Kimberly13 Posted September 1, 2010 Author ID:307962 Share Posted September 1, 2010 2010/09/01 12:08:14.0338 TDSS rootkit removing tool 2.4.1.4 Aug 31 2010 16:55:252010/09/01 12:08:14.0338 ================================================================================2010/09/01 12:08:14.0338 SystemInfo:2010/09/01 12:08:14.0338 2010/09/01 12:08:14.0338 OS Version: 6.1.7600 ServicePack: 0.02010/09/01 12:08:14.0338 Product type: Workstation2010/09/01 12:08:14.0338 ComputerName: KIMBERLY-PC2010/09/01 12:08:14.0338 UserName: Kimberly2010/09/01 12:08:14.0338 Windows directory: C:\windows2010/09/01 12:08:14.0338 System windows directory: C:\windows2010/09/01 12:08:14.0338 Running under WOW642010/09/01 12:08:14.0338 Processor architecture: Intel x642010/09/01 12:08:14.0338 Number of processors: 42010/09/01 12:08:14.0338 Page size: 0x10002010/09/01 12:08:14.0338 Boot type: Normal boot2010/09/01 12:08:14.0338 ================================================================================2010/09/01 12:08:14.0338 Utility is running under WOW64, functionality is limited.2010/09/01 12:08:15.0040 Initialize success2010/09/01 12:08:16.0241 ================================================================================2010/09/01 12:08:16.0241 Scan started2010/09/01 12:08:16.0241 Mode: Manual;2010/09/01 12:08:16.0241 ================================================================================2010/09/01 12:08:16.0709 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys2010/09/01 12:08:16.0756 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys2010/09/01 12:08:16.0819 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys2010/09/01 12:08:16.0865 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys2010/09/01 12:08:16.0912 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys2010/09/01 12:08:16.0959 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys2010/09/01 12:08:17.0053 AFD (b9384e03479d2506bc924c16a3db87bc) C:\windows\system32\drivers\afd.sys2010/09/01 12:08:17.0115 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys2010/09/01 12:08:17.0177 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys2010/09/01 12:08:17.0224 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys2010/09/01 12:08:17.0287 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys2010/09/01 12:08:17.0318 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys2010/09/01 12:08:17.0365 amdsata (7a4b413614c055935567cf88a9734d38) C:\windows\system32\DRIVERS\amdsata.sys2010/09/01 12:08:17.0411 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys2010/09/01 12:08:17.0458 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\windows\system32\DRIVERS\amdxata.sys2010/09/01 12:08:17.0567 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys2010/09/01 12:08:17.0677 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys2010/09/01 12:08:17.0723 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys2010/09/01 12:08:17.0770 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys2010/09/01 12:08:18.0878 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys2010/09/01 12:08:18.0972 athr (cca705cdf038d5bc243203ce4416b345) C:\windows\system32\DRIVERS\athrx.sys2010/09/01 12:08:19.0174 avgntflt (ed2b23707f19ccc1b2a4382b05d31481) C:\windows\system32\DRIVERS\avgntflt.sys2010/09/01 12:08:19.0221 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\windows\system32\DRIVERS\avipbb.sys2010/09/01 12:08:19.0330 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys2010/09/01 12:08:19.0393 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys2010/09/01 12:08:19.0471 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys2010/09/01 12:08:19.0596 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys2010/09/01 12:08:19.0658 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\windows\system32\DRIVERS\bowser.sys2010/09/01 12:08:19.0720 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys2010/09/01 12:08:19.0783 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys2010/09/01 12:08:19.0845 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys2010/09/01 12:08:19.0892 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys2010/09/01 12:08:19.0923 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys2010/09/01 12:08:19.0954 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys2010/09/01 12:08:20.0001 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys2010/09/01 12:08:20.0095 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys2010/09/01 12:08:20.0142 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys2010/09/01 12:08:20.0220 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys2010/09/01 12:08:20.0282 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys2010/09/01 12:08:20.0407 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys2010/09/01 12:08:20.0454 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys2010/09/01 12:08:20.0500 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys2010/09/01 12:08:20.0563 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys2010/09/01 12:08:20.0625 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys2010/09/01 12:08:20.0703 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys2010/09/01 12:08:20.0828 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\windows\system32\Drivers\dfsc.sys2010/09/01 12:08:20.0906 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys2010/09/01 12:08:20.0968 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys2010/09/01 12:08:21.0249 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys2010/09/01 12:08:21.0358 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\windows\System32\drivers\dxgkrnl.sys2010/09/01 12:08:21.0546 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys2010/09/01 12:08:21.0795 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys2010/09/01 12:08:21.0842 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys2010/09/01 12:08:21.0967 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys2010/09/01 12:08:22.0014 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys2010/09/01 12:08:22.0060 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys2010/09/01 12:08:22.0170 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys2010/09/01 12:08:22.0201 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys2010/09/01 12:08:22.0263 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys2010/09/01 12:08:22.0310 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys2010/09/01 12:08:22.0404 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys2010/09/01 12:08:22.0482 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\windows\system32\DRIVERS\fssfltr.sys2010/09/01 12:08:22.0575 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys2010/09/01 12:08:22.0638 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys2010/09/01 12:08:22.0700 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys2010/09/01 12:08:22.0778 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys2010/09/01 12:08:22.0918 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys2010/09/01 12:08:22.0981 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys2010/09/01 12:08:23.0043 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys2010/09/01 12:08:23.0106 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys2010/09/01 12:08:23.0137 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys2010/09/01 12:08:23.0199 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys2010/09/01 12:08:23.0262 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys2010/09/01 12:08:23.0386 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys2010/09/01 12:08:23.0480 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys2010/09/01 12:08:23.0542 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys2010/09/01 12:08:23.0589 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys2010/09/01 12:08:23.0667 iaStor (abbf174cb394f5c437410a788b7e404a) C:\windows\system32\DRIVERS\iaStor.sys2010/09/01 12:08:23.0745 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\windows\system32\DRIVERS\iaStorV.sys2010/09/01 12:08:23.0964 igfx (a87261ef1546325b559374f5689cf5bc) C:\windows\system32\DRIVERS\igdkmd64.sys2010/09/01 12:08:24.0166 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys2010/09/01 12:08:24.0369 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys2010/09/01 12:08:24.0478 IntcAzAudAddService (0adf714079ae174a39d69036143e4c50) C:\windows\system32\drivers\RTKVHD64.sys2010/09/01 12:08:24.0572 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys2010/09/01 12:08:24.0619 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys2010/09/01 12:08:24.0712 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys2010/09/01 12:08:24.0837 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys2010/09/01 12:08:24.0946 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys2010/09/01 12:08:25.0056 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys2010/09/01 12:08:25.0134 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys2010/09/01 12:08:25.0196 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys2010/09/01 12:08:25.0243 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys2010/09/01 12:08:25.0336 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys2010/09/01 12:08:25.0430 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys2010/09/01 12:08:25.0477 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys2010/09/01 12:08:25.0524 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys2010/09/01 12:08:25.0648 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys2010/09/01 12:08:25.0758 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys2010/09/01 12:08:25.0820 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys2010/09/01 12:08:25.0867 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys2010/09/01 12:08:25.0914 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys2010/09/01 12:08:25.0992 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys2010/09/01 12:08:26.0070 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys2010/09/01 12:08:26.0148 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys2010/09/01 12:08:26.0210 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys2010/09/01 12:08:26.0272 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys2010/09/01 12:08:26.0350 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys2010/09/01 12:08:26.0397 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys2010/09/01 12:08:26.0444 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys2010/09/01 12:08:26.0491 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys2010/09/01 12:08:26.0553 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys2010/09/01 12:08:26.0631 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys2010/09/01 12:08:26.0725 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\windows\system32\DRIVERS\mrxsmb.sys2010/09/01 12:08:26.0772 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\windows\system32\DRIVERS\mrxsmb10.sys2010/09/01 12:08:26.0818 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\windows\system32\DRIVERS\mrxsmb20.sys2010/09/01 12:08:26.0896 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys2010/09/01 12:08:26.0959 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys2010/09/01 12:08:27.0068 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys2010/09/01 12:08:27.0099 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys2010/09/01 12:08:27.0146 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys2010/09/01 12:08:27.0208 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys2010/09/01 12:08:27.0255 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys2010/09/01 12:08:27.0286 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys2010/09/01 12:08:27.0364 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys2010/09/01 12:08:27.0442 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys2010/09/01 12:08:27.0458 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys2010/09/01 12:08:27.0505 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys2010/09/01 12:08:27.0552 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys2010/09/01 12:08:27.0661 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys2010/09/01 12:08:27.0739 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys2010/09/01 12:08:27.0801 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys2010/09/01 12:08:27.0879 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys2010/09/01 12:08:27.0942 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys2010/09/01 12:08:28.0004 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys2010/09/01 12:08:28.0082 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys2010/09/01 12:08:28.0160 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys2010/09/01 12:08:28.0222 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys2010/09/01 12:08:28.0332 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys2010/09/01 12:08:28.0425 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys2010/09/01 12:08:28.0472 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys2010/09/01 12:08:28.0550 Ntfs (356698a13c4630d5b31c37378d469196) C:\windows\system32\drivers\Ntfs.sys2010/09/01 12:08:28.0628 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys2010/09/01 12:08:28.0690 NVHDA (181e7fe39211e04128a30708906627d8) C:\windows\system32\drivers\nvhda64v.sys2010/09/01 12:08:28.0987 nvlddmkm (a518a34f345abf771e66ac48932ffea8) C:\windows\system32\DRIVERS\nvlddmkm.sys2010/09/01 12:08:29.0236 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\windows\system32\DRIVERS\nvraid.sys2010/09/01 12:08:29.0268 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\windows\system32\DRIVERS\nvstor.sys2010/09/01 12:08:29.0330 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys2010/09/01 12:08:29.0361 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys2010/09/01 12:08:29.0517 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys2010/09/01 12:08:29.0580 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys2010/09/01 12:08:29.0658 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys2010/09/01 12:08:29.0689 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys2010/09/01 12:08:29.0736 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys2010/09/01 12:08:29.0798 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys2010/09/01 12:08:29.0860 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys2010/09/01 12:08:30.0157 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys2010/09/01 12:08:30.0219 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys2010/09/01 12:08:30.0328 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys2010/09/01 12:08:30.0406 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys2010/09/01 12:08:30.0469 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys2010/09/01 12:08:30.0547 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys2010/09/01 12:08:30.0609 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys2010/09/01 12:08:30.0672 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys2010/09/01 12:08:30.0734 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys2010/09/01 12:08:30.0796 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys2010/09/01 12:08:30.0859 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys2010/09/01 12:08:30.0952 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys2010/09/01 12:08:31.0015 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys2010/09/01 12:08:31.0077 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys2010/09/01 12:08:31.0140 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys2010/09/01 12:08:31.0202 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys2010/09/01 12:08:31.0327 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys2010/09/01 12:08:31.0436 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys2010/09/01 12:08:31.0654 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys2010/09/01 12:08:31.0732 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\windows\system32\DRIVERS\Rt64win7.sys2010/09/01 12:08:32.0013 rtport (4ca0dba9e224473d664c25e411f5a3bd) C:\windows\SysWOW64\drivers\rtport.sys2010/09/01 12:08:32.0169 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys2010/09/01 12:08:32.0294 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys2010/09/01 12:08:32.0356 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys2010/09/01 12:08:32.0481 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys2010/09/01 12:08:32.0575 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys2010/09/01 12:08:32.0622 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys2010/09/01 12:08:32.0700 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys2010/09/01 12:08:32.0824 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys2010/09/01 12:08:32.0887 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys2010/09/01 12:08:32.0934 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\windows\system32\DRIVERS\sffp_sd.sys2010/09/01 12:08:32.0980 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys2010/09/01 12:08:33.0090 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys2010/09/01 12:08:33.0136 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys2010/09/01 12:08:33.0199 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys2010/09/01 12:08:33.0292 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys2010/09/01 12:08:33.0433 srv (43067a65522eaec33d31a12d6fa8e3f4) C:\windows\system32\DRIVERS\srv.sys2010/09/01 12:08:33.0480 srv2 (03715cf9c30b563da35fc5f2b8f7b8e0) C:\windows\system32\DRIVERS\srv2.sys2010/09/01 12:08:33.0526 srvnet (fbd09635227a8026c0f7790f604343c6) C:\windows\system32\DRIVERS\srvnet.sys2010/09/01 12:08:33.0620 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys2010/09/01 12:08:33.0698 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys2010/09/01 12:08:33.0776 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys2010/09/01 12:08:33.0870 SynTP (3c80203c725c28cea5713d1ab242880a) C:\windows\system32\DRIVERS\SynTP.sys2010/09/01 12:08:34.0072 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\windows\system32\drivers\tcpip.sys2010/09/01 12:08:34.0150 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\windows\system32\DRIVERS\tcpip.sys2010/09/01 12:08:34.0228 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys2010/09/01 12:08:34.0338 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys2010/09/01 12:08:34.0369 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys2010/09/01 12:08:34.0431 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys2010/09/01 12:08:34.0478 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys2010/09/01 12:08:34.0650 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys2010/09/01 12:08:34.0743 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys2010/09/01 12:08:34.0837 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\windows\system32\DRIVERS\TurboB.sys2010/09/01 12:08:34.0946 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys2010/09/01 12:08:35.0071 udfs (31ba4a33afab6a69ea092b18017f737f) C:\windows\system32\DRIVERS\udfs.sys2010/09/01 12:08:35.0211 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys2010/09/01 12:08:35.0289 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys2010/09/01 12:08:35.0352 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys2010/09/01 12:08:35.0445 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\windows\system32\Drivers\usbaapl64.sys2010/09/01 12:08:35.0508 usbccgp (b26afb54a534d634523c4fb66765b026) C:\windows\system32\DRIVERS\usbccgp.sys2010/09/01 12:08:35.0554 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys2010/09/01 12:08:35.0617 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\windows\system32\DRIVERS\usbehci.sys2010/09/01 12:08:35.0679 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\windows\system32\DRIVERS\usbhub.sys2010/09/01 12:08:35.0726 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\DRIVERS\usbohci.sys2010/09/01 12:08:35.0788 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys2010/09/01 12:08:35.0820 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\windows\system32\DRIVERS\USBSTOR.SYS2010/09/01 12:08:35.0851 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\DRIVERS\usbuhci.sys2010/09/01 12:08:35.0944 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\windows\system32\Drivers\usbvideo.sys2010/09/01 12:08:36.0085 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys2010/09/01 12:08:36.0178 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys2010/09/01 12:08:36.0256 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys2010/09/01 12:08:36.0334 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys2010/09/01 12:08:36.0412 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys2010/09/01 12:08:36.0459 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys2010/09/01 12:08:36.0537 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys2010/09/01 12:08:36.0600 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys2010/09/01 12:08:36.0678 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys2010/09/01 12:08:36.0787 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys2010/09/01 12:08:36.0865 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys2010/09/01 12:08:36.0974 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys2010/09/01 12:08:37.0036 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys2010/09/01 12:08:37.0052 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys2010/09/01 12:08:37.0255 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys2010/09/01 12:08:37.0317 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys2010/09/01 12:08:37.0489 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys2010/09/01 12:08:37.0551 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys2010/09/01 12:08:37.0723 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys2010/09/01 12:08:37.0770 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys2010/09/01 12:08:37.0941 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys2010/09/01 12:08:38.0066 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys2010/09/01 12:08:38.0113 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys2010/09/01 12:08:38.0238 yukonw7 (64f88af327aa74e03658ae32b48ccb8b) C:\windows\system32\DRIVERS\yk62x64.sys2010/09/01 12:08:38.0300 ================================================================================2010/09/01 12:08:38.0300 Scan finished2010/09/01 12:08:38.0300 ================================================================================Im starting the MBAM full scan now. Will post log when finished. Link to post Share on other sites More sharing options...
Kimberly13 Posted September 1, 2010 Author ID:307974 Share Posted September 1, 2010 Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4524Windows 6.1.7600Internet Explorer 8.0.7600.163859/1/2010 1:48:24 PMmbam-log-2010-09-01 (13-48-24).txtScan type: Full scan (C:\|D:\|)Objects scanned: 245790Time elapsed: 28 minute(s), 25 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 1, 2010 ID:308028 Share Posted September 1, 2010 Please note the last MBAM scan found no malicious items.Set Windows to show all files:Click the Start button , and then click Control Panel >> Appearance and Personalization >> Folder Options. Click the View tab. Under Advanced settings, click Show hidden files, folders, and drives, and then click OK. Click Apply > OK.Next:1. Create a new folder on drive "C:\" and name it Sysclean - (C:\Sysclean).2. Download >> Sysclean Package & save it to that folder.It's a ZIP file.Extract all the contents of the zip file to that folder.3. Then download the latest >> Virus Pattern Files - (Pattern files are usually named "lptxxx.zip", where xxx is the pattern file number)4. Extract (unzip) the lptxxx.zip pattern file into the Sysclean folder where you put sysclean.com.(Click here for information on how to extract a file if you are not sure how to do this. . DO NOT scan yet.Reboot your computer in SAFE MODE using the "F8" method.To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.A menu will appear with several options.Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".Scan with Sysclean as follows:1. Open the Sysclean folder and double-click on "sysclean.com" to start the scanning process.2. Put a check mark on the "Automatically clean or delete infected files" option by clicking in the checkbox.3. Click the Advanced button.4. The scan options appear. Select the Scan all local fixed drives.5. Click the Scan button on the TrendMicro™ System Cleaner console.6. It will take some time to complete. Be patient and let it clean whatever it finds.7. Another MS-DOS window appears containing the log file generated in the System Cleaner folder.8. To view the log, click the View button on the TrendMicro System Cleaner console. The TrendMicro Sysclean Package - Log window appears. The Files Detected section shows the viruses that were detected by System Cleaner. The Files Clean section shows the viruses that were cleaned. The Clean Fail section shows the viruses that were not cleaned.9. Exit when done, reboot normally and re-enable your anti-virus program.Instructions with screenshots are here if you need them.This tool generates a log file (sysclean.log) in the same folder where the scan is completed.When using Sysclean its best to use the Administrator's account or an account with Administrative rights otherwise you will not have the rights to scan some locations.The scanning process may result in "Access Denied" messages for some files. This is normal because these files are protected by the system. Link to post Share on other sites More sharing options...
Kimberly13 Posted September 2, 2010 Author ID:308182 Share Posted September 2, 2010 I will post the log below. I'm confused about what it found. When I rebooted my computer from safe mode my desktop background picture is no longer there and my homepage isn't set anymore. Thats all I've noticed for now, is that suppose to happen? There are alot of files in the folder I created now so I'm not positive what all you'll need me to post for you to see so just let me know if there's something else I need to copy and paste on here for you.Damage Cleanup Engine (DCE) 6.2(Build 1016) (RCM: Driver not ready!)Windows 7(Build 7600: )Start time : Wed Sep 01 2010 23:48:19Load Damage Cleanup Template (DCT) "C:\Sysclean\sysclean\TMRDCT.ptn" (version ) [fail]Load Damage Cleanup Template (DCT) "C:\Sysclean\sysclean\tsc.ptn" (version 1092) [success]Normal File Check for Detected File "C:\Users\Kimberly\AppData\Local\Temp\Temp1_tdsskiller.zip\TDSSKiller.exe" (Virus Name Cryp_Xed-16): Normal file check result 0x00000002, from "Kaspersky Lab [D]".TSC_GENCLEAN[virus found]-->delete file("C:\Users\Kimberly\AppData\Local\Temp\Temp1_tdsskiller.zip\TDSSKiller.exe","","") success-->add folder("C:\Sysclean\sysclean\TSC_Temp","","") success-->copy file("C:\Sysclean\sysclean\tsc.bin","C:\Sysclean\sysclean\TSC_Temp\tsc.exe","") success-->copy file("C:\Sysclean\sysclean\tsc.ini","C:\Sysclean\sysclean\TSC_Temp\tsc.ini","") success-->copy file("C:\Sysclean\sysclean\tsc.ptn","C:\Sysclean\sysclean\TSC_Temp\tsc.ptn","") success-->add file("C:\Sysclean\sysclean\TSC_Temp\DEADLINKS.INI","","") success-->modify file("C:\Sysclean\sysclean\TSC_Temp\DEADLINKS.INI","","") success-->modify file("C:\Sysclean\sysclean\TSC_Temp\DEADLINKS.INI","","") success-->modify registry data("HKEY_LOCAL_MACHINE","Software\Microsoft\Windows\CurrentVersion\RunOnce","TSC") success-->delete registry value("HKEY_LOCAL_MACHINE","Software\Microsoft\Windows\CurrentVersion\Policies\System","DisableTaskMgr") success-->delete registry value("HKEY_LOCAL_MACHINE","Software\Microsoft\Windows\CurrentVersion\Policies\System","DisableRegistryTools") success-->delete registry value("HKEY_LOCAL_MACHINE","Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NoFolderOptions") success-->delete registry value("HKEY_LOCAL_MACHINE","Software\Microsoft\Windows\CurrentVersion\Policies\Explorer","NoControlPanel") success-->modify registry data("n/a","Control Panel\Desktop","WallPaper") success-->modify registry data("HKEY_LOCAL_MACHINE","Software\Microsoft\Internet Explorer\Main","Start page") success-->modify registry data("n/a","Software\Microsoft\Internet Explorer\Main","Start page") success-->delete registry value("HKEY_LOCAL_MACHINE","SOFTWARE\Policies\Microsoft\Windows\System","DisableCMD") success-->modify registry data("n/a","Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced","ShowSuperHidden") success-->modify registry data("n/a","Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced","HideFileExt") success-->modify registry data("HKEY_LOCAL_MACHINE","SYSTEM\CurrentControlSet\Services\RemoteRegistry","Start") successGenericClean::Pattern:TSC_GENCLEAN,Virus Name:Cryp_Xed-16,Virus File Path:C:\Users\Kimberly\AppData\Local\Temp\Temp1_tdsskiller.zip\TDSSKiller.exe GenericClean::Pattern:WORM_DOWNAD,Virus Name:Cryp_Xed-16,Virus File Path:C:\Users\Kimberly\AppData\Local\Temp\Temp1_tdsskiller.zip\TDSSKiller.exe GenericClean::Pattern:PE_PATCHEP.A,Virus Name:Cryp_Xed-16,Virus File Path:C:\Users\Kimberly\AppData\Local\Temp\Temp1_tdsskiller.zip\TDSSKiller.exe GenericClean::Pattern:BKDR_TIDIES,Virus Name:Cryp_Xed-16,Virus File Path:C:\Users\Kimberly\AppData\Local\Temp\Temp1_tdsskiller.zip\TDSSKiller.exe Complete time : Wed Sep 01 2010 23:48:20Execute pattern count(4), Virus found count(1), Virus clean count(1), Clean failed count(0)Damage Cleanup Engine (DCE) 6.2(Build 1016) (RCM: Driver not ready!)Windows 7(Build 7600: )Start time : Wed Sep 01 2010 23:48:46Load Damage Cleanup Template (DCT) "C:\Sysclean\sysclean\TMRDCT.ptn" (version ) [fail]Load Damage Cleanup Template (DCT) "C:\Sysclean\sysclean\tsc.ptn" (version 1092) [success]Normal File Check for Detected File "C:\Users\Kimberly\Desktop\tdsskiller\TDSSKiller.exe" (Virus Name Cryp_Xed-16): Normal file check result 0x00000002, from "Kaspersky Lab [D]".TSC_GENCLEAN[virus found]-->delete file("C:\Users\Kimberly\Desktop\tdsskiller\TDSSKiller.exe","","") success-->delete file("C:\Sysclean\sysclean\TSC_Temp\tsc.exe","","") success-->copy file("C:\Sysclean\sysclean\tsc.bin","C:\Sysclean\sysclean\TSC_Temp\tsc.exe","") success-->delete file("C:\Sysclean\sysclean\TSC_Temp\tsc.ini","","") success-->copy file("C:\Sysclean\sysclean\tsc.ini","C:\Sysclean\sysclean\TSC_Temp\tsc.ini","") success-->delete file("C:\Sysclean\sysclean\TSC_Temp\tsc.ptn","","") success-->copy file("C:\Sysclean\sysclean\tsc.ptn","C:\Sysclean\sysclean\TSC_Temp\tsc.ptn","") success-->modify file("C:\Sysclean\sysclean\TSC_Temp\DEADLINKS.INI","","") successGenericClean::Pattern:TSC_GENCLEAN,Virus Name:Cryp_Xed-16,Virus File Path:C:\Users\Kimberly\Desktop\tdsskiller\TDSSKiller.exe GenericClean::Pattern:WORM_DOWNAD,Virus Name:Cryp_Xed-16,Virus File Path:C:\Users\Kimberly\Desktop\tdsskiller\TDSSKiller.exe GenericClean::Pattern:PE_PATCHEP.A,Virus Name:Cryp_Xed-16,Virus File Path:C:\Users\Kimberly\Desktop\tdsskiller\TDSSKiller.exe GenericClean::Pattern:BKDR_TIDIES,Virus Name:Cryp_Xed-16,Virus File Path:C:\Users\Kimberly\Desktop\tdsskiller\TDSSKiller.exe Complete time : Wed Sep 01 2010 23:48:47Execute pattern count(4), Virus found count(1), Virus clean count(1), Clean failed count(0)Damage Cleanup Engine (DCE) 6.2(Build 1016) (RCM: Driver not ready!)Windows 7(Build 7600: )Start time : Wed Sep 01 2010 23:48:47Load Damage Cleanup Template (DCT) "C:\Sysclean\sysclean\TMRDCT.ptn" (version ) [fail]Load Damage Cleanup Template (DCT) "C:\Sysclean\sysclean\tsc.ptn" (version 1092) [success]Normal File Check for Detected File "C:\Users\Kimberly\Desktop\TDSSKiller.exe" (Virus Name Cryp_Xed-16): Normal file check result 0x00000002, from "Kaspersky Lab [D]".TSC_GENCLEAN[virus found]-->delete file("C:\Users\Kimberly\Desktop\TDSSKiller.exe","","") success-->delete file("C:\Sysclean\sysclean\TSC_Temp\tsc.exe","","") success-->copy file("C:\Sysclean\sysclean\tsc.bin","C:\Sysclean\sysclean\TSC_Temp\tsc.exe","") success-->delete file("C:\Sysclean\sysclean\TSC_Temp\tsc.ini","","") success-->copy file("C:\Sysclean\sysclean\tsc.ini","C:\Sysclean\sysclean\TSC_Temp\tsc.ini","") success-->delete file("C:\Sysclean\sysclean\TSC_Temp\tsc.ptn","","") success-->copy file("C:\Sysclean\sysclean\tsc.ptn","C:\Sysclean\sysclean\TSC_Temp\tsc.ptn","") success-->modify file("C:\Sysclean\sysclean\TSC_Temp\DEADLINKS.INI","","") successGenericClean::Pattern:TSC_GENCLEAN,Virus Name:Cryp_Xed-16,Virus File Path:C:\Users\Kimberly\Desktop\TDSSKiller.exe GenericClean::Pattern:WORM_DOWNAD,Virus Name:Cryp_Xed-16,Virus File Path:C:\Users\Kimberly\Desktop\TDSSKiller.exe GenericClean::Pattern:PE_PATCHEP.A,Virus Name:Cryp_Xed-16,Virus File Path:C:\Users\Kimberly\Desktop\TDSSKiller.exe GenericClean::Pattern:BKDR_TIDIES,Virus Name:Cryp_Xed-16,Virus File Path:C:\Users\Kimberly\Desktop\TDSSKiller.exe Complete time : Wed Sep 01 2010 23:48:47Execute pattern count(4), Virus found count(1), Virus clean count(1), Clean failed count(0)Damage Cleanup Engine (DCE) 6.2(Build 1016) (RCM: Driver not ready!)Windows 7(Build 7600: )Start time : Wed Sep 01 2010 23:48:48Load Damage Cleanup Template (DCT) "C:\Sysclean\sysclean\TMRDCT.ptn" (version ) [fail]Load Damage Cleanup Template (DCT) "C:\Sysclean\sysclean\tsc.ptn" (version 1092) [success]GenericClean::Pattern:TSC_GENCLEAN,Virus Name:Cryp_Xed-16,Virus File Path:C:\Users\Kimberly\Desktop\tdsskiller.zip GenericClean::Pattern:WORM_DOWNAD,Virus Name:Cryp_Xed-16,Virus File Path:C:\Users\Kimberly\Desktop\tdsskiller.zip GenericClean::Pattern:PE_PATCHEP.A,Virus Name:Cryp_Xed-16,Virus File Path:C:\Users\Kimberly\Desktop\tdsskiller.zip GenericClean::Pattern:BKDR_TIDIES,Virus Name:Cryp_Xed-16,Virus File Path:C:\Users\Kimberly\Desktop\tdsskiller.zip Complete time : Wed Sep 01 2010 23:48:48Execute pattern count(4), Virus found count(0), Virus clean count(0), Clean failed count(0) Link to post Share on other sites More sharing options...
Kimberly13 Posted September 2, 2010 Author ID:308183 Share Posted September 2, 2010 There are two more logs that I can tell (one long, one short) and I'm not sure which ones you need so I'm posting the others so you have as much information as you need to figure out the next step for your next post /--------------------------------------------------------------\| Trend Micro System Cleaner || Copyright 2009-2010, Trend Micro, Inc. || http://www.trendmicro.com |\--------------------------------------------------------------/2010-09-01, 23:35:56, Auto-clean mode specified.2010-09-01, 23:35:59, Failed to initialize Rootkit Driver.2010-09-01, 23:35:59, Running scanner "C:\Sysclean\sysclean\TSC.BIN"...2010-09-01, 23:36:21, Scanner "C:\Sysclean\sysclean\TSC.BIN" has finished running.2010-09-01, 23:36:21, TSC Log: Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 2, 2010 ID:308235 Share Posted September 2, 2010 (edited) You noted When I rebooted my computer from safe mode my desktop background picture is no longer there and my homepage isn't set anymore. Thats all I've noticed for now, is that suppose to happen? There are alot of files in the folder I created now so I'm not positive what all you'll need me to post for you to see so just let me know if there's something else I need to copy and paste on here for you.The 2nd log was the one I needed. The Sysclean.log.For whatever reason, the Sysclean utility took out the desktop background setting & the home page.You should use one of the standard Windows desktop background if desired.Reset your browser home page to the one you want.For another unknown reason, Sysclean did not care for the tool TDSSKILLER. That was a false positive.Other than that, it didn't find malwares on this system.Tell me, How is your system now? Are you getting popups at random? Edited September 2, 2010 by Maurice Naggar Link to post Share on other sites More sharing options...
Kimberly13 Posted September 2, 2010 Author ID:308270 Share Posted September 2, 2010 I'm on my computer at work right now but I haven't been using my personal laptop for anything other than what you've asked so I haven't been on it too much to notice. Is it okay for me to use normally for a day or two and see if anything unusual happens? Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 2, 2010 ID:308385 Share Posted September 2, 2010 Q: Is it okay for me to use normally for a day or two and see if anything unusual happens? A: Yes.I also want to re-encourage you to get (purchase) license for MBAM so that this system will have the added real-time protection.The real-time protection is only available by license purchase. and as I mentioned, it is a one-time purchase good for life. Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 12, 2010 ID:312734 Share Posted September 12, 2010 Kindly get me a status update. It's been 10 days since your last reply.This topic will be closed unless I hear from you in the next day or two. Link to post Share on other sites More sharing options...
Kimberly13 Posted September 13, 2010 Author ID:313179 Share Posted September 13, 2010 No Security Suite yet, I am still having issues with redirects from Google though. I ran a scan on MBAM a few days ago and it showed Security Suite still. Here is the log:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4563Windows 6.1.7600Internet Explorer 8.0.7600.163859/7/2010 2:35:24 PMmbam-log-2010-09-07 (14-35-24).txtScan type: Full scan (C:\|D:\|)Objects scanned: 247915Time elapsed: 39 minute(s), 49 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 1Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 13, 2010 ID:313199 Share Posted September 13, 2010 I'd like for you to do a Full scan with MBAM after getting it current (once more). The scan investment is worth it.First, close and save any open documents/files you have opened.The scan may take a few hours (depending on how many files and sizes on your HDD), so have plenty of patience.Start your MBAM MalwareBytes' Anti-Malware. Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.Then click the Scanner sub-tab. Make sure all option lines have a checkmark.Next, Click the Update tab. Press the "Check for Updates" button. When done, click the Scanner tab.Do a FULL Scan. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Next: Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Reply with copy of the new (latest) MBAM scan logand Log.txtand Info.txt Link to post Share on other sites More sharing options...
Kimberly13 Posted September 16, 2010 Author ID:314247 Share Posted September 16, 2010 What should I do?? Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 16, 2010 ID:314354 Share Posted September 16, 2010 Did you see my last reply? The new MBAM run and getting RSIT reports. Link to post Share on other sites More sharing options...
Kimberly13 Posted September 17, 2010 Author ID:314940 Share Posted September 17, 2010 Sorry, I didn't realize we had gone to a 4th page and didn't see your response. I purchased MBAM just now, and removed Avira since you said not to have two antivirus programs on my computer at the same time. But now my computer is telling me that it cannot detect antivrus software on my computer. Should I be concerned? Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 18, 2010 ID:315154 Share Posted September 18, 2010 You ought not to have removed Avira. You need to re-install it.MBAM is not an antivirus (which your system must have). MBAM is an anti-malware application.After you have put back Avira: see my previous reply? Get the new MBAM run and get RSIT reports. and please provide a summary of how your system is now P.S. You always have to go to the last page of your topic to see last replies. You may use the double right-arrow icon >> at top of pageI hope you don't get lost. Link to post Share on other sites More sharing options...
Kimberly13 Posted September 19, 2010 Author ID:315430 Share Posted September 19, 2010 I'm all caught up now. Sorry about the confusion. I have downloaded Avira again and its all set back up! I will attach the reports your requested:MBAM:Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4649Windows 6.1.7600Internet Explorer 8.0.7600.163859/18/2010 8:55:14 PMmbam-log-2010-09-18 (20-55-14).txtScan type: Full scan (C:\|D:\|)Objects scanned: 254460Time elapsed: 32 minute(s), 21 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Log.txt:Logfile of random's system information tool 1.08 (written by random/random)Run by Kimberly at 2010-09-18 20:57:07Microsoft Windows 7 Home Premium System drive C: has 70 GB (68%) free of 102 GBTotal RAM: 3957 MB (58% free)Logfile of Trend Micro HijackThis v2.0.4Scan saved at 8:57:19 PM, on 9/18/2010Platform: Windows 7 (WinNT 6.00.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16385)Boot mode: NormalRunning processes:C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exeC:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exeC:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXEC:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exeC:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exeC:\Program Files (x86)\HP\Digital Imaging\smart web printing\hpswp_clipbook.exeC:\Users\Kimberly\Desktop\RSIT.exeC:\Program Files (x86)\trend micro\Kimberly.exeC:\windows\SysWOW64\DllHost.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://jaguar1.usouthal.edu/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dllO2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLLO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllO2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllO4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"O4 - HKLM\..\Run: [updatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"O4 - HKLM\..\Run: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttrayO4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O4 - .DEFAULT User Startup: Best Buy Software Installer.lnk = C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (User 'Default user')O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXEO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.htmlO8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exeO23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exeO23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXEO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exeO23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)--End of file - 13063 bytes======Scheduled tasks folder======C:\windows\tasks\GoogleUpdateTaskMachineCore.jobC:\windows\tasks\GoogleUpdateTaskMachineUA.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]Windows Live Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-09 278192][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-07-09 814648][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-08-29 41760][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-09 278192][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"UpdateLBPShortCut"=C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]"CLMLServer"=C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-06-03 103720]"UpdateP2GoShortCut"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]"UpdatePDRShortCut"=C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-01-03 222504]"RemoteControl8"=C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [2009-04-15 91432]"PDVD8LanguageShortcut"=C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [2009-04-15 50472]"UpdatePPShortCut"=C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]"UpdatePSTShortCut"=C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2009-07-20 210216]"UCam_Menu"=C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]"HP Software Update"=C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2009-11-18 54576]"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-19 35760]"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-08-10 421888]"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2010-09-01 421160]"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2010-09-18 282792][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-13 1475072]"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-05-17 39408]C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartupHP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeC:\Users\Kimberly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartupOneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"SecurityProviders"=credssp.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"ConsentPromptBehaviorAdmin"=5"ConsentPromptBehaviorUser"=3"EnableUIADesktopToggle"=0"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoActiveDesktop"=1"ForceActiveDesktopOn"=0[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list][HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]======File associations======.js - edit - C:\Windows\System32\Notepad.exe %1.js - open - C:\Windows\System32\WScript.exe "%1" %*======List of files/folders created in the last 3 months======2010-09-18 20:57:09 ----D---- C:\Program Files (x86)\trend micro2010-09-18 20:57:07 ----D---- C:\rsit2010-09-18 19:19:59 ----D---- C:\Users\Kimberly\AppData\Roaming\Avira2010-09-18 19:17:15 ----A---- C:\windows\SysWOW64\drivers\avgntmgr.sys2010-09-18 19:17:15 ----A---- C:\windows\SysWOW64\drivers\avgntdd.sys2010-09-18 19:17:14 ----D---- C:\ProgramData\Avira2010-09-15 21:52:06 ----A---- C:\windows\SysWOW64\iertutil.dll2010-09-07 08:20:26 ----D---- C:\Program Files (x86)\iTunes2010-09-07 08:19:12 ----D---- C:\Program Files (x86)\QuickTime2010-09-03 22:58:45 ----D---- C:\Program Files (x86)\Common Files\Adobe2010-09-03 22:58:45 ----D---- C:\Program Files (x86)\Adobe2010-09-01 23:00:38 ----D---- C:\Sysclean2010-08-31 21:06:59 ----A---- C:\windows\SysWOW64\MSSTDFMT.DLL2010-08-31 21:06:58 ----D---- C:\Program Files (x86)\SpywareBlaster2010-08-31 15:08:28 ----D---- C:\Program Files (x86)\Avira2010-08-29 17:11:01 ----A---- C:\windows\SysWOW64\PerfStringBackup.INI2010-08-29 15:30:44 ----D---- C:\Program Files (x86)\Common Files\Java2010-08-29 15:30:30 ----A---- C:\windows\SysWOW64\deployJava1.dll2010-08-29 15:20:56 ----D---- C:\windows\Sun2010-08-25 14:29:51 ----D---- C:\windows\ERDNT2010-08-25 14:28:57 ----D---- C:\Program Files (x86)\ERUNT2010-08-25 08:41:37 ----A---- C:\windows\SysWOW64\oleaut32.dll2010-08-12 11:41:51 ----A---- C:\windows\SysWOW64\schannel.dll2010-08-12 11:41:30 ----A---- C:\windows\SysWOW64\ntkrnlpa.exe2010-08-12 11:41:28 ----A---- C:\windows\SysWOW64\ntoskrnl.exe2010-08-12 11:41:23 ----A---- C:\windows\SysWOW64\mshtml.dll2010-08-12 11:41:22 ----A---- C:\windows\SysWOW64\ieframe.dll2010-08-12 11:41:21 ----A---- C:\windows\SysWOW64\wininet.dll2010-08-12 11:41:21 ----A---- C:\windows\SysWOW64\urlmon.dll2010-08-12 11:41:20 ----A---- C:\windows\SysWOW64\mstime.dll2010-08-12 11:41:20 ----A---- C:\windows\SysWOW64\msfeedsbs.dll2010-08-12 11:41:20 ----A---- C:\windows\SysWOW64\ieui.dll2010-08-12 11:41:20 ----A---- C:\windows\SysWOW64\iepeers.dll2010-08-12 11:41:20 ----A---- C:\windows\SysWOW64\iedkcs32.dll2010-08-12 11:41:19 ----A---- C:\windows\SysWOW64\msfeedssync.exe2010-08-12 11:41:19 ----A---- C:\windows\SysWOW64\jsproxy.dll2010-08-12 11:41:08 ----A---- C:\windows\SysWOW64\rtutils.dll2010-08-12 11:41:07 ----A---- C:\windows\SysWOW64\iccvid.dll2010-08-12 11:41:04 ----A---- C:\windows\SysWOW64\msxml3.dll2010-08-12 00:49:55 ----D---- C:\Users\Kimberly\AppData\Roaming\Malwarebytes2010-08-12 00:49:27 ----A---- C:\windows\SysWOW64\drivers\mbamswissarmy.sys2010-08-12 00:49:26 ----D---- C:\ProgramData\Malwarebytes2010-08-12 00:49:26 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware2010-08-11 22:31:12 ----A---- C:\windows\ntbtlog.txt2010-08-02 15:10:22 ----A---- C:\windows\SysWOW64\shell32.dll2010-07-31 21:19:26 ----D---- C:\Program Files (x86)\SBC Yahoo!2010-07-24 23:38:13 ----D---- C:\Users\Kimberly\AppData\Roaming\Apple Computer2010-07-24 23:37:59 ----A---- C:\windows\SysWOW64\GEARAspi.dll2010-07-24 23:37:28 ----D---- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}2010-07-24 23:36:21 ----D---- C:\ProgramData\Apple Computer2010-07-24 23:36:13 ----D---- C:\Program Files (x86)\Apple Software Update2010-07-24 23:35:55 ----D---- C:\Program Files (x86)\Bonjour2010-07-24 23:35:50 ----D---- C:\ProgramData\Apple2010-07-24 23:35:50 ----D---- C:\Program Files (x86)\Common Files\Apple2010-07-24 21:02:24 ----D---- C:\Users\Kimberly\AppData\Roaming\Mozilla2010-07-24 21:00:20 ----D---- C:\Program Files (x86)\Ask.com2010-07-24 20:50:29 ----D---- C:\ProgramData\Sun2010-07-24 20:50:21 ----A---- C:\windows\SysWOW64\javaws.exe2010-07-24 20:50:21 ----A---- C:\windows\SysWOW64\javaw.exe2010-07-24 20:50:21 ----A---- C:\windows\SysWOW64\java.exe2010-07-24 20:50:07 ----D---- C:\Program Files (x86)\Java2010-07-24 20:47:23 ----D---- C:\Program Files (x86)\LimeWire2010-07-22 10:35:09 ----D---- C:\ProgramData\Visan2010-07-22 09:09:24 ----D---- C:\Program Files (x86)\MSXML 4.02010-07-18 16:54:22 ----D---- C:\ProgramData\WEBREG2010-07-18 16:53:06 ----D---- C:\Users\Kimberly\AppData\Roaming\HP2010-07-18 16:50:19 ----D---- C:\Users\Kimberly\AppData\Roaming\Yahoo!2010-07-18 16:50:18 ----D---- C:\Program Files (x86)\Yahoo!2010-07-18 16:50:09 ----D---- C:\Program Files (x86)\Coupons2010-07-18 16:49:51 ----D---- C:\ProgramData\HP Photo Creations2010-07-18 16:49:51 ----D---- C:\Program Files (x86)\HP Photo Creations2010-07-18 16:49:44 ----D---- C:\Users\Kimberly\AppData\Roaming\HpUpdate2010-07-18 16:48:45 ----D---- C:\ProgramData\HP Product Assistant2010-07-18 16:47:23 ----D---- C:\Program Files (x86)\Common Files\HP2010-07-18 16:47:15 ----D---- C:\Program Files (x86)\Common Files\Hewlett-Packard2010-07-18 16:44:51 ----D---- C:\Program Files (x86)\HP2010-07-18 16:40:23 ----D---- C:\ProgramData\HP2010-07-07 18:46:08 ----D---- C:\windows\SysWOW64\Wat2010-07-07 13:39:34 ----A---- C:\windows\SysWOW64\PresentationHostProxy.dll2010-07-07 13:39:34 ----A---- C:\windows\SysWOW64\PresentationHost.exe2010-07-07 13:39:34 ----A---- C:\windows\SysWOW64\netfxperf.dll2010-07-07 13:39:34 ----A---- C:\windows\SysWOW64\mscoree.dll2010-07-07 13:39:34 ----A---- C:\windows\SysWOW64\dfshim.dll2010-07-06 23:04:14 ----A---- C:\windows\SysWOW64\tzres.dll2010-07-06 23:02:53 ----A---- C:\windows\SysWOW64\asycfilt.dll2010-07-06 23:02:26 ----A---- C:\windows\SysWOW64\ntdll.dll2010-07-06 23:01:56 ----A---- C:\windows\SysWOW64\vbscript.dll2010-07-06 23:01:28 ----A---- C:\windows\SysWOW64\inetcomm.dll2010-07-06 23:00:31 ----A---- C:\windows\SysWOW64\wow32.dll2010-07-06 23:00:31 ----A---- C:\windows\SysWOW64\user.exe2010-07-06 23:00:31 ----A---- C:\windows\SysWOW64\setup16.exe2010-07-06 23:00:31 ----A---- C:\windows\SysWOW64\ntvdm64.dll2010-07-06 23:00:31 ----A---- C:\windows\SysWOW64\instnm.exe2010-07-06 22:57:03 ----A---- C:\windows\SysWOW64\CPFilters.dll2010-07-06 22:57:02 ----A---- C:\windows\SysWOW64\psisdecd.dll2010-07-06 22:55:45 ----A---- C:\windows\SysWOW64\jscript.dll2010-07-06 22:55:17 ----A---- C:\windows\SysWOW64\sspicli.dll2010-07-06 22:55:17 ----A---- C:\windows\SysWOW64\secur32.dll2010-07-06 22:53:53 ----A---- C:\windows\SysWOW64\atmlib.dll2010-07-06 22:53:53 ----A---- C:\windows\SysWOW64\atmfd.dll2010-07-05 19:36:50 ----D---- C:\Program Files (x86)\Common Files\DESIGNER2010-07-05 19:36:38 ----D---- C:\Program Files (x86)\Microsoft.NET2010-07-05 19:34:51 ----D---- C:\Program Files (x86)\Microsoft Analysis Services2010-07-05 19:34:21 ----D---- C:\ProgramData\Microsoft Help2010-07-05 19:34:08 ----RHD---- C:\MSOCache2010-07-05 19:02:03 ----D---- C:\Users\Kimberly\AppData\Roaming\Macromedia2010-07-05 18:53:15 ----D---- C:\Users\Kimberly\AppData\Roaming\Adobe2010-07-05 18:53:00 ----D---- C:\Users\Kimberly\AppData\Roaming\Google2010-07-05 18:41:58 ----D---- C:\Users\Kimberly\AppData\Roaming\InstallShield2010-07-05 18:35:46 ----D---- C:\Users\Kimberly\AppData\Roaming\Identities2010-07-05 18:35:39 ----A---- C:\windows\SysWOW64\wintrust.dll2010-07-05 18:35:38 ----A---- C:\windows\SysWOW64\cabview.dll2010-07-05 18:32:56 ----SD---- C:\Users\Kimberly\AppData\Roaming\Microsoft2010-07-05 18:32:56 ----D---- C:\Users\Kimberly\AppData\Roaming\Media Center Programs2010-07-05 18:32:38 ----SHD---- C:\Recovery======List of files/folders modified in the last 3 months======2010-09-18 20:57:09 ----RD---- C:\Program Files (x86)2010-09-18 20:07:14 ----D---- C:\windows\Temp2010-09-18 20:02:29 ----SHD---- C:\System Volume Information2010-09-18 19:51:41 ----D---- C:\windows\Prefetch2010-09-18 19:17:15 ----D---- C:\windows\SysWOW64\drivers2010-09-18 19:17:14 ----HD---- C:\ProgramData2010-09-16 10:02:55 ----D---- C:\windows\winsxs2010-09-16 10:01:39 ----D---- C:\windows\SysWOW642010-09-16 10:01:39 ----D---- C:\windows\System322010-09-15 21:54:52 ----SHD---- C:\windows\Installer2010-09-08 12:33:57 ----D---- C:\Windows2010-09-08 08:33:30 ----D---- C:\Program Files (x86)\Microsoft Silverlight2010-09-07 08:20:26 ----RD---- C:\Program Files2010-09-07 08:18:43 ----D---- C:\windows\inf2010-09-05 20:56:53 ----D---- C:\windows\Downloaded Program Files2010-09-03 23:06:16 ----D---- C:\ProgramData\Adobe2010-09-03 22:58:45 ----D---- C:\Program Files (x86)\Common Files2010-08-31 22:10:50 ----RSD---- C:\windows\assembly2010-08-31 22:10:50 ----D---- C:\windows\Microsoft.NET2010-08-31 20:47:50 ----D---- C:\windows\SysWOW64\en-US2010-08-31 20:46:19 ----D---- C:\windows\debug2010-08-29 15:06:00 ----D---- C:\windows\Tasks2010-08-26 16:00:22 ----D---- C:\windows\AppPatch2010-08-22 21:53:57 ----D---- C:\windows\SysWOW64\migration2010-08-22 21:53:57 ----D---- C:\Program Files (x86)\Internet Explorer2010-08-22 21:45:39 ----SD---- C:\ProgramData\Microsoft2010-08-11 23:29:53 ----SHD---- C:\$Recycle.Bin2010-08-11 23:29:46 ----RD---- C:\Users2010-07-31 19:49:02 ----D---- C:\ProgramData\Partner2010-07-20 14:13:44 ----D---- C:\windows\LiveKernelReports2010-07-18 16:53:04 ----A---- C:\windows\win.ini2010-07-18 16:52:18 ----D---- C:\windows\twain_322010-07-18 16:49:00 ----RSD---- C:\windows\Fonts2010-07-07 14:15:29 ----D---- C:\windows\rescache2010-07-07 14:14:30 ----D---- C:\windows\Logs2010-07-07 13:44:40 ----D---- C:\Program Files (x86)\Windows Mail2010-07-07 13:44:36 ----D---- C:\windows\ehome2010-07-05 23:29:47 ----D---- C:\ProgramData\CyberLink2010-07-05 19:59:12 ----D---- C:\Program Files (x86)\Google2010-07-05 19:40:11 ----D---- C:\Program Files (x86)\Microsoft Office2010-07-05 19:37:22 ----D---- C:\windows\ShellNew2010-07-05 19:37:21 ----D---- C:\Program Files (x86)\Common Files\microsoft shared2010-07-05 19:34:55 ----D---- C:\Program Files (x86)\Common Files\System2010-07-05 18:43:34 ----HD---- C:\Program Files (x86)\InstallShield Installation Information2010-07-05 18:35:14 ----D---- C:\windows\MSetup2010-07-05 18:33:56 ----D---- C:\Program Files (x86)\CyberLink2010-07-05 18:33:39 ----D---- C:\ProgramData\Temp2010-07-05 18:32:37 ----D---- C:\windows\SoftwareDistribution======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys []R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys []R1 avipbb;avipbb; C:\windows\system32\DRIVERS\avipbb.sys []R1 SABI;SAMSUNG Kernel Driver For Windows 7; \??\C:\windows\system32\Drivers\SABI.sys []R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys []R2 avgntflt;avgntflt; C:\windows\system32\DRIVERS\avgntflt.sys []R2 TurboB;Turbo Boost UI Monitor driver; C:\windows\system32\DRIVERS\TurboB.sys []R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys []R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\windows\system32\DRIVERS\GEARAspiWDM.sys []R3 Impcd;Impcd; C:\windows\system32\DRIVERS\Impcd.sys []R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys []R3 MBAMProtector;MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys []R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\windows\system32\drivers\nvhda64v.sys []R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys []S3 fssfltr;FssFltr; C:\windows\system32\DRIVERS\fssfltr.sys []S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys []S3 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys []S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys []S3 rtport;rtport; \??\C:\windows\SysWOW64\drivers\rtport.sys [2010-06-09 15144]S3 StillCam;Still Serial Digital Camera Driver; C:\windows\system32\DRIVERS\serscan.sys []S3 USBAAPL64;Apple Mobile USB Driver; C:\windows\System32\Drivers\usbaapl64.sys []S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys []======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 AntiVirMailService;Avira AntiVir MailGuard; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [2010-09-18 337064]R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-09-18 135336]R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-09-18 267432]R2 AntiVirWebService;Avira AntiVir WebGuard; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-09-18 405672]R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672]R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-05-18 345376]R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\windows\system32\svchost.exe [2009-07-13 20992]R2 HPSLPSVC;HP Network Devices Support; C:\windows\system32\svchost.exe [2009-07-13 20992]R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2009-07-13 20992]R2 nvsvc;NVIDIA Display Driver Service; C:\windows\system32\nvvsvc.exe []R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2009-07-13 20992]R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-07-07 247152]R3 hpqcxs08;hpqcxs08; C:\windows\system32\svchost.exe [2009-07-13 20992]R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-09-01 932640]R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-05 135664]S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-05-17 182768]S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]S3 TurboBoost;TurboBoost; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe []-----------------EOF-----------------Info.txt:info.txt logfile of random's system information tool 1.08 2010-09-18 20:57:21======Uninstall list======-->C:\ProgramData\{249B9E04-F0FC-434D-B0D8-12D3EDFF3B77}\Best Buy Software Installer Setup.exe-->C:\windows\SysWOW64\Macromed\Flash\uninstall_plugin.exeAdobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstallAdobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}Adobe Flash Player 10 ActiveX-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activexAdobe Flash Player 10 Plugin-->MsiExec.exe /X{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}Adobe Reader 9.3.4-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}Apple Application Support-->MsiExec.exe /I{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}Atheros Client Installation Program-->"C:\Program Files (x86)\InstallShield Installation Information\{D1434266-0486-4469-B338-A60082CC04E1}\setup.exe" -runfromtemp -l0x0009 -removeonlyAvira AntiVir Premium-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVEBatteryLifeExtender-->MsiExec.exe /I{08B67A13-8501-48CB-B747-9D413BDC4594}Best Buy Software Installer-->"C:\ProgramData\{249B9E04-F0FC-434D-B0D8-12D3EDFF3B77}\Best Buy Software Installer Setup.exe" REMOVE=TRUE MODIFY=FALSEChargeableUSB-->"C:\Program Files (x86)\InstallShield Installation Information\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}\setup.exe" -runfromtemp -l0x0009Remove -removeonlyCoupon Printer for Windows-->"C:\Program Files (x86)\Coupons\uninstall.exe" "/U:C:\Program Files (x86)\Coupons\Uninstall\uninstall.xml"CyberLink DVD Suite-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstallCyberLink DVD Suite-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstallCyberLink LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstallCyberLink LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstallCyberLink Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstallCyberLink Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstallCyberLink PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstallCyberLink PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstallCyberLink PowerDVD 8-->"C:\Program Files (x86)\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\Setup.exe" /z-uninstallCyberLink PowerDVD 8-->"C:\Program Files (x86)\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\Setup.exe" /z-uninstallCyberLink PowerProducer-->"C:\Program Files (x86)\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" /z-uninstallCyberLink PowerProducer-->"C:\Program Files (x86)\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" /z-uninstallCyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstallCyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstallDefinition update for Microsoft Office 2010 (KB982726)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{8A1600D2-B038-4F73-851E-946B0155810E}" "1033" "0"Easy Content Share-->MsiExec.exe /I{2DDC70C1-C77A-4D08-89D2-9AB648504533}Easy Display Manager-->"C:\Program Files (x86)\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe" -runfromtemp -l0x0009 -removeonlyEasy Network Manager-->MsiExec.exe /I{F771F1D4-EDD4-4D68-82DC-811583C099CD}Easy SpeedUp Manager-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EF367AA4-070B-493C-9575-85BE59D789C9}\setup.exe" -l0x9 RemoveEasyBatteryManager-->"C:\Program Files (x86)\InstallShield Installation Information\{4A331D24-A9E8-484F-835E-1BA7B139689C}\setup.exe" -runfromtemp -l0x0009 -removeonlyEasyFileShare-->MsiExec.exe /I{C4582EED-A3FB-4358-8F3F-8C994460DF28}ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_223E2B8E7BAD9544.exe" /uninstallGoogle Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}HP Photo Creations-->C:\Program Files (x86)\HP Photo Creations\uninst.exeHP Update-->MsiExec.exe /X{74DC0593-6BC6-4001-AD5F-D810AFB68D86}Intel® Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\Uninstall\setup.exe -uninstallIntel® Turbo Boost Technology Driver-->C:\Program Files (x86)\Intel\Intel® Turbo Boost Technology Driver\Uninstall\setup.exe -uninstall -iipsJava 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"Marvell Miniport Driver-->C:\Program Files (x86)\Marvell\Miniport Driver\Uninst.exeMicrosoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-0000-0000000FF1CE}Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-0000-0000000FF1CE}Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-0000-0000000FF1CE}Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-0000-0000000FF1CE}Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-0000-0000000FF1CE}Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-0000-0000000FF1CE}Microsoft Office Professional 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall SINGLEIMAGE /dll OSETUP.DLLMicrosoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE}Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE}Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-0000-0000000FF1CE}Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE}Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE}Microsoft Office Single Image 2010-->MsiExec.exe /X{90140000-003D-0000-0000-0000000FF1CE}Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-0000-0000000FF1CE}Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}MultimediaPOP-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{B922DA9D-747A-4681-A730-D14326C6738F}\setup.exe" -l0x9 RemoveQuickTime-->MsiExec.exe /I{EB900AF8-CC61-4E15-871B-98D1EA3E8025}Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -removeonlySamsung Recovery Solution 4-->"C:\Program Files (x86)\InstallShield Installation Information\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}\setup.exe" -runfromtemp -l0x0009 -removeonlySamsung Support Center-->MsiExec.exe /I{F687E657-F636-44DF-8125-9FEEA2C362F5}Samsung Update Plus-->"C:\Program Files (x86)\InstallShield Installation Information\{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}\setup.exe" -runfromtemp -l0x0009 -removeonlySpywareBlaster 4.4-->"C:\Program Files (x86)\SpywareBlaster\unins000.exe"Update for Microsoft Office 2010 (KB2202188)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{86B7A074-265D-420C-9E1E-7A920EF0ECA7}" "1033" "0"Update for Microsoft OneNote 2010 (KB2288640)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{521AB5E8-5FFF-45C8-B750-6967F8C0A2B9}" "1033" "0"Update for Microsoft Outlook Social Connector (KB2289116)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{E966C940-CC8C-4EC0-8D84-ED27AC20D53C}" "1033" "0"Update for Microsoft Outlook Social Connector (KB2289116)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{75F91382-920C-4AE1-B9E6-FFFCEDA797E8}" "1033" "0"User Guide-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}\setup.exe" -l0x9 RemoveWindows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exeWindows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}Windows Live Movie Maker-->MsiExec.exe /X{3D5044A5-97B8-45C0-B956-BB2376569188}Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}======Hosts File======127.0.0.1 localhost127.0.0.1 fr.a2dfp.net127.0.0.1 m.fr.a2dfp.net127.0.0.1 ad.a8.net127.0.0.1 asy.a8ww.net127.0.0.1 abcstats.com127.0.0.1 a.abv.bg127.0.0.1 adserver.abv.bg127.0.0.1 adv.abv.bg127.0.0.1 bimg.abv.bg======System event log======Computer Name: Kimberly-PCEvent Code: 16393Message: BITS has encountered an error communicating with an Internet Gateway Device. Please check that the device is functioning properly. BITS will not attempt to use this device until the next system reboot. Error code: 0x80040501.Record Number: 2777Source Name: Microsoft-Windows-Bits-ClientTime Written: 20100705235732.592494-000Event Type: WarningUser: NT AUTHORITY\SYSTEMComputer Name: Kimberly-PCEvent Code: 16393Message: BITS has encountered an error communicating with an Internet Gateway Device. Please check that the device is functioning properly. BITS will not attempt to use this device until the next system reboot. Error code: 0x80040501.Record Number: 2776Source Name: Microsoft-Windows-Bits-ClientTime Written: 20100705235659.016035-000Event Type: WarningUser: NT AUTHORITY\SYSTEMComputer Name: Kimberly-PCEvent Code: 16393Message: BITS has encountered an error communicating with an Internet Gateway Device. Please check that the device is functioning properly. BITS will not attempt to use this device until the next system reboot. Error code: 0x80040501.Record Number: 2774Source Name: Microsoft-Windows-Bits-ClientTime Written: 20100705235524.233867-000Event Type: WarningUser: NT AUTHORITY\SYSTEMComputer Name: Kimberly-PCEvent Code: 4001Message: WLAN AutoConfig service has successfully stopped.Record Number: 2643Source Name: Microsoft-Windows-WLAN-AutoConfigTime Written: 20100705233918.212572-000Event Type: WarningUser: NT AUTHORITY\SYSTEMComputer Name: Kimberly-PCEvent Code: 4001Message: WLAN AutoConfig service has successfully stopped.Record Number: 2396Source Name: Microsoft-Windows-WLAN-AutoConfigTime Written: 20100609095816.829858-000Event Type: WarningUser: NT AUTHORITY\SYSTEM=====Application event log=====Computer Name: Kimberly-PCEvent Code: 1533Message: Windows cannot delete the profile directory C:\Users\Administrator. This error may be caused by files in this directory being used by another program. DETAIL - The directory is not empty.Record Number: 812Source Name: Microsoft-Windows-User Profiles ServiceTime Written: 20100705233239.473804-000Event Type: ErrorUser: NT AUTHORITY\SYSTEMComputer Name: Kimberly-PCEvent Code: 11Message: Possible Memory Leak. Application (C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 288) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20). User Action: Contact your application vendor for an updated version of the application.Record Number: 811Source Name: Microsoft-Windows-RPC-EventsTime Written: 20100705233236.868599-000Event Type: WarningUser: NT AUTHORITY\LOCAL SERVICEComputer Name: Kimberly-PCEvent Code: 1008Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}. Record Number: 794Source Name: Microsoft-Windows-SearchTime Written: 20100705223014.000000-000Event Type: WarningUser: Computer Name: WIN-K508ND8ETEKEvent Code: 35Message: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis.Record Number: 782Source Name: SideBySideTime Written: 20100609095811.000000-000Event Type: ErrorUser: Computer Name: WIN-K508ND8ETEKEvent Code: 35Message: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis.Record Number: 781Source Name: SideBySideTime Written: 20100609095811.000000-000Event Type: ErrorUser: =====Security event log=====Computer Name: WIN-K508ND8ETEKEvent Code: 4738Message: A user account was changed.Subject: Security ID: S-1-5-21-114453956-2636402065-546677835-500 Account Name: Administrator Account Domain: WIN-K508ND8ETEK Logon ID: 0x30c7fTarget Account: Security ID: S-1-5-21-114453956-2636402065-546677835-500 Account Name: Administrator Account Domain: WIN-K508ND8ETEKChanged Attributes: SAM Account Name: - Display Name: - User Principal Name: - Home Directory: - Home Drive: - Script Path: - Profile Path: - User Workstations: - Password Last Set: - Account Expires: - Primary Group ID: - AllowedToDelegateTo: - Old UAC Value: 0x210 New UAC Value: 0x211 User Account Control: Account Disabled User Parameters: - SID History: - Logon Hours: -Additional Information: Privileges: -Record Number: 636Source Name: Microsoft-Windows-Security-AuditingTime Written: 20100609095811.751992-000Event Type: Audit SuccessUser: Computer Name: WIN-K508ND8ETEKEvent Code: 4725Message: A user account was disabled.Subject: Security ID: S-1-5-21-114453956-2636402065-546677835-500 Account Name: Administrator Account Domain: WIN-K508ND8ETEK Logon ID: 0x30c7fTarget Account: Security ID: S-1-5-21-114453956-2636402065-546677835-500 Account Name: Administrator Account Domain: WIN-K508ND8ETEKRecord Number: 635Source Name: Microsoft-Windows-Security-AuditingTime Written: 20100609095811.751992-000Event Type: Audit SuccessUser: Computer Name: WIN-K508ND8ETEKEvent Code: 4672Message: Special privileges assigned to new logon.Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilegeRecord Number: 634Source Name: Microsoft-Windows-Security-AuditingTime Written: 20100609095803.976547-000Event Type: Audit SuccessUser: Computer Name: WIN-K508ND8ETEKEvent Code: 4624Message: An account was successfully logged on.Subject: Security ID: S-1-5-18 Account Name: WIN-K508ND8ETEK$ Account Domain: WORKGROUP Logon ID: 0x3e7Logon Type: 5New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000}Process Information: Process ID: 0x220 Process Name: C:\Windows\System32\services.exeNetwork Information: Workstation Name: Source Network Address: - Source Port: -Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0This event is generated when a logon session is created. It is generated on the computer that was accessed.The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.Record Number: 633Source Name: Microsoft-Windows-Security-AuditingTime Written: 20100609095803.976547-000Event Type: Audit SuccessUser: Computer Name: WIN-K508ND8ETEKEvent Code: 1102Message: The audit log was cleared.Subject: Security ID: S-1-5-21-114453956-2636402065-546677835-500 Account Name: Administrator Domain Name: WIN-K508ND8ETEK Logon ID: 0x30c7fRecord Number: 632Source Name: Microsoft-Windows-EventlogTime Written: 20100609095804.827596-000Event Type: Audit SuccessUser: ======Environment variables======"ComSpec"=%SystemRoot%\system32\cmd.exe"FP_NO_HOST_CHECK"=NO"OS"=Windows_NT"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\QuickTime\QTSystem\"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC"PROCESSOR_ARCHITECTURE"=AMD64"TEMP"=%SystemRoot%\TEMP"TMP"=%SystemRoot%\TEMP"USERNAME"=SYSTEM"windir"=%SystemRoot%"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\"NUMBER_OF_PROCESSORS"=4"PROCESSOR_LEVEL"=6"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 37 Stepping 5, GenuineIntel"PROCESSOR_REVISION"=2505"asl.log"=Destination=file;OnFirstLog=command,environment,parent"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip-----------------EOF----------------- Link to post Share on other sites More sharing options...
Maurice Naggar Posted September 19, 2010 ID:315628 Share Posted September 19, 2010 Hello Kinberly,You are good to go after the following.If you have a problem with these steps, or something does not quite work here, do let me know.The following few steps will remove tools we used.CleanupsClick the Start button , click Control Panel, next select Programs, and then select Programs and Features. De-install ESET Online scanner if present in listDe-install Kasperky Online if present in listLook for it and click the line for it. Select Change/Remove to de-install it.OK & Exit out of Control PanelDownload OTC to your desktop and run itClick Yes to beginning the Cleanup process and remove these components, including this application.You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.Delete the SYSCLEAN downloads and the :C\SYSCLEAN folderDelete TDSSKILLER downloads & TDSSKILLER.exe if still presentTFC you may keep and use from time to time to delete temporary files.ERUNT you may keep, and use periodically to backup the system registry. You still should use a full backup program and or a system imaging program for backup.Advice on staying safer Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.Check in at Microsoft Update and install any High PriorityUpdates offered.Make certain that Microsoft Windows Automatic Updates is enabled.Check on other update issues as well, visit Secunia Online Software Inspector (OSI)See How to detect vulnerable and out-dated programs using Secunia Personal Software InspectorDownload, install, and keep updated Spyware Blaster (free): http://www.javacoolsoftware.com/spywareblaster.html (all Protections should be enabled at all times)I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm That would help to keep your browser away from known spyware/malware sites. Make regular backups of your system to removable media: DVD, USB external hard drive, etc.On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:Kaspersky Webscan Online Virus Scanner ESET Online ScannerPanda ActiveScan Trend Micro HousecallF-Secure Online Scanner Read Tony Klein's article How Did I Get Infected In The First PlaceMS Online Safety & Privacy Education Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !We are finished here. Best regards. Link to post Share on other sites More sharing options...
Staff screen317 Posted September 28, 2010 Staff ID:319628 Share Posted September 28, 2010 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts