\drivers\usa19h2k.sys
[2011/12/17 01:52:04 | 000,016,768 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\drivers\TVALZ_O.SYS
[2011/12/17 01:52:03 | 000,285,184 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\drivers\tos_sps32.sys
[2011/12/17 01:52:01 | 000,290,304 | ---- | M] (Texas Instruments) -- C:\Windows\System32\drivers\tifm21.sys
[2011/12/17 01:52:00 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) -- C:\Windows\System32\drivers\tdcmdpst.sys
[2011/12/17 01:51:57 | 000,133,216 | ---- | M] (StorageCraft) -- C:\Windows\System32\drivers\symsnap.sys
[2011/12/17 01:51:55 | 000,035,328 | ---- | M] (SafeNet, Inc.) -- C:\Windows\System32\drivers\SNTNLUSB.SYS
[2011/12/17 01:51:52 | 000,088,896 | ---- | M] (SafeNet, Inc.) -- C:\Windows\System32\drivers\sentinel.sys
[2011/12/17 01:51:51 | 000,252,416 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\Windows\System32\drivers\rtl8187B.sys
[2011/12/17 01:51:47 | 000,078,032 | ---- | M] (SonicWALL, Inc.) -- C:\Windows\System32\drivers\RCFOX.SYS
[2011/12/17 01:51:23 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) -- C:\Windows\System32\drivers\kr3npxp.sys
[2011/12/17 01:51:23 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) -- C:\Windows\System32\drivers\KR10N.sys
[2011/12/17 01:51:22 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) -- C:\Windows\System32\drivers\KR10I.sys
[2011/12/17 01:51:15 | 000,007,168 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\drivers\FwLnk.sys
[2011/12/17 01:51:14 | 000,072,000 | ---- | M] (FTDI Ltd.) -- C:\Windows\System32\drivers\ftser2k.sys
[2011/12/17 01:51:14 | 000,057,536 | ---- | M] (FTDI Ltd.) -- C:\Windows\System32\drivers\ftdibus.sys
[2011/12/17 01:51:12 | 000,039,635 | ---- | M] (OLYMPUS OPTICAL CO.,LTD.) -- C:\Windows\System32\drivers\DSXUSB.sys
[2011/12/17 01:51:12 | 000,025,381 | ---- | M] (OLYMPUS OPTICAL CO.,LTD.) -- C:\Windows\System32\drivers\DSSUSBF.sys
[2011/12/17 01:51:11 | 000,039,071 | ---- | M] (OLYMPUS OPTICAL CO.,LTD.) -- C:\Windows\System32\drivers\DSSUSB1.SYS
[2011/12/17 01:51:11 | 000,033,363 | ---- | M] (OLYMPUS OPTICAL CO.,LTD.) -- C:\Windows\System32\drivers\DSSUSB.SYS
[2011/12/17 01:51:11 | 000,023,552 | ---- | M] (Juniper Networks) -- C:\Windows\System32\drivers\dsNcAdpt.sys
[2011/12/17 01:51:10 | 000,139,604 | ---- | M] (Deterministic Networks, Inc.) -- C:\Windows\System32\drivers\dne2000.sys
[2011/12/17 01:51:10 | 000,027,326 | ---- | M] (OLYMPUS OPTICAL CO.,LTD) -- C:\Windows\System32\drivers\DM_1USB.sys
[2011/12/17 01:51:06 | 000,057,600 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2011/12/17 01:51:06 | 000,002,560 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\cdralw2k.sys
[2011/12/17 01:51:05 | 000,002,432 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\cdr4_xp.sys
[2011/12/17 01:51:00 | 001,161,888 | ---- | M] (Agere Systems) -- C:\Windows\System32\drivers\AGRSM.sys
[2011/12/17 00:21:10 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\GetSusp.sys
[2011/12/15 03:34:24 | 000,335,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/10 12:15:29 | 002,531,613 | -H-- | M] () -- C:\Users\deborahkha\Desktop\Natural_Cancer_Treatments.pdf
[2011/12/09 22:16:27 | 033,029,866 | -H-- | M] () -- C:\Users\deborahkha\Desktop\trailerpictures.zip
[2011/12/09 07:14:32 | 014,404,590 | -H-- | M] () -- C:\Users\deborahkha\Desktop\Veritas-Radio-32k-120311.mp3
[2011/12/08 14:00:05 | 004,186,059 | -H-- | M] () -- C:\Users\deborahkha\Desktop\menu Board binder1 pdf.pdf
[2011/12/05 14:18:20 | 001,014,193 | -H-- | M] () -- C:\Users\deborahkha\Desktop\Dine-1-1-info-flyer.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/01 09:52:37 | 2135,326,720 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/29 14:13:45 | 000,001,746 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2011/12/28 21:49:05 | 000,001,844 | -H-- | C] () -- C:\Users\deborahkha\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (2).lnk
[2011/12/28 21:42:20 | 000,001,844 | -H-- | C] () -- C:\Users\deborahkha\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/12/28 21:07:06 | 000,001,106 | ---- | C] () -- C:\Users\deborahkha\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/28 21:07:06 | 000,001,082 | ---- | C] () -- C:\Users\deborahkha\Desktop\Spybot - Search & Destroy.lnk
[2011/12/28 18:27:23 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/28 12:44:47 | 000,000,646 | -H-- | C] () -- C:\Users\deborahkha\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2011/12/28 06:33:56 | 000,000,210 | -H-- | C] () -- C:\Users\deborahkha\Desktop\System Check.lnk
[2011/12/16 13:03:24 | 028,804,642 | -H-- | C] () -- C:\Users\deborahkha\Desktop\Strange-Universe-32k-121511.mp3
[2011/12/10 12:15:16 | 002,531,613 | -H-- | C] () -- C:\Users\deborahkha\Desktop\Natural_Cancer_Treatments.pdf
[2011/12/09 23:28:17 | 000,001,956 | -H-- | C] () -- C:\Users\deborahkha\Desktop\Recover My Files.lnk
[2011/12/09 00:31:47 | 014,404,590 | -H-- | C] () -- C:\Users\deborahkha\Desktop\Veritas-Radio-32k-120311.mp3
[2011/12/08 14:00:04 | 004,186,059 | -H-- | C] () -- C:\Users\deborahkha\Desktop\menu Board binder1 pdf.pdf
[2011/12/05 14:18:19 | 001,014,193 | -H-- | C] () -- C:\Users\deborahkha\Desktop\Dine-1-1-info-flyer.jpg
[2011/10/11 17:29:40 | 000,000,000 | -H-- | C] () -- C:\Users\deborahkha\AppData\Local\{BB8826C5-F365-49FB-92A2-E8BF93CD2148}
[2011/10/11 17:28:39 | 000,000,000 | -H-- | C] () -- C:\Users\deborahkha\AppData\Local\{4C6A8998-068A-4E34-BD7F-0D0BD5F753E8}
[2010/09/06 09:49:07 | 000,000,116 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2009/10/19 16:39:47 | 000,001,356 | ---- | C] () -- C:\Users\deborahkha\AppData\Local\d3d9caps.dat
[2009/10/11 17:16:28 | 000,000,094 | -H-- | C] () -- C:\Windows\brpcfx.ini
[2009/10/11 17:16:27 | 000,000,228 | -H-- | C] () -- C:\Windows\Brpfx04a.ini
[2009/10/11 17:16:27 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd8860dn.dat
[2009/10/11 17:07:38 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2009/10/11 17:07:31 | 000,000,066 | -H-- | C] () -- C:\Windows\Brfaxrx.ini
[2009/10/11 17:07:29 | 000,000,000 | -H-- | C] () -- C:\Windows\brdfxspd.dat
[2009/10/11 17:07:28 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2009/09/16 21:15:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/16 21:15:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/11/04 17:56:05 | 000,002,402 | ---- | C] () -- C:\Windows\scedit.ini
[2008/07/27 13:06:12 | 000,000,165 | ---- | C] () -- C:\Windows\Quicken.ini
[2008/07/27 12:48:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/05 21:56:11 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008/06/06 09:39:20 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2008/06/03 20:29:17 | 000,081,920 | R--- | C] () -- C:\Windows\System32\dsp_trc.dll
[2008/04/07 20:10:30 | 000,029,184 | -H-- | C] () -- C:\Users\deborahkha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/27 13:03:36 | 000,000,368 | -H-- | C] () -- C:\Users\deborahkha\AppData\Roaming\wklnhst.dat
[2008/03/26 21:23:03 | 000,000,146 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2008/03/26 21:23:03 | 000,000,023 | -H-- | C] () -- C:\Windows\Brownie.ini
[2008/03/26 21:23:03 | 000,000,000 | -H-- | C] () -- C:\Windows\brmx2001.ini
[2008/03/26 21:23:02 | 000,008,975 | ---- | C] () -- C:\Windows\HL-2070N.INI
[2008/03/26 21:23:02 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2008/03/26 21:22:55 | 000,000,464 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2008/03/26 21:22:55 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2070N.DAT
[2008/03/24 17:54:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DM1USBAPIVB.dll
[2008/03/24 14:13:27 | 000,049,152 | ---- | C] () -- C:\Windows\System32\k19hinst.dll
[2008/03/23 17:05:12 | 000,215,144 | R--- | C] () -- C:\Windows\patchw32.dll
[2008/03/23 17:04:13 | 000,215,144 | R--- | C] () -- C:\Windows\pw32a.dll
[2008/03/23 16:50:55 | 000,128,104 | ---- | C] () -- C:\Windows\System32\drivers\WimFltr.sys
[2008/03/23 16:05:11 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/23 16:05:10 | 000,001,644 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/03/23 15:40:32 | 000,036,352 | ---- | C] () -- C:\Windows\System32\Sx32w.dll
[2008/03/23 15:19:44 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2007/11/06 17:23:34 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/11/06 17:13:22 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/11/06 17:13:22 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/11/06 17:13:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/11/06 17:13:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/11/06 17:13:22 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/11/06 17:13:22 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/11/06 16:33:45 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/11/06 16:33:45 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/11/06 16:33:44 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/11/06 16:33:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/11/06 16:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2007/11/06 16:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2007/11/06 16:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/11/06 16:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/09/13 17:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 17:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 17:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/09/13 17:11:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/12/05 15:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,335,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/31 10:08:20 | 000,030,793 | ---- | C] () -- C:\Windows\System32\crtslv.dll
[2006/10/31 10:07:48 | 000,172,102 | ---- | C] () -- C:\Windows\System32\CRAnalyzer.dll
[2006/10/26 17:56:43 | 000,049,152 | ---- | C] () -- C:\Windows\System32\sndcvtlb.dll
[2006/10/26 17:56:29 | 000,348,672 | ---- | C] () -- C:\Windows\System32\HIDWatch.dll
[2006/10/26 17:55:48 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2006/03/09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/22 23:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 1050 bytes -> C:\Users\deborahkha\Documents\Emailing_ Pensacola Jobs and Florida Jobs from pensacolanewsjournal_com and CareerBuilder.eml:OECustomProperty

< End of report >



deborahkha
Beginner
Beginner

Status :
Online
Offline

Posts : 3
Joined : 2012-01-01
OS : windows vista home premium

View user profile

Back to top Go down

Re: Artemis virus infection/black screen

Post by deborahkha on Mon Jan 02, 2012 12:06 am

Here is the OLT Extras.txt file

OTL Extras logfile created on: 1/1/2012 4:29:47 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\deborahkha\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.65 Gb Available Physical Memory | 32.43% Memory free
4.22 Gb Paging File | 2.24 Gb Available in Paging File | 53.24% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 464.29 Gb Total Space | 281.34 Gb Free Space | 60.60% Space Free | Partition Type: NTFS

Computer Name: DEBORAHKHA-PC | User Name: deborahkha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07F939F7-44D4-4816-A069-DA1BA9FA47B5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{16D42FE9-AF28-448B-A52B-D1050B2183D6}" = rport=137 | protocol=17 | dir=out | app=system |
"{1EAEAA78-0506-4FAA-B40A-FD9A9CE79E1F}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{287B07F8-42CC-4E0A-9FBC-C1F3E01ED276}" = lport=138 | protocol=17 | dir=in | app=system |
"{4D749B46-1E68-443B-9F44-CB3A07988C1C}" = lport=137 | protocol=17 | dir=in | app=system |
"{52E3AB05-4308-4E94-A378-3394C7D49930}" = rport=445 | protocol=6 | dir=out | app=system |
"{650DC0A6-FD2F-4393-A399-375155AC5C9F}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{75779C11-9C49-4286-AF58-2EF465E08E56}" = lport=445 | protocol=6 | dir=in | app=system |
"{89BEDD98-D8D0-4870-BBA1-92B1DDC2E5FA}" = rport=138 | protocol=17 | dir=out | app=system |
"{9561ACBB-73F2-4A92-9F11-BAE5FB8C9290}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BBA9D929-FB9F-4098-9080-EACC6FF85104}" = lport=139 | protocol=6 | dir=in | app=system |
"{F2CC86DF-4A39-46D9-BE2D-5BCECC2FDD08}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0073512D-1516-49DE-9728-46104A741BE1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{05BC3B3E-8DB0-472B-88D2-1CDA01816C2B}" = protocol=17 | dir=in | app=c:\program files\turbotax\premier 2007\32bit\updatemgr.exe |
"{126A62B9-EDE0-4275-91AB-656B6A872AC4}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{17DFA032-C273-4F52-91D1-01B1389EC6D5}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{19CBEAA7-5A9B-42AE-947F-93D1144D1171}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{2226B7CE-6539-4D78-AF86-6D386E25719A}" = protocol=6 | dir=in | app=c:\program files\turbotax\home & business 2007\32bit\ttax.exe |
"{224FCE98-3C86-4F15-9D7E-7DC620F800F0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{273E9A97-D4DC-4725-B11D-14AE4AF84254}" = protocol=17 | dir=in | app=c:\program files\turbotax\premier 2006\32bit\ttax.exe |
"{3D83234F-7AB1-42A0-BE93-C0DD87E3357A}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{411AB9AA-0DB3-4E67-932F-FF038BF7A946}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4A78F51D-0318-4A87-A5BA-98CFB55BE696}" = protocol=6 | dir=in | app=c:\program files\turbotax\premier 2007\32bit\ttax.exe |
"{4DCFCB96-D1D1-4F0F-A09D-73557A9DA715}" = protocol=6 | dir=in | app=c:\program files\turbotax\premier 2006\32bit\ttax.exe |
"{6685AF2B-387B-4E1E-A3EC-CF87F4B4DFCB}" = protocol=6 | dir=in | app=c:\program files\turbotax\premier 2006\32bit\updatemgr.exe |
"{6818431D-DC33-41E6-B9A8-B5AA32C3E400}" = protocol=6 | dir=in | app=c:\program files\turbotax\premier 2007\32bit\updatemgr.exe |
"{6D0AF584-81F8-402B-A534-FA35A552C0C3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{72834CC2-9C27-4625-96B7-21701B783213}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{79075B50-753C-4B93-BC33-6C93FE0B7457}" = protocol=17 | dir=in | app=c:\program files\turbotax\premier 2007\32bit\ttax.exe |
"{7DA8D555-B4E5-45C5-9F18-D7047A987742}" = protocol=17 | dir=in | app=c:\program files\turbotax\home & business 2007\32bit\updatemgr.exe |
"{84E3F656-398A-4EAE-9ECE-EDCB6EA84FBA}" = protocol=17 | dir=in | app=c:\program files\turbotax\home & business 2007\32bit\ttax.exe |
"{8EC0AAE9-DC5D-493E-B70E-E981D689B119}" = protocol=17 | dir=in | app=c:\users\deborahkha\desktop\audioconverter_setup.exe |
"{950CA4BD-7867-431C-B441-FA9088FFC810}" = protocol=6 | dir=in | app=c:\users\deborahkha\desktop\audioconverter_setup.exe |
"{9BFBDF24-1FFB-42C2-86F9-A5F41D72515A}" = protocol=17 | dir=in | app=c:\program files\turbotax\premier 2007\32bit\updatemgr.exe |
"{BB35F6A5-8F03-4857-8DA1-B319712D15A4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C3CF094E-FE08-4949-BD11-B15EDF703353}" = protocol=6 | dir=in | app=c:\program files\turbotax\home & business 2007\32bit\updatemgr.exe |
"{C6499659-7A8C-4AAA-BB8A-5BAE2EA15392}" = protocol=6 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe |
"{C8C51837-5657-4DEA-8218-BFB3C4DF90F6}" = protocol=17 | dir=in | app=c:\program files\turbotax\premier 2006\32bit\updatemgr.exe |
"{D157933D-D8DB-487C-B4FA-E4DFF5E71808}" = protocol=6 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel protection server\winnt\spnsrvnt.exe |
"{D631E0ED-47C5-498D-8BB1-53624228B976}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D7E87210-7758-42FD-869C-04DC157EC7C1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{DAC70D8B-E19B-4642-8500-51AC91EB42A0}" = protocol=17 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe |
"{DD4CF3FC-13CE-44CE-916A-0886AFDE091C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E51B6613-A2AA-43BE-9C97-DB88AE6F19D9}" = protocol=17 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel protection server\winnt\spnsrvnt.exe |
"{E588986C-E0ED-4800-9B26-87EB3510BCF7}" = protocol=6 | dir=in | app=c:\program files\turbotax\premier 2007\32bit\ttax.exe |
"{E625C7AB-FBF4-4CDD-B3F5-D869B2B0C578}" = protocol=17 | dir=in | app=c:\program files\turbotax\premier 2007\32bit\ttax.exe |
"{E6A1A58F-D66A-4E93-BDCD-35EA08F986DB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EA6FB044-92D2-4804-9011-36A0CADA3AD7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{ECD78F2F-CBB9-4F87-853F-4429DF5DA501}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F34CC1A6-D316-45E9-88BB-5751DB811826}" = protocol=6 | dir=in | app=c:\program files\turbotax\premier 2007\32bit\updatemgr.exe |
"{FB0FC081-60C4-437F-9EAC-0FF5D54ACA0F}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{FD05791A-6BEC-49C6-95DD-063D89F3D867}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FDCC387F-580B-41BF-9E44-AB7B6FDDAAAB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{24EC9BDC-BDC8-40B8-8F15-6B8C1EC8CDA9}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{7DE8ABA6-C916-497F-BA46-8286F211D0B8}C:\program files\microsoft research\microsoft worldwide telescope\wwtexplorer.exe" = protocol=6 | dir=in | app=c:\program files\microsoft research\microsoft worldwide telescope\wwtexplorer.exe |
"TCP Query User{A274FCAF-D196-4B97-9331-4225282D0F9C}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{BD57E78B-D3CC-48B4-85A8-83164D97E907}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{E51B6BB0-5CAD-4B43-B58B-0FB3A906B006}C:\program files\paltalk messenger\paltalk.exe" = protocol=6 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"UDP Query User{368B424A-D06B-4CE4-82C3-050081E4FCC9}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{7323632B-7CC9-40F9-9626-62E6D2328738}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8174DA41-A33B-454C-989F-AEC464CE36C2}C:\program files\paltalk messenger\paltalk.exe" = protocol=17 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"UDP Query User{A6A3DF37-E82E-4499-A891-C1774BE14189}C:\program files\microsoft research\microsoft worldwide telescope\wwtexplorer.exe" = protocol=17 | dir=in | app=c:\program files\microsoft research\microsoft worldwide telescope\wwtexplorer.exe |
"UDP Query User{C33DBAA3-2234-4B5C-A06A-D7F9DB9E10E4}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{052A55B1-0182-4551-93CD-2D078A120CAB}" = TurboTax 2008 wnciper
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{061F7D1F-A74E-4262-A835-AF4DF0F91F02}" = Rosetta Stone 2.1.5.3A
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1B868720-ED88-4531-8892-3A35A76E48FE}" = TurboTax 2010 wfliper
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2BDF38E0-1A7F-4220-B4B7-118DD45E5E13}" = TOSHIBA Supervisor Password
"{2E97DE76-851A-48AA-A0D6-665860FAD9CA}" = Keyspan USB Serial Adapter
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{335424A2-2C4E-49F3-A066-58635269DB83}" = Sentinel Protection Installer 7.4.2
"{345112D9-0930-4A68-AB71-A831BA5DE7AA}" = Microsoft IntelliType Pro 6.2
"{35A81F0A-A1CA-458D-8FCD-7D838E3D95FF}" = Microsoft WorldWide Telescope
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3A90BE50-EAA2-012B-AE2D-000000000000}" = TurboTax 2009 wnciper
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{45F8CDEE-7F2D-4601-B300-EB83DEE8F156}" = TurboTax 2010 wnciper
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}" = SonicWALL Global VPN Client
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F0EAB09-C7C7-401D-9E94-381D69CF5157}" = Brother HL-2070N
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK RTL8187B Wireless LAN Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{76E6BBAA-25E6-4BFC-9613-75A5CACE2940}" = Olympus DSS Player
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}" = LogMeIn
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}" = Brother MFL-Pro Suite
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA1B9602-3120-4A28-913B-AAA59A2CEEEB}" = Sony Player Plugin for Windows Media Player
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}" = TOSHIBA Hardware Setup
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EDAA13FC-09F8-4375-B0C7-794BF9761104}" = My Faster PC
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"CToolbar_UNINSTALL" = Inbox.com Toolbar
"FILE RECOVERY for WindowsNSIS" = FILE RECOVERY for Windows
"Git_is1" = Git version 1.7.6-preview20110708
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{061F7D1F-A74E-4262-A835-AF4DF0F91F02}" = Rosetta Stone 2.1.5.3A
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"InSync" = InSync for StenoCAT32
"Juniper Network Connect 6.3.0" = Juniper Networks Network Connect 6.3.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"LDADP32" = SANYO LD-ADPCM Audio CODEC uninstall
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Maps4PC_0cbar Uninstall" = Maps4PC
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"MSC" = McAfee Total Protection
"Musicnotes Player_is1" = Musicnotes Player V1.23.2
"NCTAudioConvert ActiveX EXE Server_is1" = NCTAudioConvert ActiveX EXE Server 2.7.3
"Opera 11.51.1087" = Opera 11.51
"PalTalk8.2" = Paltalk Messenger
"Picasa2" = Picasa 2
"RealPlayer 15.0" = RealPlayer
"Recover My Files_is1" = Recover My Files
"SelectRebatesUninstall" = ShopAtHome.com Toolbar
"Speex for Windows_is1" = Speex for Windows 1.0.5
"Start Stop Universal Transcription System9.7.7" = Start Stop Universal Transcription System
"StenoCAT 32" = StenoCAT 32
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax Home & Business 2007" = TurboTax Home & Business 2007
"TurboTax Premier 2007" = TurboTax Premier 2007
"TurboTax Premier Investments 2006" = TurboTax Premier Investments 2006
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"WildTangent toshiba Master Uninstall" = TOSHIBA Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.198
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/1/2012 3:39:44 AM | Computer Name = deborahkha-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module MSHTML.dll, version 9.0.8112.16440, time stamp 0x4eb31d5a,
exception code 0xc0000005, fault offset 0x00301d71, process id 0x8cc, application
start time 0x01ccc85643c448ef.

Error - 1/1/2012 4:04:22 AM | Computer Name = deborahkha-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x27658a10, process id 0xd08, application start time
0x01ccc858e83cd43f.

Error - 1/1/2012 4:34:04 AM | Computer Name = deborahkha-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module MSHTML.dll, version 9.0.8112.16440, time stamp 0x4eb31d5a,
exception code 0xc0000005, fault offset 0x00301d71, process id 0x9cc, application
start time 0x01ccc85c4b422677.

Error - 1/1/2012 12:00:23 PM | Computer Name = deborahkha-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/1/2012 12:00:24 PM | Computer Name = deborahkha-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/1/2012 12:34:35 PM | Computer Name = deborahkha-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0b8f59b0, process id 0xc88, application start time
0x01ccc8a1605622c5.

Error - 1/1/2012 1:58:59 PM | Computer Name = deborahkha-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x510c7160, process id 0x63c, application start time
0x01ccc8a3b06cf705.

Error - 1/1/2012 2:49:51 PM | Computer Name = deborahkha-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module Flash11e.ocx, version 11.1.102.55, time stamp 0x4eaf89fc,
exception code 0xc0000005, fault offset 0x00666dd4, process id 0xb0c, application
start time 0x01ccc8b068ba42ed.

Error - 1/1/2012 3:00:26 PM | Computer Name = deborahkha-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x07281a18, process id 0x1014, application start time
0x01ccc8b6ed092135.

Error - 1/1/2012 5:51:42 PM | Computer Name = deborahkha-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x09c64b38, process id 0x568, application start time
0x01ccc8ce871a4478.

[ Media Center Events ]
Error - 9/11/2008 3:01:41 PM | Computer Name = deborahkha-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 10/18/2008 9:40:15 PM | Computer Name = deborahkha-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/24/2009 5:29:39 PM | Computer Name = deborahkha-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/3/2009 5:29:03 PM | Computer Name = deborahkha-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/5/2009 9:32:08 PM | Computer Name = deborahkha-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/4/2009 6:32:56 PM | Computer Name = deborahkha-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/29/2011 12:10:22 AM | Computer Name = deborahkha-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
try to ping [You must be registered and logged in to see this link.] prior to filing a bug.; Win32 GetLastError returned 10000109
Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 8/10/2008 5:22:52 PM | Computer Name = deborahkha-PC | Source = Print | ID = 6161
Description = The document Invoice_D89561[1].pdf, owned by deborahkha, failed to
print on printer Brother HL-2070N series (Copy 1). Try to print the document again,
or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in
bytes: 1179648. Number of bytes printed: 0. Total number of pages in the document:
1. Number of pages printed: 0. Client computer: \\DEBORAHKHA-PC. Win32 error code
returned by the print processor: 2. The system cannot find the file specified.

Error - 8/11/2008 4:57:00 PM | Computer Name = deborahkha-PC | Source = yukonwlh | ID = 458853
Description = Driver has encountered an internal error

Error - 8/11/2008 4:57:00 PM | Computer Name = deborahkha-PC | Source = yukonwlh | ID = 458853
Description = Driver has encountered an internal error

Error - 8/12/2008 10:25:53 AM | Computer Name = deborahkha-PC | Source = HTTP | ID = 15016
Description =

Error - 8/12/2008 10:27:14 AM | Computer Name = deborahkha-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/12/2008 10:27:14 AM | Computer Name = deborahkha-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/12/2008 1:33:05 PM | Computer Name = deborahkha-PC | Source = HTTP | ID = 15016
Description =

Error - 8/12/2008 1:34:38 PM | Computer Name = deborahkha-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/12/2008 1:34:38 PM | Computer Name = deborahkha-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/12/2008 1:49:42 PM | Computer Name = deborahkha-PC | Source = BROWSER | ID = 8032
Description =


< End of report >

deborahkha
Beginner
Beginner

Status :
Online
Offline

Posts : 3
Joined : 2012-01-01
OS : windows vista home premium

View user profile

Back to top Go down

Re: Artemis virus infection/black screen

Post by deborahkha on Mon Jan 02, 2012 12:17 am

After running the OLT file, I have recovered my Desktop icons however the Desktop screen is still black. Also when I click the start button, the menu screen has many missing items.

deborahkha
Beginner
Beginner

Status :
Online
Offline

Posts : 3
Joined : 2012-01-01
OS : windows vista home premium

View user profile

Back to top Go down

Re: Artemis virus infection/black screen

Post by Belahzur on Tue Jan 03, 2012 12:46 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum