Virus Infection with Black Desktop Screen

View previous topic View next topic Go down

Virus Infection with Black Desktop Screen

Post by southernsungal on Thu Jan 19, 2012 10:09 pm

A virus has caused my computer to crash. Running in safe mode, I get a black Desktop screen and most of my icons have disappeared. I have run Malwarebytes Anti-Malware but it has not restored my computer. I have run OLT and aswMBR. I am attaching these reports to this post although I will have to break it up in several pieces. I am hoping you can help me get rid of this virus. Many thanks.

southernsungal
Novice
Novice

Posts Posts : 19
Joined Joined : 2012-01-19
OS OS : windows vista home premium
Points Points : 18093
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Infection with Black Desktop Screen

Post by southernsungal on Thu Jan 19, 2012 10:16 pm

OTL logfile created on: 1/19/2012 11:21:36 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\deborahkha\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 42.27% Memory free
4.23 Gb Paging File | 3.24 Gb Available in Paging File | 76.56% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 464.29 Gb Total Space | 281.67 Gb Free Space | 60.67% Space Free | Partition Type: NTFS

Computer Name: DEBORAHKHA-PC | User Name: deborahkha | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/19 10:53:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\deborahkha\Downloads\OTL (1).com
PRC - [2011/12/24 17:50:16 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/11/22 17:18:26 | 001,318,816 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/18 22:33:12 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe


========== Modules (No Company Name) ==========

MOD - [2011/07/08 12:54:34 | 000,323,245 | ---- | M] () -- C:\Program Files\Git\git-cheetah\git_shell_ext.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LiveUpdate Notice Ex)
SRV - [2011/12/20 00:03:48 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/12/20 00:03:12 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/10/18 14:32:30 | 000,150,856 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2011/10/18 14:28:34 | 000,160,608 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011/10/18 14:28:18 | 000,166,288 | ---- | M] () [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/08/10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/17 15:38:42 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/12/16 13:21:06 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/13 02:39:16 | 000,431,472 | ---- | M] (Juniper Networks) [Auto | Stopped] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2008/03/21 07:42:00 | 000,204,920 | ---- | M] (SafeNet, Inc) [Auto | Stopped] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2008/03/21 01:20:10 | 000,327,800 | ---- | M] (SafeNet, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/09/24 19:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/09/19 13:01:12 | 000,077,824 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/29 12:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/02/25 23:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/02/16 19:40:50 | 000,069,632 | ---- | M] (OLYMPUS IMAGING CORP.) [Auto | Stopped] -- C:\Program Files\Olympus\DeviceDetector\DM1Service.exe -- (DM1Service)
SRV - [2007/01/25 20:47:50 | 000,136,816 | -H-- | M] () [Auto | Stopped] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/11/14 22:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Stopped] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2004/08/16 18:03:50 | 000,114,786 | ---- | M] (SonicWALL, Inc.) [On_Demand | Stopped] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe -- (RampartSvc)


========== Driver Services (SafeList) ==========

DRV - [2012/01/19 08:25:05 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/12/20 00:03:15 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/12/17 01:52:07 | 000,024,192 | ---- | M] (Keyspan) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usa19h2kp.sys -- (USA19H2KP)
DRV - [2011/12/17 01:52:06 | 000,704,000 | ---- | M] (Keyspan) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usa19h2k.sys -- (USA19H)
DRV - [2011/12/17 01:52:04 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2011/12/17 01:52:03 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2011/12/17 01:52:01 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2011/12/17 01:52:00 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2011/12/17 01:51:55 | 000,035,328 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2011/12/17 01:51:52 | 000,088,896 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2011/12/17 01:51:51 | 000,252,416 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2011/12/17 01:51:47 | 000,078,032 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\RCFOX.SYS -- (RCFOX)
DRV - [2011/12/17 01:51:23 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2011/12/17 01:51:23 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2011/12/17 01:51:22 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2011/12/17 01:51:15 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2011/12/17 01:51:14 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2011/12/17 01:51:14 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2011/12/17 01:51:11 | 000,023,552 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2011/12/17 01:51:06 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/12/17 01:51:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2011/12/17 00:21:10 | 000,014,664 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\GetSusp.sys -- (GetSusp)
DRV - [2011/10/15 13:16:16 | 000,464,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/10/15 13:16:16 | 000,338,176 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/10/15 13:16:16 | 000,180,816 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/10/15 13:16:16 | 000,165,680 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2011/10/15 13:16:16 | 000,121,256 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/10/15 13:16:16 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/10/15 13:16:16 | 000,064,880 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2011/10/15 13:16:16 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/07/24 17:46:08 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/02/28 14:31:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {f24df03f-d7f1-40b8-a63a-9d2be4908f39} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Maps4PC_0c.com/Plugin: C:\Program Files\Maps4PC_0c\bar\1.bin\NP0cStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsnffpl.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\deborahkha\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/10 06:36:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\0cffxtbr@Maps4PC_0c.com: C:\Program Files\Maps4PC_0c\bar\1.bin [2011/12/28 20:35:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/19 09:41:09 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012/01/19 03:39:49 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\deborahkha\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: MindSpark Toolbar Platform Plugin Stub (Enabled) = C:\Program Files\Maps4PC_0c\bar\1.bin\NP0cStub.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\deborahkha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\deborahkha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: SiteAdvisor = C:\Users\deborahkha\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\deborahkha\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Users\deborahkha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2001/08/23 01:00:00 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Inbox.com Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Inbox\ctbr.dll (Crawler.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111225232200.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (&Inbox.com Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Inbox\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [CrawlerMail] c:\Program Files\Inbox\CMail.exe (Crawler.com)
O4 - HKCU..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O8 - Extra context menu item: Inbox Search - tbr:iemenu File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} [You must be registered and logged in to see this link.] (Musicnotes Viewer)
O16 - DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} [You must be registered and logged in to see this link.] (WebWatch Class)
O16 - DPF: {89AA55A4-B9E2-430F-BAE3-1436DAB56A4E} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} [You must be registered and logged in to see this link.] (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} [You must be registered and logged in to see this link.] (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.231.160.10 216.231.160.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CB7A4F3-9A18-4BFA-828B-D5AD2EDD9B90}: DhcpNameServer = 172.16.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63909570-3A01-4129-8C16-7C0245669337}: DhcpNameServer = 216.231.160.10 216.231.160.2
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Inbox\ctbr.dll (Crawler.com)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk - C:\Program Files\Paltalk Messenger\paltalk.exe - (AVM Software Inc.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: BrMfcWnd - hkey= - key= - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: DefragReminder - hkey= - key= - C:\Program Files\ConsumerSoft\My Faster PC\My Defragmenter\DefragReminder.exe (ConsumerSoft)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
MsConfig - StartUpReg: Maps4PC_0c Browser Plugin Loader - hkey= - key= - File not found
MsConfig - StartUpReg: My Faster PC - hkey= - key= - C:\Program Files\ConsumerSoft\My Faster PC\MFPCHelper.exe (ConsumerSoft)
MsConfig - StartUpReg: NDSTray.exe - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SelectRebates - hkey= - key= - C:\Program Files\SelectRebates\SelectRebates.exe ()
MsConfig - StartUpReg: Symantec PIF AlertEng - hkey= - key= - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: TOSCDSPD - hkey= - key= - File not found
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: Messenger - File not found
SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SafeBootNet: mfefirek - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfefirek.sys - C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfehidk - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfehidk.sys - C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfevtp - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices


southernsungal
Novice
Novice

Posts Posts : 19
Joined Joined : 2012-01-19
OS OS : windows vista home premium
Points Points : 18093
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Infection with Black Desktop Screen

Post by southernsungal on Thu Jan 19, 2012 10:19 pm

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.alf2cd - C:\Windows\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ldadpcm - C:\Windows\System32\LDADP32.acm (SANYO Electric Co., Ltd.)
Drivers32: msacm.rhetorex - rhetorex.acm File not found
Drivers32: msacm.speexacm - C:\Windows\System32\speexw.acm (http://www.speex.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/01/19 08:24:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/01/19 08:23:58 | 000,000,000 | ---D | C] -- C:\Users\deborahkha\Desktop\Rescue
[2012/01/19 03:14:14 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/01/18 18:50:41 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/01/02 15:21:18 | 000,000,000 | ---D | C] -- C:\Users\deborahkha\Desktop\OLT
[2011/12/28 21:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/12/28 21:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/28 21:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/12/28 18:27:54 | 000,000,000 | ---D | C] -- C:\Users\deborahkha\AppData\Roaming\Malwarebytes
[2011/12/28 18:27:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/28 18:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/28 18:27:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/28 18:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/28 13:39:52 | 000,000,000 | ---D | C] -- C:\Users\deborahkha\AppData\Roaming\RealNetworks
[2011/12/28 06:33:56 | 000,000,000 | -H-D | C] -- C:\Users\deborahkha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2006/10/31 10:08:36 | 000,018,944 | ---- | C] ( ) -- C:\Windows\System32\Implode.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/19 10:47:41 | 000,001,356 | ---- | M] () -- C:\Users\deborahkha\AppData\Local\d3d9caps.dat
[2012/01/19 08:25:05 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/01/19 08:24:43 | 000,001,746 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2012/01/19 08:20:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/19 03:36:42 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/19 03:36:42 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/19 03:19:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/19 03:02:11 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/19 03:02:11 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/19 01:54:03 | 000,000,426 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version2.job
[2012/01/18 18:52:50 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/31 22:50:57 | 209,790,561 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/12/28 21:49:05 | 000,001,844 | -H-- | M] () -- C:\Users\deborahkha\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (2).lnk
[2011/12/28 21:42:20 | 000,001,844 | -H-- | M] () -- C:\Users\deborahkha\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/12/28 21:07:06 | 000,001,106 | ---- | M] () -- C:\Users\deborahkha\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/28 21:07:06 | 000,001,082 | ---- | M] () -- C:\Users\deborahkha\Desktop\Spybot - Search & Destroy.lnk
[2011/12/28 18:27:23 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/28 15:48:16 | 000,003,085 | -H-- | M] () -- C:\Users\deborahkha\Desktop\WWT ¦ Mars.lnk
[2011/12/28 15:48:16 | 000,003,085 | -H-- | M] () -- C:\Users\deborahkha\Desktop\WorldWide Telescope.lnk
[2011/12/28 15:48:16 | 000,001,770 | -H-- | M] () -- C:\Users\deborahkha\Desktop\StenoCAT 32.lnk
[2011/12/28 15:48:16 | 000,000,986 | -H-- | M] () -- C:\Users\deborahkha\Desktop\Upgrade to Paltalk Extreme.lnk
[2011/12/28 15:48:16 | 000,000,210 | -H-- | M] () -- C:\Users\deborahkha\Desktop\System Check.lnk
[2011/12/28 15:48:15 | 000,002,252 | -H-- | M] () -- C:\Users\deborahkha\Desktop\Start Stop Universal.lnk
[2011/12/28 15:48:15 | 000,001,956 | -H-- | M] () -- C:\Users\deborahkha\Desktop\Recover My Files.lnk
[2011/12/28 15:48:14 | 000,001,753 | -H-- | M] () -- C:\Users\deborahkha\Desktop\Paltalk Messenger.lnk
[2011/12/28 15:48:13 | 000,001,854 | -H-- | M] () -- C:\Users\deborahkha\Desktop\Get Tech Support.lnk
[2011/12/28 15:48:13 | 000,001,814 | -H-- | M] () -- C:\Users\deborahkha\Desktop\Internet Explorer.lnk
[2011/12/28 15:48:12 | 000,000,156 | -H-- | M] () -- C:\Users\deborahkha\Desktop\From Recycle Bin.lnk
[2011/12/28 12:44:47 | 000,000,646 | -H-- | M] () -- C:\Users\deborahkha\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2011/12/27 20:06:13 | 004,998,575 | -H-- | M] () -- C:\Users\deborahkha\Desktop\DSCF3283.JPG
[2011/12/27 20:05:30 | 006,378,152 | -H-- | M] () -- C:\Users\deborahkha\Desktop\DSCF3288.JPG
[2011/12/27 18:00:00 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011/12/24 08:39:30 | 028,804,642 | -H-- | M] () -- C:\Users\deborahkha\Desktop\Strange-Universe-32k-121511.mp3
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/29 14:13:45 | 000,001,746 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk
[2011/12/28 21:49:05 | 000,001,844 | -H-- | C] () -- C:\Users\deborahkha\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (2).lnk
[2011/12/28 21:42:20 | 000,001,844 | -H-- | C] () -- C:\Users\deborahkha\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
[2011/12/28 21:07:06 | 000,001,106 | ---- | C] () -- C:\Users\deborahkha\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/12/28 21:07:06 | 000,001,082 | ---- | C] () -- C:\Users\deborahkha\Desktop\Spybot - Search & Destroy.lnk
[2011/12/28 18:27:23 | 000,000,935 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/28 12:44:47 | 000,000,646 | -H-- | C] () -- C:\Users\deborahkha\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2011/12/28 06:33:56 | 000,000,210 | -H-- | C] () -- C:\Users\deborahkha\Desktop\System Check.lnk
[2011/10/11 17:29:40 | 000,000,000 | -H-- | C] () -- C:\Users\deborahkha\AppData\Local\{BB8826C5-F365-49FB-92A2-E8BF93CD2148}
[2011/10/11 17:28:39 | 000,000,000 | -H-- | C] () -- C:\Users\deborahkha\AppData\Local\{4C6A8998-068A-4E34-BD7F-0D0BD5F753E8}
[2010/09/06 09:49:07 | 000,000,116 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2009/10/19 16:39:47 | 000,001,356 | ---- | C] () -- C:\Users\deborahkha\AppData\Local\d3d9caps.dat
[2009/10/11 17:16:28 | 000,000,094 | -H-- | C] () -- C:\Windows\brpcfx.ini
[2009/10/11 17:16:27 | 000,000,228 | -H-- | C] () -- C:\Windows\Brpfx04a.ini
[2009/10/11 17:16:27 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd8860dn.dat
[2009/10/11 17:07:38 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2009/10/11 17:07:31 | 000,000,066 | -H-- | C] () -- C:\Windows\Brfaxrx.ini
[2009/10/11 17:07:29 | 000,000,000 | -H-- | C] () -- C:\Windows\brdfxspd.dat
[2009/10/11 17:07:28 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2009/09/16 21:15:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/16 21:15:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/11/04 17:56:05 | 000,002,402 | ---- | C] () -- C:\Windows\scedit.ini
[2008/07/27 13:06:12 | 000,000,165 | ---- | C] () -- C:\Windows\Quicken.ini
[2008/07/27 12:48:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/07/05 21:56:11 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008/06/06 09:39:20 | 000,000,000 | ---- | C] () -- C:\Windows\ToDisc.INI
[2008/06/03 20:29:17 | 000,081,920 | R--- | C] () -- C:\Windows\System32\dsp_trc.dll
[2008/04/07 20:10:30 | 000,029,184 | -H-- | C] () -- C:\Users\deborahkha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/27 13:03:36 | 000,000,368 | -H-- | C] () -- C:\Users\deborahkha\AppData\Roaming\wklnhst.dat
[2008/03/26 21:23:03 | 000,000,146 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2008/03/26 21:23:03 | 000,000,023 | -H-- | C] () -- C:\Windows\Brownie.ini
[2008/03/26 21:23:03 | 000,000,000 | -H-- | C] () -- C:\Windows\brmx2001.ini
[2008/03/26 21:23:02 | 000,008,975 | ---- | C] () -- C:\Windows\HL-2070N.INI
[2008/03/26 21:23:02 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2008/03/26 21:22:55 | 000,000,464 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2008/03/26 21:22:55 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2070N.DAT
[2008/03/24 17:54:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DM1USBAPIVB.dll
[2008/03/24 14:13:27 | 000,049,152 | ---- | C] () -- C:\Windows\System32\k19hinst.dll
[2008/03/23 17:05:12 | 000,215,144 | R--- | C] () -- C:\Windows\patchw32.dll
[2008/03/23 17:04:13 | 000,215,144 | R--- | C] () -- C:\Windows\pw32a.dll
[2008/03/23 16:50:55 | 000,128,104 | ---- | C] () -- C:\Windows\System32\drivers\WimFltr.sys
[2008/03/23 16:05:11 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/23 16:05:10 | 000,001,644 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/03/23 15:40:32 | 000,036,352 | ---- | C] () -- C:\Windows\System32\Sx32w.dll
[2008/03/23 15:19:44 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2007/11/06 17:23:34 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/11/06 17:13:22 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/11/06 17:13:22 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/11/06 17:13:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/11/06 17:13:22 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/11/06 17:13:22 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/11/06 17:13:22 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/11/06 16:33:45 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/11/06 16:33:45 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/11/06 16:33:44 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/11/06 16:33:44 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/11/06 16:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2007/11/06 16:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2007/11/06 16:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/11/06 16:27:21 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/09/13 17:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 17:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 17:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/09/13 17:11:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/12/05 15:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,335,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,604,502 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,104,170 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/31 10:08:20 | 000,030,793 | ---- | C] () -- C:\Windows\System32\crtslv.dll
[2006/10/31 10:07:48 | 000,172,102 | ---- | C] () -- C:\Windows\System32\CRAnalyzer.dll
[2006/10/26 17:56:43 | 000,049,152 | ---- | C] () -- C:\Windows\System32\sndcvtlb.dll
[2006/10/26 17:56:29 | 000,348,672 | ---- | C] () -- C:\Windows\System32\HIDWatch.dll
[2006/10/26 17:55:48 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2006/03/09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/22 23:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2008/04/05 22:25:51 | 013,413,048 | -H-- | M] () -- C:\Users\deborahkha\Desktop\Google_Earth_BZXV.exe
[2004/06/04 14:46:00 | 002,662,650 | -H-- | M] () -- C:\Users\deborahkha\Desktop\grant-writing-pc-version.exe
[2007/05/09 15:32:20 | 000,094,208 | -H-- | M] (Seagate Services) -- C:\Users\deborahkha\Desktop\msov.exe
[2008/11/04 17:48:46 | 032,646,167 | -H-- | M] () -- C:\Users\deborahkha\Desktop\SC32 Setup.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2010/09/14 12:42:59 | 000,072,080 | -H-- | M] () -- C:\Users\deborahkha\g2mdlhlpx.exe
[2008/01/18 22:33:34 | 000,163,840 | -H-- | M] (Microsoft Corporation) -- C:\Users\deborahkha\taskmgr.exe

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2007/12/11 07:13:37 | 000,000,000 | ---D | M] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2011/08/13 19:59:33 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2011/11/03 22:27:36 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2010/07/09 11:07:47 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/10/11 17:10:49 | 000,000,000 | ---D | M] -- C:\Program Files\Brother
[2008/03/26 21:31:18 | 000,000,000 | ---D | M] -- C:\Program Files\Brownie
[2008/03/25 15:54:11 | 000,000,000 | ---D | M] -- C:\Program Files\Citrix
[2011/11/19 09:41:34 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2011/04/05 18:04:14 | 000,000,000 | ---D | M] -- C:\Program Files\ConsumerSoft
[2011/05/16 09:14:49 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2011/12/09 23:28:12 | 000,000,000 | ---D | M] -- C:\Program Files\GetData
[2011/08/23 20:37:37 | 000,000,000 | ---D | M] -- C:\Program Files\Git
[2011/09/26 08:55:57 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/03/23 16:05:22 | 000,000,000 | ---D | M] -- C:\Program Files\HTH Engineering, Inc
[2011/12/19 13:57:36 | 000,000,000 | -H-D | M] -- C:\Program Files\Inbox
[2010/05/25 11:25:33 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2007/11/06 16:22:40 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/12/15 03:26:57 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2007/11/06 17:13:21 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2007/11/06 16:56:59 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2008/04/05 23:12:14 | 000,000,000 | ---D | M] -- C:\Program Files\ItsDeductible2006
[2007/11/06 17:08:04 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2009/06/16 20:00:05 | 000,000,000 | ---D | M] -- C:\Program Files\Juniper Networks
[2008/03/24 15:14:39 | 000,000,000 | ---D | M] -- C:\Program Files\Keyspan
[2011/12/20 23:17:27 | 000,000,000 | ---D | M] -- C:\Program Files\LogMeIn
[2007/11/06 16:33:44 | 000,000,000 | ---D | M] -- C:\Program Files\ltmoh
[2011/12/28 18:27:32 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/27 12:59:23 | 000,000,000 | ---D | M] -- C:\Program Files\Maps4PC_0c
[2011/08/27 12:58:53 | 000,000,000 | ---D | M] -- C:\Program Files\Maps4PC_0cEI
[2007/11/06 16:25:23 | 000,000,000 | ---D | M] -- C:\Program Files\Marvell
[2010/04/25 21:37:30 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2010/12/03 06:49:23 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2010/04/27 09:00:46 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee.com
[2006/11/02 06:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2008/04/09 22:23:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliType Pro
[2011/07/07 20:49:22 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/01/30 18:23:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Research
[2011/10/14 02:37:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/12/15 03:11:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/06/25 02:02:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/13 02:34:43 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2006/11/02 06:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2007/11/06 15:06:17 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/01/14 14:23:49 | 000,000,000 | ---D | M] -- C:\Program Files\Musicnotes
[2008/04/28 23:01:38 | 000,000,000 | ---D | M] -- C:\Program Files\Napster
[2008/05/28 10:26:26 | 000,000,000 | ---D | M] -- C:\Program Files\NCH Swift Sound
[2008/03/23 16:01:42 | 000,000,000 | ---D | M] -- C:\Program Files\NCT
[2010/09/15 00:12:10 | 000,000,000 | ---D | M] -- C:\Program Files\NeatWorks
[2008/05/28 10:55:27 | 000,000,000 | ---D | M] -- C:\Program Files\Netflix
[2011/12/17 00:50:15 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Confidential
[2008/03/24 17:50:43 | 000,000,000 | ---D | M] -- C:\Program Files\Olympus
[2011/10/09 18:08:12 | 000,000,000 | ---D | M] -- C:\Program Files\Opera
[2011/09/20 20:31:14 | 000,000,000 | ---D | M] -- C:\Program Files\Paltalk Messenger
[2009/03/04 23:21:54 | 000,000,000 | ---D | M] -- C:\Program Files\ParetoLogic
[2007/11/06 16:48:22 | 000,000,000 | ---D | M] -- C:\Program Files\Picasa2
[2010/08/07 20:23:00 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
[2010/07/09 11:15:16 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2011/11/19 09:41:46 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2007/11/06 16:27:19 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2007/12/11 07:29:41 | 000,000,000 | ---D | M] -- C:\Program Files\REALTEK RTL8187B Wireless LAN Driver
[2006/11/02 06:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/03/15 00:01:21 | 000,000,000 | ---D | M] -- C:\Program Files\Rosetta Stone
[2008/11/04 18:01:29 | 000,000,000 | ---D | M] -- C:\Program Files\SafeNet Sentinel
[2011/04/13 03:25:43 | 000,000,000 | -H-D | M] -- C:\Program Files\SelectRebates
[2008/03/24 18:13:42 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2008/03/24 18:11:57 | 000,000,000 | ---D | M] -- C:\Program Files\SonicWALL
[2008/06/03 20:29:16 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2011/12/28 21:29:34 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2008/11/04 17:58:36 | 000,000,000 | ---D | M] -- C:\Program Files\StenoCAT 32
[2007/11/06 16:30:50 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2007/12/11 07:37:45 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba
[2007/11/06 16:46:35 | 000,000,000 | ---D | M] -- C:\Program Files\TOSHIBA Games
[2008/05/20 23:01:03 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba Registration
[2011/09/17 21:22:23 | 000,000,000 | ---D | M] -- C:\Program Files\TurboTax
[2007/11/06 17:09:41 | 000,000,000 | ---D | M] -- C:\Program Files\Ulead Systems
[2006/11/02 07:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/10/04 12:05:07 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2009/10/04 12:05:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2009/10/04 12:04:57 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009/10/04 12:05:04 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2012/01/19 03:06:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2007/11/06 17:12:51 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Components
[2010/10/15 02:27:59 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 06:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2009/10/04 12:05:01 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2009/11/18 03:22:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
[2009/10/04 12:05:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar


< MD5 for: AGP440.SYS >
[2008/01/18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2011/12/17 01:50:59 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 03:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 00:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/18 22:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/18 22:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 03:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/03/24 16:37:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/03/24 16:37:10 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/03/24 16:37:09 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: DISK.SYS >
[2009/04/11 00:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\drivers\disk.sys
[2009/04/11 00:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys
[2009/04/11 00:32:31 | 000,053,736 | ---- | M] (Microsoft Corporation) MD5=5D4AEFC3386920236A548271F8F1AF6A -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys
[2008/01/18 22:42:22 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys
[2008/01/18 22:42:22 | 000,055,352 | ---- | M] (Microsoft Corporation) MD5=64109E623ABD6955C8FB110B592E68B7 -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys
[2006/11/02 03:49:51 | 000,052,840 | ---- | M] (Microsoft Corporation) MD5=841AF4C4D41D3E3B2F244E976B0F7963 -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 03:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 00:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/18 22:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2011/12/17 01:51:43 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/18 22:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/18 22:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-19 09:14:31

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/05 03:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/05 03:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/05 03:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/01/05 03:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/26 21:35:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/26 21:35:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/26 21:35:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/26 21:35:28 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/26 21:35:28 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2011/10/09 18:07:45 | 000,947,056 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2011/10/09 18:07:45 | 000,947,056 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2011/10/09 18:07:45 | 000,947,056 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2011/10/09 18:07:45 | 000,947,056 | ---- | M] (Opera Software)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/05 03:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/05 03:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/05 03:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/01/05 03:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/26 21:35:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/26 21:35:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/26 21:35:27 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/05/26 21:35:28 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/05/26 21:35:28 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2011/10/09 18:07:45 | 000,947,056 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2011/10/09 18:07:45 | 000,947,056 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2011/10/09 18:07:45 | 000,947,056 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2011/10/09 18:07:45 | 000,947,056 | ---- | M] (Opera Software)

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:63238B95
@Alternate Data Stream - 1050 bytes -> C:\Users\deborahkha\Documents\Emailing_ Pensacola Jobs and Florida Jobs from pensacolanewsjournal_com and CareerBuilder.eml:OECustomProperty

< End of report >

southernsungal
Novice
Novice

Posts Posts : 19
Joined Joined : 2012-01-19
OS OS : windows vista home premium
Points Points : 18093
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Infection with Black Desktop Screen

Post by southernsungal on Thu Jan 19, 2012 10:21 pm

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-19 15:48:10
-----------------------------
15:48:10.597 OS Version: Windows 6.0.6002 Service Pack 2
15:48:10.597 Number of processors: 2 586 0xF0D
15:48:10.598 ComputerName: DEBORAHKHA-PC UserName: deborahkha
15:48:13.580 Initialize success
15:48:40.802 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
15:48:40.804 Disk 0 Vendor: WDC_WD5000BEKT-00KA9T0 01.01A01 Size: 476940MB BusType: 3
15:48:40.807 Disk 0 MBR read successfully
15:48:40.809 Disk 0 MBR scan
15:48:40.811 Disk 0 TDL4@MBR code has been found
15:48:40.813 Disk 0 Windows VISTA default MBR code found via API
15:48:40.816 Disk 0 MBR hidden
15:48:40.827 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1506 MB offset 63
15:48:40.830 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 475432 MB offset 3084480
15:48:40.833 Disk 0 MBR [TDL4] **ROOTKIT**
15:48:40.836 Disk 0 trace - called modules:
15:48:40.840 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x866c349f]<<
15:48:40.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8618b780]
15:48:40.846 3 CLASSPNP.SYS[83a4e8b3] -> nt!IofCallDriver -> [0x86572a60]
15:48:40.851 \Driver\atapi[0x8658af38] -> IRP_MJ_CREATE -> 0x866c349f
15:48:40.855 Scan finished successfully
15:49:38.478 Disk 0 MBR has been saved successfully to "C:\Users\deborahkha\Desktop\MBR.dat"
15:49:38.483 The log file has been saved successfully to "C:\Users\deborahkha\Desktop\aswMBR.txt"



southernsungal
Novice
Novice

Posts Posts : 19
Joined Joined : 2012-01-19
OS OS : windows vista home premium
Points Points : 18093
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Infection with Black Desktop Screen

Post by southernsungal on Thu Jan 19, 2012 11:00 pm

OTL Extras logfile created on: 1/1/2012 4:29:47 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\deborahkha\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.65 Gb Available Physical Memory | 32.43% Memory free
4.22 Gb Paging File | 2.24 Gb Available in Paging File | 53.24% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 464.29 Gb Total Space | 281.34 Gb Free Space | 60.60% Space Free | Partition Type: NTFS

Computer Name: DEBORAHKHA-PC | User Name: deborahkha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07F939F7-44D4-4816-A069-DA1BA9FA47B5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{16D42FE9-AF28-448B-A52B-D1050B2183D6}" = rport=137 | protocol=17 | dir=out | app=system |
"{1EAEAA78-0506-4FAA-B40A-FD9A9CE79E1F}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{287B07F8-42CC-4E0A-9FBC-C1F3E01ED276}" = lport=138 | protocol=17 | dir=in | app=system |
"{4D749B46-1E68-443B-9F44-CB3A07988C1C}" = lport=137 | protocol=17 | dir=in | app=system |
"{52E3AB05-4308-4E94-A378-3394C7D49930}" = rport=445 | protocol=6 | dir=out | app=system |
"{650DC0A6-FD2F-4393-A399-375155AC5C9F}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{75779C11-9C49-4286-AF58-2EF465E08E56}" = lport=445 | protocol=6 | dir=in | app=system |
"{89BEDD98-D8D0-4870-BBA1-92B1DDC2E5FA}" = rport=138 | protocol=17 | dir=out | app=system |
"{9561ACBB-73F2-4A92-9F11-BAE5FB8C9290}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BBA9D929-FB9F-4098-9080-EACC6FF85104}" = lport=139 | protocol=6 | dir=in | app=system |
"{F2CC86DF-4A39-46D9-BE2D-5BCECC2FDD08}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0073512D-1516-49DE-9728-46104A741BE1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{05BC3B3E-8DB0-472B-88D2-1CDA01816C2B}" = protocol=17 | dir=in | app=c:\program files\turbotax\premier 2007\32bit\updatemgr.exe |
"{126A62B9-EDE0-4275-91AB-656B6A872AC4}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{17DFA032-C273-4F52-91D1-01B1389EC6D5}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{19CBEAA7-5A9B-42AE-947F-93D1144D1171}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{2226B7CE-6539-4D78-AF86-6D386E25719A}" = protocol=6 | dir=in | app=c:\program files\turbotax\home & business 2007\32bit\ttax.exe |
"{224FCE98-3C86-4F15-9D7E-7DC620F800F0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{273E9A97-D4DC-4725-B11D-14AE4AF84254}" = protocol=17 | dir=in | app=c:\program files\turbotax\premier 2006\32bit\ttax.exe |
"{3D83234F-7AB1-42A0-BE93-C0DD87E3357A}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{411AB9AA-0DB3-4E67-932F-FF038BF7A946}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4A78F51D-0318-4A87-A5BA-98CFB55BE696}" = protocol=6 | dir=in | app=c:\program files\turbotax\premier 2007\32bit\ttax.exe |
"{4DCFCB96-D1D1-4F0F-A09D-73557A9DA715}" = protocol=6 | dir=in | app=c:\program files\turbotax\premier 2006\32bit\ttax.exe |
"{6685AF2B-387B-4E1E-A3EC-CF87F4B4DFCB}" = protocol=6 | dir=in | app=c:\program files\turbotax\premier 2006\32bit\updatemgr.exe |
"{6818431D-DC33-41E6-B9A8-B5AA32C3E400}" = protocol=6 | dir=in | app=c:\program files\turbotax\premier 2007\32bit\updatemgr.exe |
"{6D0AF584-81F8-402B-A534-FA35A552C0C3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{72834CC2-9C27-4625-96B7-21701B783213}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{79075B50-753C-4B93-BC33-6C93FE0B7457}" = protocol=17 | dir=in | app=c:\program files\turbotax\premier 2007\32bit\ttax.exe |
"{7DA8D555-B4E5-45C5-9F18-D7047A987742}" = protocol=17 | dir=in | app=c:\program files\turbotax\home & business 2007\32bit\updatemgr.exe |
"{84E3F656-398A-4EAE-9ECE-EDCB6EA84FBA}" = protocol=17 | dir=in | app=c:\program files\turbotax\home & business 2007\32bit\ttax.exe |
"{8EC0AAE9-DC5D-493E-B70E-E981D689B119}" = protocol=17 | dir=in | app=c:\users\deborahkha\desktop\audioconverter_setup.exe |
"{950CA4BD-7867-431C-B441-FA9088FFC810}" = protocol=6 | dir=in | app=c:\users\deborahkha\desktop\audioconverter_setup.exe |
"{9BFBDF24-1FFB-42C2-86F9-A5F41D72515A}" = protocol=17 | dir=in | app=c:\program files\turbotax\premier 2007\32bit\updatemgr.exe |
"{BB35F6A5-8F03-4857-8DA1-B319712D15A4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C3CF094E-FE08-4949-BD11-B15EDF703353}" = protocol=6 | dir=in | app=c:\program files\turbotax\home & business 2007\32bit\updatemgr.exe |
"{C6499659-7A8C-4AAA-BB8A-5BAE2EA15392}" = protocol=6 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe |
"{C8C51837-5657-4DEA-8218-BFB3C4DF90F6}" = protocol=17 | dir=in | app=c:\program files\turbotax\premier 2006\32bit\updatemgr.exe |
"{D157933D-D8DB-487C-B4FA-E4DFF5E71808}" = protocol=6 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel protection server\winnt\spnsrvnt.exe |
"{D631E0ED-47C5-498D-8BB1-53624228B976}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D7E87210-7758-42FD-869C-04DC157EC7C1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{DAC70D8B-E19B-4642-8500-51AC91EB42A0}" = protocol=17 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe |
"{DD4CF3FC-13CE-44CE-916A-0886AFDE091C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E51B6613-A2AA-43BE-9C97-DB88AE6F19D9}" = protocol=17 | dir=in | app=c:\program files\common files\safenet sentinel\sentinel protection server\winnt\spnsrvnt.exe |
"{E588986C-E0ED-4800-9B26-87EB3510BCF7}" = protocol=6 | dir=in | app=c:\program files\turbotax\premier 2007\32bit\ttax.exe |
"{E625C7AB-FBF4-4CDD-B3F5-D869B2B0C578}" = protocol=17 | dir=in | app=c:\program files\turbotax\premier 2007\32bit\ttax.exe |
"{E6A1A58F-D66A-4E93-BDCD-35EA08F986DB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EA6FB044-92D2-4804-9011-36A0CADA3AD7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{ECD78F2F-CBB9-4F87-853F-4429DF5DA501}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F34CC1A6-D316-45E9-88BB-5751DB811826}" = protocol=6 | dir=in | app=c:\program files\turbotax\premier 2007\32bit\updatemgr.exe |
"{FB0FC081-60C4-437F-9EAC-0FF5D54ACA0F}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{FD05791A-6BEC-49C6-95DD-063D89F3D867}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FDCC387F-580B-41BF-9E44-AB7B6FDDAAAB}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{24EC9BDC-BDC8-40B8-8F15-6B8C1EC8CDA9}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{7DE8ABA6-C916-497F-BA46-8286F211D0B8}C:\program files\microsoft research\microsoft worldwide telescope\wwtexplorer.exe" = protocol=6 | dir=in | app=c:\program files\microsoft research\microsoft worldwide telescope\wwtexplorer.exe |
"TCP Query User{A274FCAF-D196-4B97-9331-4225282D0F9C}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{BD57E78B-D3CC-48B4-85A8-83164D97E907}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{E51B6BB0-5CAD-4B43-B58B-0FB3A906B006}C:\program files\paltalk messenger\paltalk.exe" = protocol=6 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"UDP Query User{368B424A-D06B-4CE4-82C3-050081E4FCC9}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{7323632B-7CC9-40F9-9626-62E6D2328738}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8174DA41-A33B-454C-989F-AEC464CE36C2}C:\program files\paltalk messenger\paltalk.exe" = protocol=17 | dir=in | app=c:\program files\paltalk messenger\paltalk.exe |
"UDP Query User{A6A3DF37-E82E-4499-A891-C1774BE14189}C:\program files\microsoft research\microsoft worldwide telescope\wwtexplorer.exe" = protocol=17 | dir=in | app=c:\program files\microsoft research\microsoft worldwide telescope\wwtexplorer.exe |
"UDP Query User{C33DBAA3-2234-4B5C-A06A-D7F9DB9E10E4}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{052A55B1-0182-4551-93CD-2D078A120CAB}" = TurboTax 2008 wnciper
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{061F7D1F-A74E-4262-A835-AF4DF0F91F02}" = Rosetta Stone 2.1.5.3A
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1B868720-ED88-4531-8892-3A35A76E48FE}" = TurboTax 2010 wfliper
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2BDF38E0-1A7F-4220-B4B7-118DD45E5E13}" = TOSHIBA Supervisor Password
"{2E97DE76-851A-48AA-A0D6-665860FAD9CA}" = Keyspan USB Serial Adapter
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{335424A2-2C4E-49F3-A066-58635269DB83}" = Sentinel Protection Installer 7.4.2
"{345112D9-0930-4A68-AB71-A831BA5DE7AA}" = Microsoft IntelliType Pro 6.2
"{35A81F0A-A1CA-458D-8FCD-7D838E3D95FF}" = Microsoft WorldWide Telescope
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3A90BE50-EAA2-012B-AE2D-000000000000}" = TurboTax 2009 wnciper
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{45F8CDEE-7F2D-4601-B300-EB83DEE8F156}" = TurboTax 2010 wnciper
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}" = SonicWALL Global VPN Client
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F0EAB09-C7C7-401D-9E94-381D69CF5157}" = Brother HL-2070N
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7095FD27-37F0-4750-9DE8-D37DC0043706}" = REALTEK RTL8187B Wireless LAN Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{76E6BBAA-25E6-4BFC-9613-75A5CACE2940}" = Olympus DSS Player
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}" = LogMeIn
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{890EF3F8-742F-46BD-9E8E-084B3A1F4364}" = QuickBooks Financial Center
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}" = Brother MFL-Pro Suite
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA1B9602-3120-4A28-913B-AAA59A2CEEEB}" = Sony Player Plugin for Windows Media Player
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}" = TOSHIBA Hardware Setup
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EDAA13FC-09F8-4375-B0C7-794BF9761104}" = My Faster PC
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"CToolbar_UNINSTALL" = Inbox.com Toolbar
"FILE RECOVERY for WindowsNSIS" = FILE RECOVERY for Windows
"Git_is1" = Git version 1.7.6-preview20110708
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{061F7D1F-A74E-4262-A835-AF4DF0F91F02}" = Rosetta Stone 2.1.5.3A
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"InSync" = InSync for StenoCAT32
"Juniper Network Connect 6.3.0" = Juniper Networks Network Connect 6.3.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"LDADP32" = SANYO LD-ADPCM Audio CODEC uninstall
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Maps4PC_0cbar Uninstall" = Maps4PC
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"MSC" = McAfee Total Protection
"Musicnotes Player_is1" = Musicnotes Player V1.23.2
"NCTAudioConvert ActiveX EXE Server_is1" = NCTAudioConvert ActiveX EXE Server 2.7.3
"Opera 11.51.1087" = Opera 11.51
"PalTalk8.2" = Paltalk Messenger
"Picasa2" = Picasa 2
"RealPlayer 15.0" = RealPlayer
"Recover My Files_is1" = Recover My Files
"SelectRebatesUninstall" = ShopAtHome.com Toolbar
"Speex for Windows_is1" = Speex for Windows 1.0.5
"Start Stop Universal Transcription System9.7.7" = Start Stop Universal Transcription System
"StenoCAT 32" = StenoCAT 32
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"TurboTax 2008" = TurboTax 2008
"TurboTax 2009" = TurboTax 2009
"TurboTax 2010" = TurboTax 2010
"TurboTax Home & Business 2007" = TurboTax Home & Business 2007
"TurboTax Premier 2007" = TurboTax Premier 2007
"TurboTax Premier Investments 2006" = TurboTax Premier Investments 2006
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"WildTangent toshiba Master Uninstall" = TOSHIBA Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.198
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/1/2012 3:39:44 AM | Computer Name = deborahkha-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module MSHTML.dll, version 9.0.8112.16440, time stamp 0x4eb31d5a,
exception code 0xc0000005, fault offset 0x00301d71, process id 0x8cc, application
start time 0x01ccc85643c448ef.

Error - 1/1/2012 4:04:22 AM | Computer Name = deborahkha-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x27658a10, process id 0xd08, application start time
0x01ccc858e83cd43f.

Error - 1/1/2012 4:34:04 AM | Computer Name = deborahkha-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module MSHTML.dll, version 9.0.8112.16440, time stamp 0x4eb31d5a,
exception code 0xc0000005, fault offset 0x00301d71, process id 0x9cc, application
start time 0x01ccc85c4b422677.

Error - 1/1/2012 12:00:23 PM | Computer Name = deborahkha-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/1/2012 12:00:24 PM | Computer Name = deborahkha-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 1/1/2012 12:34:35 PM | Computer Name = deborahkha-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x0b8f59b0, process id 0xc88, application start time
0x01ccc8a1605622c5.

Error - 1/1/2012 1:58:59 PM | Computer Name = deborahkha-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x510c7160, process id 0x63c, application start time
0x01ccc8a3b06cf705.

Error - 1/1/2012 2:49:51 PM | Computer Name = deborahkha-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module Flash11e.ocx, version 11.1.102.55, time stamp 0x4eaf89fc,
exception code 0xc0000005, fault offset 0x00666dd4, process id 0xb0c, application
start time 0x01ccc8b068ba42ed.

Error - 1/1/2012 3:00:26 PM | Computer Name = deborahkha-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x07281a18, process id 0x1014, application start time
0x01ccc8b6ed092135.

Error - 1/1/2012 5:51:42 PM | Computer Name = deborahkha-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x09c64b38, process id 0x568, application start time
0x01ccc8ce871a4478.

[ Media Center Events ]
Error - 9/11/2008 3:01:41 PM | Computer Name = deborahkha-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 10/18/2008 9:40:15 PM | Computer Name = deborahkha-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/24/2009 5:29:39 PM | Computer Name = deborahkha-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/3/2009 5:29:03 PM | Computer Name = deborahkha-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/5/2009 9:32:08 PM | Computer Name = deborahkha-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/4/2009 6:32:56 PM | Computer Name = deborahkha-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/29/2011 12:10:22 AM | Computer Name = deborahkha-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.WaitForUploadComplete failed. Please
try to ping [You must be registered and logged in to see this link.] prior to filing a bug.; Win32 GetLastError returned 10000109
Process: DefaultDomain Object Name: Media Center Guide

[ System Events ]
Error - 8/10/2008 5:22:52 PM | Computer Name = deborahkha-PC | Source = Print | ID = 6161
Description = The document Invoice_D89561[1].pdf, owned by deborahkha, failed to
print on printer Brother HL-2070N series (Copy 1). Try to print the document again,
or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in
bytes: 1179648. Number of bytes printed: 0. Total number of pages in the document:
1. Number of pages printed: 0. Client computer: \\DEBORAHKHA-PC. Win32 error code
returned by the print processor: 2. The system cannot find the file specified.

Error - 8/11/2008 4:57:00 PM | Computer Name = deborahkha-PC | Source = yukonwlh | ID = 458853
Description = Driver has encountered an internal error

Error - 8/11/2008 4:57:00 PM | Computer Name = deborahkha-PC | Source = yukonwlh | ID = 458853
Description = Driver has encountered an internal error

Error - 8/12/2008 10:25:53 AM | Computer Name = deborahkha-PC | Source = HTTP | ID = 15016
Description =

Error - 8/12/2008 10:27:14 AM | Computer Name = deborahkha-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/12/2008 10:27:14 AM | Computer Name = deborahkha-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/12/2008 1:33:05 PM | Computer Name = deborahkha-PC | Source = HTTP | ID = 15016
Description =

Error - 8/12/2008 1:34:38 PM | Computer Name = deborahkha-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/12/2008 1:34:38 PM | Computer Name = deborahkha-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/12/2008 1:49:42 PM | Computer Name = deborahkha-PC | Source = BROWSER | ID = 8032
Description =


< End of report >

southernsungal
Novice
Novice

Posts Posts : 19
Joined Joined : 2012-01-19
OS OS : windows vista home premium
Points Points : 18093
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Infection with Black Desktop Screen

Post by southernsungal on Fri Jan 20, 2012 2:55 pm

After running the programs to get the reports posted here, my icons have been restored to the desktop. However, when I click on the start button, the menu screen has only one item in the left column and one item in the right column. I have not tried to reboot and am still running in safe mode.

southernsungal
Novice
Novice

Posts Posts : 19
Joined Joined : 2012-01-19
OS OS : windows vista home premium
Points Points : 18093
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Infection with Black Desktop Screen

Post by houndmom on Fri Jan 20, 2012 11:23 pm

Hello, and welcome to GeekPolice.

I'm Houndmom and I will be helping you with your issues.

Please note the following information about the malware forum:


* Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
* From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
* Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
* If you have already asked for help somewhere, please post the link to the topic you were helped.
* We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

Reply to this topic with the word BUMP, or
see [You must be registered and logged in to see this link.]

* Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

I am a student and need to get approval for each step. I appreciate your patience, and will return with the first step.


If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Posts Posts : 1053
Joined Joined : 2010-04-27
Gender Gender : Female
OS OS : Windows 7 ultimate
Protection Protection : Bitdefender Total Security 2010
Points Points : 29757
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Infection with Black Desktop Screen

Post by southernsungal on Sat Jan 21, 2012 12:49 pm

Thanks, I'll be waiting. Most of my desktop icons have disappeared again. If I boot up in regular mode, I get the blue screen of death.

southernsungal
Novice
Novice

Posts Posts : 19
Joined Joined : 2012-01-19
OS OS : windows vista home premium
Points Points : 18093
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Infection with Black Desktop Screen

Post by houndmom on Sat Jan 21, 2012 2:56 pm

Hey, Thanks for waiting!!
Please also post the results from Malwarebytes.

Please read carefully and follow these steps.

  • Download [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then click on Start Scan.





  • If an infected file is detected, the default action will be Cure, click on Continue.



  • If a suspicious file is detected, the default action will be Skip, click on Continue.





  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.




  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents the report here.


If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Posts Posts : 1053
Joined Joined : 2010-04-27
Gender Gender : Female
OS OS : Windows 7 ultimate
Protection Protection : Bitdefender Total Security 2010
Points Points : 29757
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Infection with Black Desktop Screen

Post by southernsungal on Sat Jan 21, 2012 4:18 pm

I ran TDSSkiller and it found Rootkit.Boot.Pihar.b and I selected Cure and it asked for a reboot. It booted in normal mode and it did not crash. My icons are still missing as well as the normal choices normally found in the start button menu. How can I get to C:\ from the desktop screen? I could not find the log report from TDSSKiller. I am running Malwarebytes program again and I will post the results when the scan is finished. It might take an hour or so to finish.

southernsungal
Novice
Novice

Posts Posts : 19
Joined Joined : 2012-01-19
OS OS : windows vista home premium
Points Points : 18093
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Infection with Black Desktop Screen

Post by southernsungal on Sat Jan 21, 2012 6:47 pm

09:31:51.0317 3044 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
09:31:51.0910 3044 ============================================================
09:31:51.0910 3044 Current date / time: 2012/01/21 09:31:51.0910
09:31:51.0910 3044 SystemInfo:
09:31:51.0910 3044
09:31:51.0910 3044 OS Version: 6.0.6002 ServicePack: 2.0
09:31:51.0910 3044 Product type: Workstation
09:31:51.0910 3044 ComputerName: DEBORAHKHA-PC
09:31:51.0910 3044 UserName: deborahkha
09:31:51.0910 3044 Windows directory: C:\Windows
09:31:51.0910 3044 System windows directory: C:\Windows
09:31:51.0910 3044 Processor architecture: Intel x86
09:31:51.0910 3044 Number of processors: 2
09:31:51.0910 3044 Page size: 0x1000
09:31:51.0910 3044 Boot type: Safe boot with network
09:31:51.0910 3044 ============================================================
09:31:52.0986 3044 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:31:53.0002 3044 Initialize success
09:31:59.0460 3020 ============================================================
09:31:59.0460 3020 Scan started
09:31:59.0460 3020 Mode: Manual;
09:31:59.0460 3020 ============================================================
09:31:59.0959 3020 5689 - ok
09:32:00.0022 3020 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
09:32:00.0037 3020 ACPI - ok
09:32:00.0115 3020 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
09:32:00.0131 3020 adp94xx - ok
09:32:00.0162 3020 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
09:32:00.0162 3020 adpahci - ok
09:32:00.0193 3020 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
09:32:00.0193 3020 adpu160m - ok
09:32:00.0224 3020 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
09:32:00.0224 3020 adpu320 - ok
09:32:00.0287 3020 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
09:32:00.0302 3020 AFD - ok
09:32:00.0365 3020 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
09:32:00.0396 3020 AgereSoftModem - ok
09:32:00.0443 3020 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
09:32:00.0443 3020 agp440 - ok
09:32:00.0474 3020 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
09:32:00.0490 3020 aic78xx - ok
09:32:00.0521 3020 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
09:32:00.0521 3020 aliide - ok
09:32:00.0552 3020 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
09:32:00.0552 3020 amdagp - ok
09:32:00.0568 3020 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
09:32:00.0568 3020 amdide - ok
09:32:00.0599 3020 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
09:32:00.0599 3020 AmdK7 - ok
09:32:00.0614 3020 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
09:32:00.0614 3020 AmdK8 - ok
09:32:00.0677 3020 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
09:32:00.0677 3020 arc - ok
09:32:00.0708 3020 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
09:32:00.0708 3020 arcsas - ok
09:32:00.0739 3020 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
09:32:00.0739 3020 AsyncMac - ok
09:32:00.0786 3020 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
09:32:00.0786 3020 atapi - ok
09:32:00.0833 3020 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
09:32:00.0833 3020 Beep - ok
09:32:00.0848 3020 blbdrive - ok
09:32:00.0926 3020 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
09:32:00.0926 3020 bowser - ok
09:32:00.0958 3020 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
09:32:00.0958 3020 BrFiltLo - ok
09:32:00.0989 3020 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
09:32:00.0989 3020 BrFiltUp - ok
09:32:01.0020 3020 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\DRIVERS\BrSerId.sys
09:32:01.0020 3020 Brserid - ok
09:32:01.0051 3020 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
09:32:01.0051 3020 BrSerWdm - ok
09:32:01.0082 3020 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
09:32:01.0098 3020 BrUsbMdm - ok
09:32:01.0129 3020 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\DRIVERS\BrUsbSer.sys
09:32:01.0129 3020 BrUsbSer - ok
09:32:01.0145 3020 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
09:32:01.0145 3020 BTHMODEM - ok
09:32:01.0207 3020 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
09:32:01.0207 3020 cdfs - ok
09:32:01.0238 3020 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
09:32:01.0238 3020 cdrom - ok
09:32:01.0332 3020 cfwids (1dcb5209601a70e36c70fe8d197d62cb) C:\Windows\system32\drivers\cfwids.sys
09:32:01.0332 3020 cfwids - ok
09:32:01.0363 3020 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
09:32:01.0363 3020 circlass - ok
09:32:01.0410 3020 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
09:32:01.0410 3020 CLFS - ok
09:32:01.0472 3020 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
09:32:01.0472 3020 CmBatt - ok
09:32:01.0519 3020 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
09:32:01.0519 3020 cmdide - ok
09:32:01.0566 3020 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
09:32:01.0566 3020 Compbatt - ok
09:32:01.0597 3020 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
09:32:01.0597 3020 crcdisk - ok
09:32:01.0644 3020 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
09:32:01.0644 3020 Crusoe - ok
09:32:01.0691 3020 CWMonitor - ok
09:32:01.0738 3020 DfsC (177a2b70e5a258c2d7c4aed2a334fd80) C:\Windows\system32\Drivers\dfsc.sys
09:32:01.0738 3020 DfsC - ok
09:32:01.0800 3020 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
09:32:01.0800 3020 disk - ok
09:32:01.0878 3020 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
09:32:01.0878 3020 drmkaud - ok
09:32:01.0909 3020 dsNcAdpt (4823163c246868863d41a2f5ee06a21e) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
09:32:01.0909 3020 dsNcAdpt - ok
09:32:01.0987 3020 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
09:32:02.0003 3020 DXGKrnl - ok
09:32:02.0034 3020 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
09:32:02.0050 3020 E1G60 - ok
09:32:02.0096 3020 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
09:32:02.0096 3020 Ecache - ok
09:32:02.0143 3020 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
09:32:02.0159 3020 elxstor - ok
09:32:02.0330 3020 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
09:32:02.0330 3020 exfat - ok
09:32:02.0377 3020 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
09:32:02.0377 3020 fastfat - ok
09:32:02.0408 3020 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
09:32:02.0408 3020 fdc - ok
09:32:02.0455 3020 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
09:32:02.0455 3020 FileInfo - ok
09:32:02.0486 3020 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
09:32:02.0486 3020 Filetrace - ok
09:32:02.0518 3020 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
09:32:02.0518 3020 flpydisk - ok
09:32:02.0549 3020 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
09:32:02.0549 3020 FltMgr - ok
09:32:02.0627 3020 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
09:32:02.0627 3020 Fs_Rec - ok
09:32:02.0674 3020 FTDIBUS (47b9cf937ac479046da289bd5a769ce9) C:\Windows\system32\drivers\ftdibus.sys
09:32:02.0674 3020 FTDIBUS - ok
09:32:02.0720 3020 FTSER2K (216b9a2191676034999785c7f94fa5d6) C:\Windows\system32\drivers\ftser2k.sys
09:32:02.0720 3020 FTSER2K - ok
09:32:02.0752 3020 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
09:32:02.0752 3020 FwLnk - ok
09:32:02.0783 3020 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
09:32:02.0783 3020 gagp30kx - ok
09:32:02.0814 3020 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
09:32:02.0814 3020 GEARAspiWDM - ok
09:32:02.0861 3020 GetSusp (e925aadfb1c5d3ef3f6d0fefaa53dfa0) C:\Windows\GetSusp.sys
09:32:02.0861 3020 GetSusp - ok
09:32:02.0954 3020 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
09:32:02.0970 3020 HdAudAddService - ok
09:32:03.0032 3020 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:32:03.0048 3020 HDAudBus - ok
09:32:03.0064 3020 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
09:32:03.0064 3020 HidBth - ok
09:32:03.0095 3020 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
09:32:03.0095 3020 HidIr - ok
09:32:03.0126 3020 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
09:32:03.0126 3020 HidUsb - ok
09:32:03.0173 3020 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
09:32:03.0173 3020 HpCISSs - ok
09:32:03.0220 3020 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
09:32:03.0220 3020 HTTP - ok
09:32:03.0251 3020 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
09:32:03.0251 3020 i2omp - ok
09:32:03.0298 3020 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
09:32:03.0313 3020 i8042prt - ok
09:32:03.0360 3020 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
09:32:03.0360 3020 iaStorV - ok
09:32:03.0454 3020 igfx (038815297078d236d8cc064c295a74c6) C:\Windows\system32\DRIVERS\igdkmd32.sys
09:32:03.0500 3020 igfx - ok
09:32:03.0532 3020 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
09:32:03.0532 3020 iirsp - ok
09:32:03.0610 3020 IntcAzAudAddService (b84732d9f8459abf6323d28a3270dc19) C:\Windows\system32\drivers\RTKVHDA.sys
09:32:03.0656 3020 IntcAzAudAddService - ok
09:32:03.0703 3020 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
09:32:03.0703 3020 intelide - ok
09:32:03.0734 3020 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
09:32:03.0750 3020 intelppm - ok
09:32:03.0812 3020 IO_Memory - ok
09:32:03.0859 3020 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:32:03.0859 3020 IpFilterDriver - ok
09:32:03.0875 3020 IpInIp - ok
09:32:03.0906 3020 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
09:32:03.0906 3020 IPMIDRV - ok
09:32:03.0937 3020 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
09:32:03.0937 3020 IPNAT - ok
09:32:03.0984 3020 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
09:32:03.0984 3020 IRENUM - ok
09:32:04.0015 3020 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
09:32:04.0015 3020 isapnp - ok
09:32:04.0062 3020 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
09:32:04.0062 3020 iScsiPrt - ok
09:32:04.0093 3020 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
09:32:04.0093 3020 iteatapi - ok
09:32:04.0124 3020 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
09:32:04.0124 3020 iteraid - ok
09:32:04.0171 3020 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
09:32:04.0171 3020 kbdclass - ok
09:32:04.0202 3020 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
09:32:04.0202 3020 kbdhid - ok
09:32:04.0234 3020 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
09:32:04.0249 3020 KR10I - ok
09:32:04.0280 3020 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
09:32:04.0280 3020 KR10N - ok
09:32:04.0327 3020 KR3NPXP (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys
09:32:04.0327 3020 KR3NPXP - ok
09:32:04.0374 3020 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
09:32:04.0374 3020 KSecDD - ok
09:32:04.0452 3020 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
09:32:04.0452 3020 lltdio - ok
09:32:04.0530 3020 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
09:32:04.0530 3020 LMIInfo - ok
09:32:04.0577 3020 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
09:32:04.0577 3020 lmimirr - ok
09:32:04.0592 3020 LMIRfsClientNP - ok
09:32:04.0608 3020 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
09:32:04.0608 3020 LMIRfsDriver - ok
09:32:04.0655 3020 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
09:32:04.0670 3020 LSI_FC - ok
09:32:04.0686 3020 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
09:32:04.0702 3020 LSI_SAS - ok
09:32:04.0717 3020 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
09:32:04.0717 3020 LSI_SCSI - ok
09:32:04.0733 3020 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
09:32:04.0748 3020 luafv - ok
09:32:04.0873 3020 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
09:32:04.0873 3020 megasas - ok
09:32:04.0936 3020 mfeapfk (36b47b1e9c537f8f2b4481084b8f7d22) C:\Windows\system32\drivers\mfeapfk.sys
09:32:04.0936 3020 mfeapfk - ok
09:32:04.0998 3020 mfeavfk (cde41293db871a75cd99eb0ce781356b) C:\Windows\system32\drivers\mfeavfk.sys
09:32:04.0998 3020 mfeavfk - ok
09:32:05.0029 3020 mfebopk (e22385f64bdf0ad81157479496e33c4a) C:\Windows\system32\drivers\mfebopk.sys
09:32:05.0029 3020 mfebopk - ok
09:32:05.0076 3020 mfefirek (215666a8a85023ef019b510cbb67f678) C:\Windows\system32\drivers\mfefirek.sys
09:32:05.0092 3020 mfefirek - ok
09:32:05.0138 3020 mfehidk (56d330981866a72f061dd16cc5004513) C:\Windows\system32\drivers\mfehidk.sys
09:32:05.0138 3020 mfehidk - ok
09:32:05.0185 3020 mfenlfk (b41bacc049cdb916a52b1448bf30d6ab) C:\Windows\system32\DRIVERS\mfenlfk.sys
09:32:05.0185 3020 mfenlfk - ok
09:32:05.0216 3020 mferkdet (89b564d63c53fc0c6782ab07eea63acf) C:\Windows\system32\drivers\mferkdet.sys
09:32:05.0216 3020 mferkdet - ok
09:32:05.0263 3020 mfewfpk (c2ff7473a60c0fb2df145ab686889653) C:\Windows\system32\drivers\mfewfpk.sys
09:32:05.0263 3020 mfewfpk - ok
09:32:05.0310 3020 MFE_RR - ok
09:32:05.0357 3020 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
09:32:05.0357 3020 Modem - ok
09:32:05.0404 3020 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
09:32:05.0404 3020 monitor - ok
09:32:05.0450 3020 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
09:32:05.0450 3020 mouclass - ok
09:32:05.0466 3020 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
09:32:05.0466 3020 mouhid - ok
09:32:05.0513 3020 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
09:32:05.0513 3020 MountMgr - ok
09:32:05.0560 3020 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
09:32:05.0560 3020 mpio - ok
09:32:05.0591 3020 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
09:32:05.0591 3020 mpsdrv - ok
09:32:05.0622 3020 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
09:32:05.0622 3020 Mraid35x - ok
09:32:05.0669 3020 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
09:32:05.0669 3020 MRxDAV - ok
09:32:05.0716 3020 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:32:05.0716 3020 mrxsmb - ok
09:32:05.0778 3020 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:32:05.0778 3020 mrxsmb10 - ok
09:32:05.0794 3020 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:32:05.0809 3020 mrxsmb20 - ok
09:32:05.0840 3020 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
09:32:05.0840 3020 msahci - ok
09:32:05.0872 3020 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
09:32:05.0887 3020 msdsm - ok
09:32:05.0918 3020 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
09:32:05.0918 3020 Msfs - ok
09:32:05.0950 3020 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
09:32:05.0950 3020 msisadrv - ok
09:32:05.0981 3020 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
09:32:05.0981 3020 MSKSSRV - ok
09:32:06.0012 3020 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
09:32:06.0012 3020 MSPCLOCK - ok
09:32:06.0028 3020 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
09:32:06.0043 3020 MSPQM - ok
09:32:06.0059 3020 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
09:32:06.0074 3020 MsRPC - ok
09:32:06.0090 3020 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
09:32:06.0090 3020 mssmbios - ok
09:32:06.0137 3020 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
09:32:06.0137 3020 MSTEE - ok
09:32:06.0152 3020 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
09:32:06.0152 3020 Mup - ok
09:32:06.0199 3020 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
09:32:06.0215 3020 NativeWifiP - ok
09:32:06.0246 3020 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
09:32:06.0262 3020 NDIS - ok
09:32:06.0293 3020 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
09:32:06.0293 3020 NdisTapi - ok
09:32:06.0324 3020 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
09:32:06.0324 3020 Ndisuio - ok
09:32:06.0355 3020 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
09:32:06.0355 3020 NdisWan - ok
09:32:06.0386 3020 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
09:32:06.0386 3020 NDProxy - ok
09:32:06.0402 3020 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
09:32:06.0418 3020 NetBIOS - ok
09:32:06.0449 3020 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
09:32:06.0449 3020 netbt - ok
09:32:06.0511 3020 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
09:32:06.0511 3020 nfrd960 - ok
09:32:06.0527 3020 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
09:32:06.0542 3020 Npfs - ok
09:32:06.0558 3020 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
09:32:06.0558 3020 nsiproxy - ok
09:32:06.0636 3020 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
09:32:06.0652 3020 Ntfs - ok
09:32:06.0683 3020 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
09:32:06.0683 3020 ntrigdigi - ok
09:32:06.0698 3020 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
09:32:06.0698 3020 Null - ok
09:32:06.0730 3020 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
09:32:06.0730 3020 nvraid - ok
09:32:06.0761 3020 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
09:32:06.0761 3020 nvstor - ok
09:32:06.0792 3020 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
09:32:06.0792 3020 nv_agp - ok
09:32:06.0808 3020 NwlnkFlt - ok
09:32:06.0823 3020 NwlnkFwd - ok
09:32:06.0854 3020 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
09:32:06.0870 3020 ohci1394 - ok
09:32:06.0901 3020 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
09:32:06.0917 3020 Parport - ok
09:32:06.0932 3020 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
09:32:06.0932 3020 partmgr - ok
09:32:06.0964 3020 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
09:32:06.0964 3020 Parvdm - ok
09:32:07.0010 3020 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
09:32:07.0010 3020 pci - ok
09:32:07.0042 3020 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
09:32:07.0042 3020 pciide - ok
09:32:07.0073 3020 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
09:32:07.0073 3020 pcmcia - ok
09:32:07.0120 3020 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
09:32:07.0151 3020 PEAUTH - ok
09:32:07.0244 3020 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
09:32:07.0244 3020 PptpMiniport - ok
09:32:07.0276 3020 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
09:32:07.0276 3020 Processor - ok
09:32:07.0322 3020 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
09:32:07.0338 3020 PSched - ok
09:32:07.0354 3020 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
09:32:07.0354 3020 PxHelp20 - ok
09:32:07.0416 3020 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
09:32:07.0432 3020 ql2300 - ok
09:32:07.0463 3020 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
09:32:07.0463 3020 ql40xx - ok
09:32:07.0510 3020 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
09:32:07.0510 3020 QWAVEdrv - ok
09:32:07.0556 3020 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
09:32:07.0556 3020 RasAcd - ok
09:32:07.0588 3020 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:32:07.0588 3020 Rasl2tp - ok
09:32:07.0634 3020 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
09:32:07.0634 3020 RasPppoe - ok
09:32:07.0650 3020 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
09:32:07.0650 3020 RasSstp - ok
09:32:07.0697 3020 RCFOX (c0bd2630706b705557f7c74a4d5fd20b) C:\Windows\system32\Drivers\RCFOX.sys
09:32:07.0697 3020 RCFOX - ok
09:32:07.0744 3020 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
09:32:07.0744 3020 rdbss - ok
09:32:07.0775 3020 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:32:07.0775 3020 RDPCDD - ok
09:32:07.0806 3020 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
09:32:07.0806 3020 rdpdr - ok
09:32:07.0822 3020 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
09:32:07.0822 3020 RDPENCDD - ok
09:32:07.0853 3020 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
09:32:07.0868 3020 RDPWD - ok
09:32:07.0915 3020 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
09:32:07.0915 3020 rspndr - ok
09:32:07.0946 3020 RTL8187B (67e7822975985016fdce01635fbdbbf9) C:\Windows\system32\DRIVERS\RTL8187B.sys
09:32:07.0962 3020 RTL8187B - ok
09:32:07.0978 3020 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
09:32:07.0993 3020 sbp2port - ok
09:32:08.0071 3020 sdbus (bcca63a3d143938273a3158757389dc7) C:\Windows\system32\DRIVERS\sdbus.sys
09:32:08.0071 3020 sdbus - ok
09:32:08.0102 3020 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
09:32:08.0102 3020 secdrv - ok
09:32:08.0165 3020 Sentinel (618a8eb6c3a830b7301df1dfd99854b2) C:\Windows\System32\Drivers\SENTINEL.SYS
09:32:08.0165 3020 Sentinel - ok
09:32:08.0196 3020 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
09:32:08.0196 3020 Serenum - ok
09:32:08.0227 3020 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
09:32:08.0227 3020 Serial - ok
09:32:08.0258 3020 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\DRIVERS\sermouse.sys
09:32:08.0258 3020 sermouse - ok
09:32:08.0290 3020 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
09:32:08.0305 3020 sffdisk - ok
09:32:08.0336 3020 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
09:32:08.0336 3020 sffp_mmc - ok
09:32:08.0352 3020 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
09:32:08.0352 3020 sffp_sd - ok
09:32:08.0383 3020 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
09:32:08.0383 3020 sfloppy - ok
09:32:08.0414 3020 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
09:32:08.0430 3020 sisagp - ok
09:32:08.0461 3020 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
09:32:08.0461 3020 SiSRaid2 - ok
09:32:08.0492 3020 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
09:32:08.0492 3020 SiSRaid4 - ok
09:32:08.0539 3020 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
09:32:08.0539 3020 Smb - ok
09:32:08.0602 3020 SNTNLUSB (8d4a96868ae13c3cf8425b383b59d802) C:\Windows\system32\DRIVERS\SNTNLUSB.SYS
09:32:08.0602 3020 SNTNLUSB - ok
09:32:08.0633 3020 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
09:32:08.0648 3020 spldr - ok
09:32:08.0695 3020 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
09:32:08.0711 3020 srv - ok
09:32:08.0758 3020 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
09:32:08.0758 3020 srv2 - ok
09:32:08.0789 3020 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
09:32:08.0804 3020 srvnet - ok
09:32:08.0882 3020 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
09:32:08.0882 3020 StillCam - ok
09:32:08.0914 3020 SVRPEDRV - ok
09:32:08.0945 3020 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
09:32:08.0945 3020 swenum - ok
09:32:08.0976 3020 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
09:32:08.0976 3020 Symc8xx - ok
09:32:09.0007 3020 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
09:32:09.0007 3020 Sym_hi - ok
09:32:09.0023 3020 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
09:32:09.0023 3020 Sym_u3 - ok
09:32:09.0070 3020 SynTP (11f730bf0d0aa4fe7de7138a32a52422) C:\Windows\system32\DRIVERS\SynTP.sys
09:32:09.0070 3020 SynTP - ok
09:32:09.0148 3020 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
09:32:09.0148 3020 Tcpip - ok
09:32:09.0194 3020 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
09:32:09.0194 3020 Tcpip6 - ok
09:32:09.0226 3020 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
09:32:09.0226 3020 tcpipreg - ok
09:32:09.0257 3020 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
09:32:09.0257 3020 tdcmdpst - ok
09:32:09.0272 3020 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
09:32:09.0288 3020 TDPIPE - ok
09:32:09.0319 3020 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
09:32:09.0319 3020 TDTCP - ok
09:32:09.0350 3020 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
09:32:09.0350 3020 tdx - ok
09:32:09.0397 3020 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
09:32:09.0397 3020 TermDD - ok
09:32:09.0460 3020 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys
09:32:09.0460 3020 tifm21 - ok
09:32:09.0522 3020 Tosrfcom - ok
09:32:09.0569 3020 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
09:32:09.0569 3020 tos_sps32 - ok
09:32:09.0647 3020 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:32:09.0647 3020 tssecsrv - ok
09:32:09.0678 3020 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
09:32:09.0678 3020 tunmp - ok
09:32:09.0709 3020 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
09:32:09.0709 3020 tunnel - ok
09:32:09.0740 3020 TVALZ (521c5f39829875adf5466dd94c6282c7) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
09:32:09.0740 3020 TVALZ - ok
09:32:09.0772 3020 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
09:32:09.0772 3020 uagp35 - ok
09:32:09.0803 3020 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
09:32:09.0818 3020 udfs - ok
09:32:09.0850 3020 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
09:32:09.0850 3020 uliagpkx - ok
09:32:09.0881 3020 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
09:32:09.0896 3020 uliahci - ok
09:32:09.0912 3020 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
09:32:09.0928 3020 UlSata - ok
09:32:09.0959 3020 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
09:32:09.0959 3020 ulsata2 - ok
09:32:10.0006 3020 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
09:32:10.0006 3020 umbus - ok
09:32:10.0068 3020 USA19H (6d1e41657fdb48f9147598c773297513) C:\Windows\system32\DRIVERS\USA19H2k.sys
09:32:10.0084 3020 USA19H - ok
09:32:10.0099 3020 USA19H2KP (8a217fc16dd14ab8ad2eaa1f08b3b5c5) C:\Windows\system32\DRIVERS\USA19H2kp.SYS
09:32:10.0099 3020 USA19H2KP - ok
09:32:10.0177 3020 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
09:32:10.0177 3020 usbaudio - ok
09:32:10.0208 3020 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
09:32:10.0208 3020 usbccgp - ok
09:32:10.0240 3020 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
09:32:10.0240 3020 usbcir - ok
09:32:10.0286 3020 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
09:32:10.0286 3020 usbehci - ok
09:32:10.0318 3020 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
09:32:10.0318 3020 usbhub - ok
09:32:10.0349 3020 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
09:32:10.0349 3020 usbohci - ok
09:32:10.0380 3020 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
09:32:10.0380 3020 usbprint - ok
09:32:10.0442 3020 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
09:32:10.0442 3020 usbscan - ok
09:32:10.0458 3020 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:32:10.0474 3020 USBSTOR - ok
09:32:10.0505 3020 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
09:32:10.0505 3020 usbuhci - ok
09:32:10.0536 3020 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
09:32:10.0536 3020 usbvideo - ok
09:32:10.0583 3020 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
09:32:10.0583 3020 vga - ok
09:32:10.0614 3020 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
09:32:10.0630 3020 VgaSave - ok
09:32:10.0645 3020 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
09:32:10.0661 3020 viaagp - ok
09:32:10.0676 3020 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
09:32:10.0676 3020 ViaC7 - ok
09:32:10.0708 3020 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
09:32:10.0723 3020 viaide - ok
09:32:10.0739 3020 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
09:32:10.0754 3020 volmgr - ok
09:32:10.0786 3020 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
09:32:10.0786 3020 volmgrx - ok
09:32:10.0817 3020 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
09:32:10.0817 3020 volsnap - ok
09:32:10.0848 3020 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
09:32:10.0848 3020 vsmraid - ok
09:32:10.0910 3020 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
09:32:10.0910 3020 WacomPen - ok
09:32:10.0942 3020 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:32:10.0957 3020 Wanarp - ok
09:32:10.0973 3020 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
09:32:10.0973 3020 Wanarpv6 - ok
09:32:11.0020 3020 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
09:32:11.0020 3020 Wd - ok
09:32:11.0051 3020 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
09:32:11.0066 3020 Wdf01000 - ok
09:32:11.0144 3020 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
09:32:11.0160 3020 WmiAcpi - ok
09:32:11.0222 3020 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
09:32:11.0222 3020 WpdUsb - ok
09:32:11.0269 3020 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
09:32:11.0269 3020 ws2ifsl - ok
09:32:11.0300 3020 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:32:11.0300 3020 WUDFRd - ok
09:32:11.0347 3020 yukonwlh (1dd951cf8a69fa2bea82f3e3a811fa95) C:\Windows\system32\DRIVERS\yk60x86.sys
09:32:11.0363 3020 yukonwlh - ok
09:32:11.0394 3020 MBR (0x1B8) (b5d3b89509933463264ff7748b075c37) \Device\Harddisk0\DR0
09:32:11.0425 3020 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
09:32:11.0425 3020 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
09:32:11.0456 3020 Boot (0x1200) (2deaadb837df08f9f6ef4fa555cc3a71) \Device\Harddisk0\DR0\Partition0
09:32:11.0456 3020 \Device\Harddisk0\DR0\Partition0 - ok
09:32:11.0456 3020 ============================================================
09:32:11.0456 3020 Scan finished
09:32:11.0456 3020 ============================================================
09:32:11.0488 3268 Detected object count: 1
09:32:11.0488 3268 Actual detected object count: 1
09:34:32.0652 3268 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
09:34:32.0652 3268 \Device\Harddisk0\DR0 - ok
09:34:32.0652 3268 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
09:34:40.0390 2728 Deinitialize success

southernsungal
Novice
Novice

Posts Posts : 19
Joined Joined : 2012-01-19
OS OS : windows vista home premium
Points Points : 18093
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Infection with Black Desktop Screen

Post by southernsungal on Sat Jan 21, 2012 9:29 pm

Malwarebytes Anti-Malware 1.60.0.1800
[You must be registered and logged in to see this link.]

Database version: v2011.12.28.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
deborahkha :: DEBORAHKHA-PC [administrator]

1/21/2012 10:00:27 AM
mbam-log-2012-01-21 (10-00-27).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 443648
Time elapsed: 4 hour(s), 17 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

southernsungal
Novice
Novice

Posts Posts : 19
Joined Joined : 2012-01-19
OS OS : windows vista home premium
Points Points : 18093
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Infection with Black Desktop Screen

Post by southernsungal on Mon Jan 23, 2012 5:19 pm

Although my situation has improved, I still have major problems. I can now boot in regular windows mode and not crash. My icons for my desktop have not been recovered. My start button menu still has many choices missing such as Control Panel and ect. I cannot access any of my old Favorites. I get a message that they are probably stored elsewhere. These are just some of the problems that still exist. Can you help me to get fully restored?

southernsungal
Novice
Novice

Posts Posts : 19
Joined Joined : 2012-01-19
OS OS : windows vista home premium
Points Points : 18093
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Infection with Black Desktop Screen

Post by houndmom on Mon Jan 23, 2012 5:59 pm

It's ok things are beginning to look better. I am waiting for approval for the next step.
I am also happy you are able to get into normal mode again. We will get you up and running as quickly as possible! :smile2:


If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Posts Posts : 1053
Joined Joined : 2010-04-27
Gender Gender : Female
OS OS : Windows 7 ultimate
Protection Protection : Bitdefender Total Security 2010
Points Points : 29757
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Infection with Black Desktop Screen

Post by southernsungal on Tue Jan 24, 2012 6:04 pm

Do you have any new instructions for me. I would like to get this cleared up as soon as possible.

southernsungal
Novice
Novice

Posts Posts : 19
Joined Joined : 2012-01-19
OS OS : windows vista home premium
Points Points : 18093
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Infection with Black Desktop Screen

Post by houndmom on Wed Jan 25, 2012 12:12 am

My icons are still missing as well as the normal choices normally found in the start button menu.
This is okay. We will deal with this after we get the infections cleared up.

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.



If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Posts Posts : 1053
Joined Joined : 2010-04-27
Gender Gender : Female
OS OS : Windows 7 ultimate
Protection Protection : Bitdefender Total Security 2010
Points Points : 29757
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Infection with Black Desktop Screen

Post by southernsungal on Wed Jan 25, 2012 2:16 pm

I have run ComboFix as instructed and it has produced a lot of results. I have gotten my screen color back. I have gotten all my icons back. I have gotten my Accessories back. While ComboFix was running is saw several screens come up saying it had encountered Rootkits. It took a very long time to run and finally it finished and produced the results described above. However near the end of the run, a screen came up saying it had encountered an unidentified problem and I had to give it permission to continue and try to complete its run. The end result is that I do not have a ComboFix log in my root directory. I am now going to rerun ComboFix to see if I can produce a log. I have determined also that my Favorities are still not available to me but what I have is a great improvement. I will send the log if I can produce one. Thanks.

southernsungal
Novice
Novice

Posts Posts : 19
Joined Joined : 2012-01-19
OS OS : windows vista home premium
Points Points : 18093
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Infection with Black Desktop Screen

Post by southernsungal on Wed Jan 25, 2012 3:17 pm

ComboFix 12-01-23.02 - deborahkha 01/25/2012 8:32.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1088 [GMT -6:00]
Running from: c:\users\deborahkha\Desktop\commy.exe
Command switches used :: c:\users\deborahkha\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\SelectRebates\FFToolbar\chrome.manifest
c:\program files\SelectRebates\FFToolbar\chrome\sahtoolbar.jar
c:\program files\SelectRebates\FFToolbar\defaults\preferences\sahtoolbar.js
c:\program files\SelectRebates\FFToolbar\install.rdf
c:\program files\SelectRebates\SahImages\alert.png
c:\program files\SelectRebates\SahImages\check.png
c:\program files\SelectRebates\SahImages\close.png
c:\program files\SelectRebates\SelectAlerts.dat
c:\program files\SelectRebates\SelectRebates.exe
c:\program files\SelectRebates\SelectRebates.ini
c:\program files\SelectRebates\SelectRebatesA.dat
c:\program files\SelectRebates\SelectRebatesApi.exe
c:\program files\SelectRebates\SelectRebatesB.dat
c:\program files\SelectRebates\SelectRebatesBT.dat
c:\program files\SelectRebates\SelectRebatesDownload.exe
c:\program files\SelectRebates\SelectRebatesH.dat
c:\program files\SelectRebates\SelectRebatesUninstall.exe
c:\program files\SelectRebates\SRebates.dll
c:\program files\SelectRebates\SRFF3.dll
c:\program files\SelectRebates\Toolbar\AddtoList.bmp
c:\program files\SelectRebates\Toolbar\basis.xml
c:\program files\SelectRebates\Toolbar\Basis.xml.dym
c:\program files\SelectRebates\Toolbar\Blank.bmp
c:\program files\SelectRebates\Toolbar\CashBack.bmp
c:\program files\SelectRebates\Toolbar\Coupons.bmp
c:\program files\SelectRebates\Toolbar\GroceryCoupon.bmp
c:\program files\SelectRebates\Toolbar\i_magnifying.bmp
c:\program files\SelectRebates\Toolbar\icons.bmp
c:\program files\SelectRebates\Toolbar\ImageCache\alert-red.bmp
c:\program files\SelectRebates\Toolbar\logo.bmp
c:\program files\SelectRebates\Toolbar\logo_24.bmp
c:\program files\SelectRebates\Toolbar\logo_HotSpots.bmp
c:\program files\SelectRebates\Toolbar\ReviewSite.bmp
c:\program files\SelectRebates\Toolbar\RightControls.dym
c:\program files\SelectRebates\Toolbar\sahtb-alert.bmp
c:\program files\SelectRebates\Toolbar\sahtb-go.bmp
c:\program files\SelectRebates\Toolbar\sahtb-grocerycoupons.bmp
c:\program files\SelectRebates\Toolbar\sahtb-icons.bmp
c:\program files\SelectRebates\Toolbar\sahtb-restaurant.bmp
c:\program files\SelectRebates\Toolbar\sahtb-wishlist.bmp
c:\program files\SelectRebates\Toolbar\Scissors.bmp
c:\program files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll
c:\users\deborahkha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
c:\users\deborahkha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\users\deborahkha\Desktop\System Check.lnk
c:\users\deborahkha\g2mdlhlpx.exe
c:\users\deborahkha\Taskmgr.exe
c:\windows\$NtUninstallKB46020$\3232854901\@
c:\windows\$NtUninstallKB46020$\3232854901\bckfg.tmp
c:\windows\$NtUninstallKB46020$\3232854901\cfg.ini
c:\windows\$NtUninstallKB46020$\3232854901\Desktop.ini
c:\windows\$NtUninstallKB46020$\3232854901\keywords
c:\windows\$NtUninstallKB46020$\3232854901\kwrd.dll
c:\windows\$NtUninstallKB46020$\3232854901\L\qnbwvoto
c:\windows\$NtUninstallKB46020$\3232854901\lsflt7.ver
c:\windows\$NtUninstallKB46020$\3232854901\U\00000001.@
c:\windows\$NtUninstallKB46020$\3232854901\U\00000002.@
c:\windows\$NtUninstallKB46020$\3232854901\U\00000004.@
c:\windows\$NtUninstallKB46020$\3232854901\U\80000000.@
c:\windows\$NtUninstallKB46020$\3232854901\U\80000004.@
c:\windows\$NtUninstallKB46020$\3232854901\U\80000032.@
c:\windows\$NtUninstallKB46020$\3399177144
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-25 to 2012-01-25 )))))))))))))))))))))))))))))))
.
.
2012-01-25 14:53 . 2012-01-25 14:53 -------- d-----w- c:\users\deborahkha\AppData\Local\temp
2012-01-25 14:53 . 2012-01-25 14:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-21 15:51 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-21 15:50 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-21 15:50 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-21 15:50 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-21 15:50 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-21 15:49 . 2012-01-21 15:49 -------- d-----w- c:\users\deborahkha\AppData\Local\Conduit
2012-01-21 15:48 . 2012-01-21 15:51 -------- d-----w- c:\program files\conduit
2012-01-21 15:48 . 2012-01-21 15:49 -------- d-----w- c:\program files\security1
2012-01-21 15:46 . 2012-01-21 15:46 -------- d-----w- c:\program files\System
2012-01-20 18:48 . 2012-01-20 18:48 -------- d-----w- c:\programdata\Common Files
2012-01-20 18:33 . 2012-01-20 18:50 -------- d-----w- c:\programdata\MFAData
2012-01-19 09:14 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-19 09:14 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-19 03:10 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-03 02:33 . 2012-01-03 02:33 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-29 03:06 . 2011-12-29 14:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-12-29 03:06 . 2011-12-29 03:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-12-29 00:27 . 2011-12-29 00:27 -------- d-----w- c:\users\deborahkha\AppData\Roaming\Malwarebytes
2011-12-29 00:27 . 2011-12-29 00:27 -------- d-----w- c:\programdata\Malwarebytes
2011-12-29 00:27 . 2011-12-29 00:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-12-29 00:27 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-28 19:39 . 2011-12-28 19:39 -------- d-----w- c:\users\deborahkha\AppData\Roaming\RealNetworks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-20 06:03 . 2008-04-02 23:17 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-12-20 06:03 . 2008-04-02 23:18 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-12-20 06:03 . 2008-04-02 23:18 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-12-20 06:03 . 2008-04-02 23:17 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-12-17 18:42 . 2011-05-27 03:46 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-17 07:52 . 2011-06-15 23:28 75264 ---ha-w- c:\windows\system32\drivers\dfsc.sys
2011-12-17 07:52 . 2007-01-09 18:00 221696 ----a-w- c:\windows\system32\drivers\yk60x86.sys
2011-12-17 07:52 . 2006-11-02 08:35 11264 ----a-w- c:\windows\system32\drivers\wmiacpi.sys
2011-12-17 07:52 . 2008-03-23 22:50 14072 ----a-w- c:\windows\system32\drivers\vproeventmonitor.sys
2011-12-17 07:52 . 2006-11-02 08:54 19560 ----a-w- c:\windows\system32\drivers\wd.sys
2011-12-17 07:52 . 2006-11-02 08:52 20608 ----a-w- c:\windows\system32\drivers\wacompen.sys
2011-12-17 07:52 . 2006-11-02 07:36 112232 ----a-w- c:\windows\system32\drivers\vsmraid.sys
2011-12-17 07:52 . 2006-11-02 08:51 17512 ----a-w- c:\windows\system32\drivers\viaide.sys
2011-12-17 07:52 . 2008-03-23 22:50 37864 ----a-w- c:\windows\system32\drivers\v2imount.sys
2011-12-17 07:52 . 2006-11-02 08:35 54376 ----a-w- c:\windows\system32\drivers\VIAAGP.SYS
2011-12-17 07:52 . 2006-11-02 08:30 39424 ----a-w- c:\windows\system32\drivers\viac7.sys
2011-12-17 07:52 . 2008-04-04 22:00 35328 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-12-17 07:52 . 2006-11-02 08:55 68608 ----a-w- c:\windows\system32\drivers\usbcir.sys
2011-12-17 07:52 . 2006-11-02 08:55 19456 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-12-17 07:52 . 2008-03-24 20:13 24192 ----a-w- c:\windows\system32\drivers\usa19h2kp.sys
2011-12-17 07:52 . 2008-03-24 20:13 704000 ----a-w- c:\windows\system32\drivers\usa19h2k.sys
2011-12-17 07:52 . 2006-11-02 08:35 58472 ----a-w- c:\windows\system32\drivers\ULIAGPKX.SYS
2011-12-17 07:52 . 2006-11-02 07:36 235112 ----a-w- c:\windows\system32\drivers\uliahci.sys
2011-12-17 07:52 . 2006-11-02 07:36 98408 ----a-w- c:\windows\system32\drivers\ulsata.sys
2011-12-17 07:52 . 2006-11-02 07:36 115816 ----a-w- c:\windows\system32\drivers\ulsata2.sys
2011-12-17 07:52 . 2006-11-02 08:35 56936 ----a-w- c:\windows\system32\drivers\UAGP35.SYS
2011-12-17 07:52 . 2006-10-06 06:22 16768 ----a-w- c:\windows\system32\drivers\TVALZ_O.SYS
2011-12-17 07:52 . 2007-12-11 13:34 285184 ----a-w- c:\windows\system32\drivers\tos_sps32.sys
2011-12-17 07:52 . 2007-01-24 22:44 290304 ----a-w- c:\windows\system32\drivers\tifm21.sys
2011-12-17 07:52 . 2009-09-17 03:15 53224 ---ha-w- c:\windows\system32\drivers\termdd.sys
2011-12-17 07:52 . 2009-09-17 03:14 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2011-12-17 07:52 . 2006-10-18 19:50 16128 ----a-w- c:\windows\system32\drivers\tdcmdpst.sys
2011-12-17 07:51 . 2011-11-09 04:32 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-12-17 07:51 . 2007-08-16 01:03 190384 ----a-w- c:\windows\system32\drivers\SynTP.sys
2011-12-17 07:51 . 2006-11-02 07:36 34920 ----a-w- c:\windows\system32\drivers\sym_u3.sys
2011-12-17 07:51 . 2006-11-02 07:36 31848 ----a-w- c:\windows\system32\drivers\sym_hi.sys
2011-12-17 07:51 . 2008-03-23 22:50 133216 ----a-w- c:\windows\system32\drivers\symsnap.sys
2011-12-17 07:51 . 2008-04-04 22:00 15288 ----a-w- c:\windows\system32\drivers\swenum.sys
2011-12-17 07:51 . 2006-11-02 07:36 35944 ----a-w- c:\windows\system32\drivers\symc8xx.sys
2011-12-17 07:51 . 2007-04-27 13:40 35328 ----a-w- c:\windows\system32\drivers\SNTNLUSB.SYS
2011-12-17 07:51 . 2009-09-17 03:14 66560 ---ha-w- c:\windows\system32\drivers\smb.sys
2011-12-17 07:51 . 2006-11-02 08:35 53352 ----a-w- c:\windows\system32\drivers\SISAGP.SYS
2011-12-17 07:51 . 2006-11-02 07:36 71784 ----a-w- c:\windows\system32\drivers\sisraid4.sys
2011-12-17 07:51 . 2006-11-02 07:36 38504 ----a-w- c:\windows\system32\drivers\sisraid2.sys
2011-12-17 07:51 . 2008-04-04 22:02 9216 ----a-w- c:\windows\system32\drivers\serscan.sys
2011-12-17 07:51 . 2006-11-02 08:51 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2011-12-17 07:51 . 2006-11-02 08:51 12800 ----a-w- c:\windows\system32\drivers\sffp_mmc.sys
2011-12-17 07:51 . 2006-11-02 08:51 13312 ----a-w- c:\windows\system32\drivers\sffdisk.sys
2011-12-17 07:51 . 2008-03-21 13:42 88896 ----a-w- c:\windows\system32\drivers\sentinel.sys
2011-12-17 07:51 . 2006-11-02 08:51 83456 ----a-w- c:\windows\system32\drivers\serial.sys
2011-12-17 07:51 . 2006-11-02 08:51 17920 ----a-w- c:\windows\system32\drivers\serenum.sys
2011-12-17 07:51 . 2006-11-02 06:37 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys
2011-12-17 07:51 . 2007-12-11 13:29 252416 ----a-w- c:\windows\system32\drivers\rtl8187B.sys
2011-12-17 07:51 . 2006-11-02 08:51 76392 ----a-w- c:\windows\system32\drivers\sbp2port.sys
2011-12-17 07:51 . 2007-11-06 22:27 1771944 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2011-12-17 07:51 . 2006-11-02 09:03 242688 ----a-w- c:\windows\system32\drivers\rdpdr.sys
2011-12-17 07:51 . 2009-09-17 03:15 225280 ---ha-w- c:\windows\system32\drivers\rdbss.sys
2011-12-17 07:51 . 2008-04-02 23:28 78032 ----a-w- c:\windows\system32\drivers\RCFOX.SYS
2011-12-17 07:51 . 2006-11-02 07:36 106088 ----a-w- c:\windows\system32\drivers\ql40xx.sys
2011-12-17 07:51 . 2006-11-02 07:36 900712 ----a-w- c:\windows\system32\drivers\ql2300.sys
2011-12-17 07:51 . 2006-11-02 08:30 38400 ----a-w- c:\windows\system32\drivers\processr.sys
2011-12-17 07:51 . 2006-09-27 21:53 45200 ----a-w- c:\windows\system32\drivers\pxhelp20.sys
2011-12-17 07:51 . 2006-11-02 08:51 13416 ----a-w- c:\windows\system32\drivers\pciide.sys
2011-12-17 07:51 . 2006-11-02 08:51 8704 ----a-w- c:\windows\system32\drivers\parvdm.sys
2011-12-17 07:51 . 2006-11-02 08:51 79360 ----a-w- c:\windows\system32\drivers\parport.sys
2011-12-17 07:51 . 2006-11-02 08:35 106600 ----a-w- c:\windows\system32\drivers\NV_AGP.SYS
2011-12-17 07:51 . 2006-11-02 07:36 40040 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-12-17 07:51 . 2009-09-17 03:14 35328 ---ha-w- c:\windows\system32\drivers\npfs.sys
2011-12-17 07:51 . 2006-11-02 07:36 20608 ----a-w- c:\windows\system32\drivers\ntrigdigi.sys
2011-12-17 07:51 . 2006-11-02 07:36 88680 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-12-17 07:51 . 2006-11-02 07:36 45160 ----a-w- c:\windows\system32\drivers\nfrd960.sys
2011-12-17 07:51 . 2009-09-17 03:15 185856 ---ha-w- c:\windows\system32\drivers\netbt.sys
2011-12-17 07:51 . 2008-04-04 22:03 35840 ---ha-w- c:\windows\system32\drivers\netbios.sys
2011-12-17 07:51 . 2006-11-02 08:52 80488 ----a-w- c:\windows\system32\drivers\msdsm.sys
2011-12-17 07:51 . 2009-09-17 03:15 27112 ----a-w- c:\windows\system32\drivers\msahci.sys
2011-12-17 07:51 . 2006-11-02 07:36 33384 ----a-w- c:\windows\system32\drivers\Mraid35x.sys
2011-12-17 07:51 . 2006-11-02 08:52 78952 ----a-w- c:\windows\system32\drivers\mpio.sys
2011-12-17 07:51 . 2006-11-02 07:36 65640 ----a-w- c:\windows\system32\drivers\lsi_scsi.sys
2011-12-17 07:51 . 2006-11-02 07:36 28776 ----a-w- c:\windows\system32\drivers\megasas.sys
2011-12-17 07:51 . 2006-11-02 07:36 65640 ----a-w- c:\windows\system32\drivers\lsi_fc.sys
2011-12-17 07:51 . 2006-11-02 07:36 65640 ----a-w- c:\windows\system32\drivers\lsi_sas.sys
2011-12-17 07:51 . 2007-11-06 20:40 479488 ----a-w- c:\windows\system32\drivers\kr3npxp.sys
2011-12-17 07:51 . 2007-11-06 20:40 211072 ----a-w- c:\windows\system32\drivers\KR10N.sys
2011-12-17 07:51 . 2007-11-06 20:39 219264 ----a-w- c:\windows\system32\drivers\KR10I.sys
2011-12-17 07:51 . 2006-11-02 07:36 35944 ----a-w- c:\windows\system32\drivers\iteraid.sys
2011-12-17 07:51 . 2006-11-02 08:42 65536 ----a-w- c:\windows\system32\drivers\IPMIDrv.sys
2011-12-17 07:51 . 2006-11-02 08:35 47208 ----a-w- c:\windows\system32\drivers\isapnp.sys
2011-12-17 07:51 . 2006-11-02 07:36 35944 ----a-w- c:\windows\system32\drivers\iteatapi.sys
2011-12-17 07:51 . 2008-04-04 22:02 41472 ----a-w- c:\windows\system32\drivers\intelppm.sys
2011-12-17 07:51 . 2008-04-04 22:02 17976 ----a-w- c:\windows\system32\drivers\intelide.sys
2011-12-17 07:51 . 2007-09-13 23:23 1925632 ----a-w- c:\windows\system32\drivers\igdkmd32.sys
2011-12-17 07:51 . 2006-11-02 07:36 41576 ----a-w- c:\windows\system32\drivers\iirsp.sys
2011-12-17 07:51 . 2008-04-04 22:01 54784 ---ha-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-17 07:51 . 2006-11-02 07:36 232040 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-12-17 07:51 . 2006-11-02 08:52 16488 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2011-12-17 07:51 . 2006-11-02 08:51 27752 ----a-w- c:\windows\system32\drivers\i2omp.sys
2011-12-17 07:51 . 2006-11-02 07:36 37480 ----a-w- c:\windows\system32\drivers\HpCISSs.sys
2011-12-17 07:51 . 2006-11-02 08:55 29184 ----a-w- c:\windows\system32\drivers\hidbth.sys
2011-12-17 07:51 . 2006-11-02 08:55 21504 ----a-w- c:\windows\system32\drivers\hidir.sys
2011-12-17 07:51 . 2010-07-09 17:19 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2edab3a3-7a05-4add-946c-7222bd62fa88}"= "c:\program files\security1\prxtbsecu.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{2edab3a3-7a05-4add-946c-7222bd62fa88}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2edab3a3-7a05-4add-946c-7222bd62fa88}]
2011-05-09 08:49 176936 ----a-w- c:\program files\security1\prxtbsecu.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2edab3a3-7a05-4add-946c-7222bd62fa88}"= "c:\program files\security1\prxtbsecu.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{2edab3a3-7a05-4add-946c-7222bd62fa88}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2EDAB3A3-7A05-4ADD-946C-7222BD62FA88}"= "c:\program files\security1\prxtbsecu.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{2edab3a3-7a05-4add-946c-7222bd62fa88}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [BU]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"CrawlerMail"="c:\progra~1\inbox\cmail.exe" [2011-12-02 1403904]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-20 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 129560]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-23 538744]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 4444160]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2007-08-31 988584]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-11-22 1318816]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Svc32"="c:\program files\System\Driver\app.exe" [2012-01-21 30208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2008-3-24 118784]
Directrec Configuration Tool.lnk - c:\program files\Olympus\DeviceDetector\DirectrecConfig.exe [2008-3-24 122880]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 17:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
2006-12-18 16:08 622592 ------w- c:\program files\Brother\Brmfcmon\BrMfcWnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2006-07-19 19:51 65536 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DefragReminder]
2011-01-19 23:26 919504 ------w- c:\program files\ConsumerSoft\My Faster PC\My Defragmenter\DefragReminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-08-04 02:11 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Maps4PC_0c Browser Plugin Loader]
c:\progra~1\MAPS4P~2\bar\1.bin\0cbrmon.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Faster PC]
2011-04-17 02:43 1456520 ----a-w- c:\program files\ConsumerSoft\My Faster PC\MFPCHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDSTray.exe]
NDSTray.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 03:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SelectRebates]
c:\program files\SelectRebates\SelectRebates.exe [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
2008-01-29 22:38 583048 ----a-w- c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2011-11-19 15:38 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
TOSCDSPD.EXE [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 5689;5689;c:\windows\TEMP\5689.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-26 14:54]
.
2012-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-26 14:54]
.
2012-01-25 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-21 05:36]
.
2012-01-19 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-21 05:36]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Inbox Search - tbr:iemenu
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
TCP: DhcpNameServer = 216.231.160.10 216.231.160.2
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Inbox\ctbr.dll
DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} - [You must be registered and logged in to see this link.]
DPF: {89AA55A4-B9E2-430F-BAE3-1436DAB56A4E} - [You must be registered and logged in to see this link.]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2012-01-25 08:53
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-01-25 08:58:06
ComboFix-quarantined-files.txt 2012-01-25 14:58
.
Pre-Run: 321,451,520,000 bytes free
Post-Run: 321,477,476,352 bytes free
.
- - End Of File - - 3FD1E52048E42336D6A56357A1E4E73E

southernsungal
Novice
Novice

Posts Posts : 19
Joined Joined : 2012-01-19
OS OS : windows vista home premium
Points Points : 18093
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Infection with Black Desktop Screen

Post by southernsungal on Wed Jan 25, 2012 3:26 pm

The ComboFix log posted above is from the second run. I still have not found the log from the first run. What do we do next? Thanks for the good help.

southernsungal
Novice
Novice

Posts Posts : 19
Joined Joined : 2012-01-19
OS OS : windows vista home premium
Points Points : 18093
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Infection with Black Desktop Screen

Post by southernsungal on Thu Jan 26, 2012 9:54 pm

bump

southernsungal
Novice
Novice

Posts Posts : 19
Joined Joined : 2012-01-19
OS OS : windows vista home premium
Points Points : 18093
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Infection with Black Desktop Screen

Post by southernsungal on Thu Jan 26, 2012 11:21 pm

There are two malfunctions in my computer programs that may be associated with the viruses that infected my computer. One is that when I click on the RUN icon I get the same screen that I would get if I clicked on the COMPUTER selection. I do not get a dialog box for input. The other problem I have noticed is that when I click on the Favorites icon, I get a screen telling me my Favorites are not available at this location but may be stored elsewhere. Do you have any opinion as to what my problem is? I haven't detected anything else wrong at this point in time. Could it be damaged or corrupted files done by the viruses?

southernsungal
Novice
Novice

Posts Posts : 19
Joined Joined : 2012-01-19
OS OS : windows vista home premium
Points Points : 18093
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Infection with Black Desktop Screen

Post by houndmom on Thu Jan 26, 2012 11:48 pm

Do you know what this program is?
security1

I am working on the report now. Smile


If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Posts Posts : 1053
Joined Joined : 2010-04-27
Gender Gender : Female
OS OS : Windows 7 ultimate
Protection Protection : Bitdefender Total Security 2010
Points Points : 29757
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Infection with Black Desktop Screen

Post by southernsungal on Fri Jan 27, 2012 12:04 am

I know about a program called SecurityCheck but not Security1. Another thing I noticed was as the internet is booting up, I get a screen asking if I want clkpop as my home screen or do I want my regular home screen. Is clkpop an invader? I could not find a program to delete in Control Panel named clkpop.

southernsungal
Novice
Novice

Posts Posts : 19
Joined Joined : 2012-01-19
OS OS : windows vista home premium
Points Points : 18093
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Infection with Black Desktop Screen

Post by southernsungal on Sat Jan 28, 2012 4:44 am

bump

southernsungal
Novice
Novice

Posts Posts : 19
Joined Joined : 2012-01-19
OS OS : windows vista home premium
Points Points : 18093
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Infection with Black Desktop Screen

Post by houndmom on Sat Jan 28, 2012 3:52 pm

Hey, I working with my instructor with the next step. Smile


If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Posts Posts : 1053
Joined Joined : 2010-04-27
Gender Gender : Female
OS OS : Windows 7 ultimate
Protection Protection : Bitdefender Total Security 2010
Points Points : 29757
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Infection with Black Desktop Screen

Post by houndmom on Tue Jan 31, 2012 7:54 pm

Sorry for the wait.

Run CFScript


  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:



Code:

KILLALL::
File::
    File::
    c:\progra~1\Inbox\ctbr.dll
    c:\program files\SelectRebates\SelectRebates.exe
    Folder::

    Registry::
    [-HKEY_CLASSES_ROOT\clsid\{2edab3a3-7a05-4add-946c-7222bd62fa88}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SelectRebates]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Svc32"=-

    Driver::
    5689




Save the file to your desktop and name it CFScript.txt


Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.





This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply.

Note: These instructions and script were created specifically for this user. If you are not this user, do NOT follow these instructions or use this script as it could damage the workings of your system.





If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Posts Posts : 1053
Joined Joined : 2010-04-27
Gender Gender : Female
OS OS : Windows 7 ultimate
Protection Protection : Bitdefender Total Security 2010
Points Points : 29757
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Infection with Black Desktop Screen

Post by houndmom on Tue Jan 31, 2012 8:06 pm

Sorry I also need for you to upload these files to VirusTotal:

Please upload the following to [You must be registered and logged in to see this link.] and post the results back here:
c:\program files\security1\prxtbsecu.dll
c:\progra~1\inbox\cmail.exe


If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Posts Posts : 1053
Joined Joined : 2010-04-27
Gender Gender : Female
OS OS : Windows 7 ultimate
Protection Protection : Bitdefender Total Security 2010
Points Points : 29757
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Virus Infection with Black Desktop Screen

Post by houndmom on Sun Feb 12, 2012 9:10 pm

Hello, Do you still need help on your computer?

Have you had a chance to perform the above steps?


If we have helped you, Please consider helping us,  make a [You must be registered and logged in to see this link.].

Helping fight malware.

houndmom
Leader's Leader
Leader's Leader

Posts Posts : 1053
Joined Joined : 2010-04-27
Gender Gender : Female
OS OS : Windows 7 ultimate
Protection Protection : Bitdefender Total Security 2010
Points Points : 29757
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum