dhrock Posted November 27, 2010 ID:351912 Share Posted November 27, 2010 Malwarebytes' Anti-Malware 1.46www.malwarebytes.orgDatabase version: 4376Windows 6.0.6002 Service Pack 2 (Safe Mode)Internet Explorer 8.0.6001.1892811/27/2010 2:40:46 PMmbam-log-2010-11-27 (14-40-46).txtScan type: Quick scanObjects scanned: 154106Time elapsed: 2 minute(s), 36 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)DDS (Ver_10-11-27.01) - NTFSx86 MINIMAL Run by standrews at 14:12:46.90 on Sat 11/27/2010Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_16MicrosoftAttach.zipark.zip Link to post Share on other sites More sharing options...
LDTate Posted November 28, 2010 ID:352027 Share Posted November 28, 2010 Please don't attach the scan results, use Copy/PasteDO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.Vista and Windows 7 users:1. These tools MUST be run from the executable. (.exe) every time you run them 2. With Admin Rights (Right click, choose "Run as Administrator")Stay with this topic until I give you the all clean post.You might want to print these instructions out.Please download ATF Cleaner by Atribune.Download - ATF Cleaner Link to post Share on other sites More sharing options...
dhrock Posted November 29, 2010 Author ID:352613 Share Posted November 29, 2010 Sorry for the slow response, I have some out of town guests staying at my house. My computer will blue screen if I start it in regular mode so I have to use safe mode. I cannot open any programs (like chrome or itunes) but when I do try and open them I get a windows security essential popup warning me I have a trojan horse (I have not clicked on any buttons on this program just ended it with task manager). That's all I can really think of but if you have more specific questions I will try my best to answer them (I'm not much of a computer person). Thanks2010/11/28 02:08:10.0504 TDSS rootkit removing tool 2.4.9.0 Nov 26 2010 15:38:312010/11/28 02:08:10.0504 ================================================================================2010/11/28 02:08:10.0504 SystemInfo:2010/11/28 02:08:10.0504 2010/11/28 02:08:10.0504 OS Version: 6.0.6002 ServicePack: 2.02010/11/28 02:08:10.0504 Product type: Workstation2010/11/28 02:08:10.0504 ComputerName: US-STU-CKERR2010/11/28 02:08:10.0504 UserName: standrews2010/11/28 02:08:10.0504 Windows directory: C:\Windows2010/11/28 02:08:10.0504 System windows directory: C:\Windows2010/11/28 02:08:10.0504 Processor architecture: Intel x862010/11/28 02:08:10.0504 Number of processors: 22010/11/28 02:08:10.0504 Page size: 0x10002010/11/28 02:08:10.0504 Boot type: Safe boot2010/11/28 02:08:10.0504 ================================================================================2010/11/28 02:08:10.0738 Initialize success2010/11/28 02:08:15.0090 ================================================================================2010/11/28 02:08:15.0090 Scan started2010/11/28 02:08:15.0090 Mode: Manual; 2010/11/28 02:08:15.0090 ================================================================================2010/11/28 02:08:15.0745 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys2010/11/28 02:08:15.0823 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys2010/11/28 02:08:15.0870 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys2010/11/28 02:08:15.0932 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys2010/11/28 02:08:15.0948 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys2010/11/28 02:08:16.0042 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys2010/11/28 02:08:16.0120 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys2010/11/28 02:08:16.0135 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys2010/11/28 02:08:16.0182 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys2010/11/28 02:08:16.0244 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys2010/11/28 02:08:16.0276 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys2010/11/28 02:08:16.0307 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys2010/11/28 02:08:16.0338 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys2010/11/28 02:08:16.0400 ApfiltrService (b83f9da84f7079451c1c6a4a2f140920) C:\Windows\system32\DRIVERS\Apfiltr.sys2010/11/28 02:08:16.0541 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys2010/11/28 02:08:16.0572 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys2010/11/28 02:08:16.0681 AsfAlrt (acee9813685f4a03ee5a160057dd61a8) C:\Windows\system32\Drivers\AsfAlrt.sys2010/11/28 02:08:16.0728 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys2010/11/28 02:08:16.0759 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys2010/11/28 02:08:16.0868 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\Windows\System32\Drivers\avgldx86.sys2010/11/28 02:08:16.0900 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\Windows\System32\Drivers\avgmfx86.sys2010/11/28 02:08:16.0931 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\Windows\System32\Drivers\avgtdix.sys2010/11/28 02:08:16.0993 BCM42RLY (50e7506911a528dc23d85f1eb56ced5d) C:\Windows\system32\drivers\BCM42RLY.sys2010/11/28 02:08:17.0071 BCM43XX (fa6707a346cd122407f3b0bad1c47639) C:\Windows\system32\DRIVERS\bcmwl6.sys2010/11/28 02:08:17.0165 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys2010/11/28 02:08:17.0227 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys2010/11/28 02:08:17.0258 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys2010/11/28 02:08:17.0336 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys2010/11/28 02:08:17.0368 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys2010/11/28 02:08:17.0414 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys2010/11/28 02:08:17.0446 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys2010/11/28 02:08:17.0508 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys2010/11/28 02:08:17.0539 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys2010/11/28 02:08:17.0570 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys2010/11/28 02:08:17.0914 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys2010/11/28 02:08:17.0976 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys2010/11/28 02:08:18.0038 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys2010/11/28 02:08:18.0101 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys2010/11/28 02:08:18.0257 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys2010/11/28 02:08:18.0319 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys2010/11/28 02:08:18.0366 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys2010/11/28 02:08:18.0397 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys2010/11/28 02:08:18.0491 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys2010/11/28 02:08:18.0538 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys2010/11/28 02:08:18.0584 cvusbdrv (a95d9b8d882adf93ef40d7dc9b9bb508) C:\Windows\system32\Drivers\cvusbdrv.sys2010/11/28 02:08:18.0662 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys2010/11/28 02:08:18.0694 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys2010/11/28 02:08:18.0787 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys2010/11/28 02:08:18.0850 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys2010/11/28 02:08:18.0912 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys2010/11/28 02:08:18.0959 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys2010/11/28 02:08:19.0021 e1yexpress (660d34b47e65f8542dd4a573a0c11a74) C:\Windows\system32\DRIVERS\e1y6032.sys2010/11/28 02:08:19.0084 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys2010/11/28 02:08:19.0162 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys2010/11/28 02:08:19.0208 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys2010/11/28 02:08:19.0286 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys2010/11/28 02:08:19.0318 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys2010/11/28 02:08:19.0427 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys2010/11/28 02:08:19.0505 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys2010/11/28 02:08:19.0520 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys2010/11/28 02:08:19.0583 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys2010/11/28 02:08:19.0598 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys2010/11/28 02:08:19.0676 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys2010/11/28 02:08:19.0692 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys2010/11/28 02:08:19.0754 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys2010/11/28 02:08:19.0848 HBtnKey (91056a89a67e0081a4924d31ad3bc83b) C:\Windows\system32\drivers\hbtnkey.sys2010/11/28 02:08:19.0895 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys2010/11/28 02:08:19.0942 HECI (2df64415a28ce036ac6acec7645a996f) C:\Windows\system32\drivers\heci.sys2010/11/28 02:08:19.0973 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys2010/11/28 02:08:19.0988 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys2010/11/28 02:08:20.0051 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys2010/11/28 02:08:20.0082 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys2010/11/28 02:08:20.0160 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys2010/11/28 02:08:20.0191 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys2010/11/28 02:08:20.0238 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys2010/11/28 02:08:20.0285 iaStor (baabb0301949774a66b955c65319635a) C:\Windows\system32\drivers\iastor.sys2010/11/28 02:08:20.0316 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys2010/11/28 02:08:20.0488 igfx (938753888eaddb29d4b3754139ec19e8) C:\Windows\system32\DRIVERS\igdkmd32.sys2010/11/28 02:08:20.0550 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys2010/11/28 02:08:20.0612 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys2010/11/28 02:08:20.0644 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys2010/11/28 02:08:20.0690 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys2010/11/28 02:08:20.0737 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys2010/11/28 02:08:20.0784 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys2010/11/28 02:08:20.0831 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys2010/11/28 02:08:20.0878 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys2010/11/28 02:08:20.0909 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys2010/11/28 02:08:20.0956 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys2010/11/28 02:08:20.0987 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys2010/11/28 02:08:21.0018 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys2010/11/28 02:08:21.0080 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys2010/11/28 02:08:21.0112 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys2010/11/28 02:08:21.0158 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys2010/11/28 02:08:21.0221 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys2010/11/28 02:08:21.0268 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys2010/11/28 02:08:21.0299 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys2010/11/28 02:08:21.0330 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys2010/11/28 02:08:21.0361 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys2010/11/28 02:08:21.0408 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys2010/11/28 02:08:21.0439 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys2010/11/28 02:08:21.0486 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys2010/11/28 02:08:21.0517 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys2010/11/28 02:08:21.0548 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys2010/11/28 02:08:21.0580 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys2010/11/28 02:08:21.0611 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys2010/11/28 02:08:21.0658 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys2010/11/28 02:08:21.0689 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys2010/11/28 02:08:21.0736 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys2010/11/28 02:08:21.0767 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys2010/11/28 02:08:21.0814 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys2010/11/28 02:08:21.0860 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys2010/11/28 02:08:21.0876 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys2010/11/28 02:08:21.0907 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys2010/11/28 02:08:21.0938 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys2010/11/28 02:08:21.0985 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys2010/11/28 02:08:22.0048 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys2010/11/28 02:08:22.0079 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys2010/11/28 02:08:22.0110 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys2010/11/28 02:08:22.0141 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys2010/11/28 02:08:22.0172 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys2010/11/28 02:08:22.0204 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys2010/11/28 02:08:22.0235 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys2010/11/28 02:08:22.0266 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys2010/11/28 02:08:22.0313 NAL (a467e1deb3bb2b57426c8a5993ba933e) C:\Windows\system32\Drivers\iqvw32.sys2010/11/28 02:08:22.0360 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys2010/11/28 02:08:22.0391 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys2010/11/28 02:08:22.0438 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys2010/11/28 02:08:22.0453 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys2010/11/28 02:08:22.0484 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys2010/11/28 02:08:22.0500 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys2010/11/28 02:08:22.0562 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys2010/11/28 02:08:22.0578 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys2010/11/28 02:08:22.0640 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys2010/11/28 02:08:22.0687 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys2010/11/28 02:08:22.0718 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys2010/11/28 02:08:22.0781 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys2010/11/28 02:08:22.0812 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys2010/11/28 02:08:22.0859 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys2010/11/28 02:08:22.0906 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys2010/11/28 02:08:22.0921 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys2010/11/28 02:08:22.0968 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys2010/11/28 02:08:23.0077 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys2010/11/28 02:08:23.0140 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys2010/11/28 02:08:23.0171 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys2010/11/28 02:08:23.0202 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys2010/11/28 02:08:23.0264 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys2010/11/28 02:08:23.0296 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys2010/11/28 02:08:23.0342 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys2010/11/28 02:08:23.0374 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys2010/11/28 02:08:23.0420 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys2010/11/28 02:08:23.0514 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys2010/11/28 02:08:23.0561 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys2010/11/28 02:08:23.0608 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys2010/11/28 02:08:23.0670 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys2010/11/28 02:08:23.0717 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys2010/11/28 02:08:23.0748 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys2010/11/28 02:08:23.0857 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys2010/11/28 02:08:23.0904 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys2010/11/28 02:08:23.0951 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys2010/11/28 02:08:24.0013 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys2010/11/28 02:08:24.0044 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys2010/11/28 02:08:24.0076 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys2010/11/28 02:08:24.0091 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys2010/11/28 02:08:24.0154 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys2010/11/28 02:08:24.0185 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys2010/11/28 02:08:24.0216 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys2010/11/28 02:08:24.0278 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys2010/11/28 02:08:24.0294 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\drivers\rimsptsk.sys2010/11/28 02:08:24.0325 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\drivers\rixdptsk.sys2010/11/28 02:08:24.0403 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys2010/11/28 02:08:24.0434 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys2010/11/28 02:08:24.0497 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys2010/11/28 02:08:24.0544 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys2010/11/28 02:08:24.0590 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys2010/11/28 02:08:24.0637 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys2010/11/28 02:08:24.0684 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys2010/11/28 02:08:24.0731 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys2010/11/28 02:08:24.0762 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys2010/11/28 02:08:24.0809 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys2010/11/28 02:08:24.0840 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys2010/11/28 02:08:24.0887 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys2010/11/28 02:08:24.0934 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys2010/11/28 02:08:24.0949 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys2010/11/28 02:08:25.0012 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys2010/11/28 02:08:25.0074 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys2010/11/28 02:08:25.0136 srv (0debafcc0e3591fca34f077cab62f7f7) C:\Windows\system32\DRIVERS\srv.sys2010/11/28 02:08:25.0168 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys2010/11/28 02:08:25.0199 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys2010/11/28 02:08:25.0292 STHDA (9aefc1bc01e03a4afb8e718fc2f72c10) C:\Windows\system32\DRIVERS\stwrt.sys2010/11/28 02:08:25.0339 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys2010/11/28 02:08:25.0370 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys2010/11/28 02:08:25.0417 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys2010/11/28 02:08:25.0448 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys2010/11/28 02:08:25.0495 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys2010/11/28 02:08:25.0558 Synnetdrv (623b6b03abb2d7b722bfe2018ef47d19) C:\Windows\system32\DRIVERS\Synnetdrv.sys2010/11/28 02:08:25.0573 SynnetdrvMP (623b6b03abb2d7b722bfe2018ef47d19) C:\Windows\system32\DRIVERS\Synnetdrv.sys2010/11/28 02:08:25.0667 Tcpip (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\drivers\tcpip.sys2010/11/28 02:08:25.0698 Tcpip6 (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\DRIVERS\tcpip.sys2010/11/28 02:08:25.0745 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys2010/11/28 02:08:25.0807 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys2010/11/28 02:08:25.0838 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys2010/11/28 02:08:25.0885 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys2010/11/28 02:08:25.0916 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys2010/11/28 02:08:25.0994 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys2010/11/28 02:08:26.0010 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys2010/11/28 02:08:26.0072 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys2010/11/28 02:08:26.0119 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys2010/11/28 02:08:26.0166 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys2010/11/28 02:08:26.0197 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys2010/11/28 02:08:26.0244 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys2010/11/28 02:08:26.0260 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys2010/11/28 02:08:26.0291 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys2010/11/28 02:08:26.0322 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys2010/11/28 02:08:26.0400 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys2010/11/28 02:08:26.0431 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys2010/11/28 02:08:26.0478 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\Windows\system32\DRIVERS\usbccid.sys2010/11/28 02:08:26.0509 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys2010/11/28 02:08:26.0556 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys2010/11/28 02:08:26.0603 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys2010/11/28 02:08:26.0634 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys2010/11/28 02:08:26.0665 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys2010/11/28 02:08:26.0696 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS2010/11/28 02:08:26.0728 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys2010/11/28 02:08:26.0774 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys2010/11/28 02:08:26.0806 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys2010/11/28 02:08:26.0837 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys2010/11/28 02:08:26.0868 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys2010/11/28 02:08:26.0915 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys2010/11/28 02:08:26.0962 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys2010/11/28 02:08:27.0008 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys2010/11/28 02:08:27.0055 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys2010/11/28 02:08:27.0086 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys2010/11/28 02:08:27.0133 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys2010/11/28 02:08:27.0180 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys2010/11/28 02:08:27.0196 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys2010/11/28 02:08:27.0242 WavxDMgr (ab0b2678eb3f4536a2241c3f0da9eb36) C:\Windows\system32\DRIVERS\WavxDMgr.sys2010/11/28 02:08:27.0289 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys2010/11/28 02:08:27.0336 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys2010/11/28 02:08:27.0445 WinDriver6 (451f905bc7bff9e1cff2e7ae76196b2c) C:\Windows\system32\drivers\windrvr6.sys2010/11/28 02:08:27.0539 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys2010/11/28 02:08:27.0617 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys2010/11/28 02:08:27.0648 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys2010/11/28 02:08:27.0695 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys2010/11/28 02:08:27.0773 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)2010/11/28 02:08:27.0835 ================================================================================2010/11/28 02:08:27.0835 Scan finished2010/11/28 02:08:27.0835 ================================================================================2010/11/28 02:08:27.0851 Detected object count: 12010/11/28 02:08:45.0026 \HardDisk0 - will be cured after reboot2010/11/28 02:08:45.0026 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2010/11/28 02:08:47.0242 Deinitialize success Link to post Share on other sites More sharing options...
LDTate Posted November 29, 2010 ID:352626 Share Posted November 29, 2010 Download ComboFix from one of these locations:Link 1Link 2 If using this link, Right Click and select Save As.* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective ProgramsDouble click on ComboFix.exe & follow the prompts.Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7. Note: If you have SP3, use the SP2 package.If Vista or Windows 7, skip the Recovery Console partAs part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.Notes:1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper. 4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.Give it atleast 20-30 minutes to finish if needed.Please do not attach the scan results from Combofx. Use copy/paste.Also please describe how your computer behaves at the moment. Link to post Share on other sites More sharing options...
dhrock Posted November 29, 2010 Author ID:352643 Share Posted November 29, 2010 I ran combofix unfortunately when the computer restarted it booted back in normal mode so it bluescreened so I do not have the log. Link to post Share on other sites More sharing options...
LDTate Posted November 29, 2010 ID:352830 Share Posted November 29, 2010 Search for combofix.txtIt should be in the root of C C:\ComboFix.txtOr look here:C:\ComboFix\combofix.txt Link to post Share on other sites More sharing options...
dhrock Posted November 30, 2010 Author ID:353237 Share Posted November 30, 2010 ComboFix 10-11-28.01 - standrews 11/29/2010 18:25:28.6.2 - x86 MINIMALMicrosoft Link to post Share on other sites More sharing options...
dhrock Posted November 30, 2010 Author ID:353240 Share Posted November 30, 2010 I'm doing all of this in safe mode in case it matters. Link to post Share on other sites More sharing options...
LDTate Posted November 30, 2010 ID:353639 Share Posted November 30, 2010 I'm doing all of this in safe mode in case it matters.Try running it again. Link to post Share on other sites More sharing options...
dhrock Posted November 30, 2010 Author ID:353893 Share Posted November 30, 2010 I have tried running mtiple times and I get the same message everytime. Link to post Share on other sites More sharing options...
LDTate Posted December 1, 2010 ID:354286 Share Posted December 1, 2010 Run TDSSKiller again Link to post Share on other sites More sharing options...
dhrock Posted December 1, 2010 Author ID:354294 Share Posted December 1, 2010 TDSSKiller found no threats Link to post Share on other sites More sharing options...
LDTate Posted December 1, 2010 ID:354298 Share Posted December 1, 2010 Delete the combofix.exe you have now.After the above.Download Combofix from any of the links below but rename it to iexplore.exe before saving it to your desktop. If need be, Download the tools needed to a flash drive or other USB device, and transfer them to the infected computer. Note:If combofix (iexplore.exe) won't run from the desktop, try running it from the USB device.Link 1Link 2 If using this link, Right Click and select Save As.* IMPORTANT !!! Save iexplore.exe to your DesktopDouble click on the iexplore.exe ComboFix.exe & follow the prompts. Be sure to download any updates.When finished, it will produce a report for you. Please post the C:\ComboFix.txt so we can continue cleaning the system.Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective ProgramsDouble click on ComboFix.exe & follow the prompts.Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7. Note: If you have SP3, use the SP2 package.If Vista or Windows 7, skip the Recovery Console partAs part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware. Link to post Share on other sites More sharing options...
dhrock Posted December 1, 2010 Author ID:354641 Share Posted December 1, 2010 ComboFix 10-11-30.09 - standrews 12/01/2010 16:24:59.6.2 - x86 MINIMALMicrosoft Link to post Share on other sites More sharing options...
LDTate Posted December 1, 2010 ID:354645 Share Posted December 1, 2010 I think you have a new infection:c:\users\standrews\appdata\roaming\hotfix.exePlease go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:c:\users\standrews\appdata\roaming\hotfix.exeThen click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.If virustotal is too busy you can try these.http://virusscan.jotti.orghttp://www.kaspersky.com/scanforvirus.html Link to post Share on other sites More sharing options...
dhrock Posted December 1, 2010 Author ID:354664 Share Posted December 1, 2010 I've gotten to roaming but I can't seem to find hotfix Link to post Share on other sites More sharing options...
LDTate Posted December 1, 2010 ID:354668 Share Posted December 1, 2010 It might be hiddenVista UsersTo enable the viewing of hidden and protected system files in Windows Vista please follow these steps:Close all programs so that you are at your desktop.Click on the Start button. This is the small round button with the Windows flag in the lower left corner.Click on the Control Panel menu option.When the control panel opens you can either be in Classic View or Control Panel Home view: If you are in the Classic View do the following: Double-click on the Folder Options icon.Click on the View tab.If you are in the Control Panel Home view do the following: Click on the Appearance and Personalization link.Click on Show Hidden Files or Folders.Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.Remove the checkmark from the checkbox labeled Hide extensions for known file types.Remove the checkmark from the checkbox labeled Hide protected operating system files. Link to post Share on other sites More sharing options...
dhrock Posted December 1, 2010 Author ID:354680 Share Posted December 1, 2010 Still no luck. Link to post Share on other sites More sharing options...
LDTate Posted December 1, 2010 ID:354681 Share Posted December 1, 2010 These are all bad if still there. Delete these files if listedc:\windows\system32\config\systemprofile\appdata\local\lhnetjqms\lkrjfudtssd.exec:\users\standrews\appdata\roaming\hotfix.exec:\users\standrews\appdata\roaming\aswhj.batc:\windows\system32\dll.dllDelete this folder if listedc:\windows\system32\config\systemprofile\appdata\local\lhnetjqmsAfter the above, try rebooting in Normal Mode Link to post Share on other sites More sharing options...
dhrock Posted December 1, 2010 Author ID:354685 Share Posted December 1, 2010 I was able to delete the folder, I couldn't find anything else, and when I rebooted windows in normal mode it still bluescreened. However, the bluescreen message was different than normal but I couldn't read fast enough to see what it was rather long. Link to post Share on other sites More sharing options...
LDTate Posted December 1, 2010 ID:354686 Share Posted December 1, 2010 Try combofix again.If that won't run do this:Download OTL to your desktop.Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.When the window appears, underneath Output at the top change it to Minimal Output.Under the Custom Scan box paste this in:netsvcsdrivers32 /all%SYSTEMDRIVE%\*.*%systemroot%\system32\Spool\prtprocs\w32x86\*.dll%systemroot%\system32\*.wt%systemroot%\system32\*.ruy%systemroot%\Fonts\*.com%systemroot%\system32\spool\prtprocs\w32x86\*.tmp%systemroot%\*. /mp /sCREATERESTOREPOINT%systemroot%\system32\*.dll /lockedfiles%systemroot%\Tasks\*.job /lockedfiles%systemroot%\System32\config\*.sav %systemroot%\Fonts\*.dll%systemroot%\Fonts\*.ini%systemroot%\Fonts\*.ini2 %systemroot%\system32\user32.dll /md5%systemroot%\system32\ws2_32.dll /md5%systemroot%\system32\ws2help.dll /md5HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AUHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rsClick the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and include them in your next post.Please include the following in your next post:OTL and Extras logs Link to post Share on other sites More sharing options...
dhrock Posted December 2, 2010 Author ID:354717 Share Posted December 2, 2010 OTL logfile created on: 12/1/2010 6:15:36 PM - Run 1OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\standrews\DesktopWindows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18928)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free3.00 Gb Paging File | 3.00 Gb Available in Paging File | 92.00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 72.31 Gb Total Space | 24.21 Gb Free Space | 33.48% Space Free | Partition Type: NTFSDrive D: | 2.00 Gb Total Space | 1.06 Gb Free Space | 53.17% Space Free | Partition Type: NTFSDrive F: | 491.34 Mb Total Space | 479.14 Mb Free Space | 97.52% Space Free | Partition Type: FATComputer Name: US-STU-CKERR | User Name: standrews | Logged in as Administrator.Boot Mode: SafeMode | Scan Mode: Current user | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - C:\Users\standrews\Desktop\OTL.exe (OldTimer Tools)PRC - C:\Windows\explorer.exe (Microsoft Corporation)========== Modules (SafeList) ==========MOD - C:\Users\standrews\Desktop\OTL.exe (OldTimer Tools)MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)========== Win32 Services (SafeList) ==========SRV - (avg8wd) -- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe File not foundSRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\stacsv.exe (IDT, Inc.)SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\AEstSrv.exe (Andrea Electronics Corporation)SRV - (SMManager) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.)SRV - (dcpsysmgrsvc) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)SRV - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)SRV - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)SRV - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)SRV - (buttonsvc32) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()SRV - (alssvc) -- C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe (Dell Inc.)SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)SRV - (ASFAgent) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)========== Driver Services (SafeList) ==========DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not foundDRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not foundDRV - (NvtSp50) -- C:\Windows\System32\Drivers\NvtSp50.sys File not foundDRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not foundDRV - (catchme) -- C:\Users\STANDR~1\AppData\Local\Temp\catchme.sys File not foundDRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys File not foundDRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys File not foundDRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys File not foundDRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)DRV - (e1yexpress) Intel® -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)DRV - (cvusbdrv) -- C:\Windows\System32\drivers\cvusbdrv.sys (Broadcom Corporation)DRV - (WavxDMgr) -- C:\Windows\System32\drivers\WavxDMgr.sys (Wave Systems Corp.)DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)DRV - (HBtnKey) -- C:\Windows\system32\drivers\hbtnkey.sys (Dell Inc.)DRV - (HECI) Intel® -- C:\Windows\system32\drivers\heci.sys (Intel Corporation)DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)DRV - (WinDriver6) -- C:\Windows\System32\drivers\windrvr6.sys (Jungo)DRV - (rismxdp) -- C:\Windows\system32\drivers\rixdptsk.sys (REDC)DRV - (rimsptsk) -- C:\Windows\system32\drivers\rimsptsk.sys (REDC)DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)DRV - (PBADRV) -- C:\Windows\system32\DRIVERS\PBADRV.sys (Dell Inc)DRV - (NAL) -- C:\Windows\System32\drivers\iqvw32.sys (Intel Corporation )DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)DRV - (SynnetdrvMP) -- C:\Windows\System32\drivers\Synnetdrv.sys (Windows ® Codename Longhorn DDK provider)DRV - (Synnetdrv) -- C:\Windows\System32\drivers\Synnetdrv.sys (Windows ® Codename Longhorn DDK provider)DRV - (AsfAlrt) -- C:\Windows\System32\drivers\Asfalrt.sys (Intel Corporation)DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sasaustin.org/IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local========== FireFox ==========FF - prefs.js..browser.search.defaultenginename: "Google"FF - prefs.js..browser.startup.homepage: "www.facebook.com"FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 06:50:27 | 000,000,000 | ---D | M]FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 06:50:27 | 000,000,000 | ---D | M][2009/08/30 11:46:59 | 000,000,000 | ---D | M] -- C:\Users\standrews\AppData\Roaming\mozilla\Extensions[2010/11/17 11:46:27 | 000,000,000 | ---D | M] -- C:\Users\standrews\AppData\Roaming\mozilla\Firefox\Profiles\rtpktg8y.default\extensions[2009/09/01 12:25:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\standrews\AppData\Roaming\mozilla\Firefox\Profiles\rtpktg8y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}[2010/09/27 20:06:16 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\standrews\AppData\Roaming\mozilla\Firefox\Profiles\rtpktg8y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}[2010/11/17 11:46:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensionsO1 HOSTS File: ([2010/11/29 21:51:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not foundO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)O2 - BHO: (CWebBrowserClass Object) - {B0A26676-4185-479F-B7B1-B3968B956468} - C:\Program Files\SynchronEyes Student 7.0\SEyesIEBlock.dll (SMART Technologies Inc.)O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe File not foundO4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)O4 - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)O4 - HKLM..\Run: [secureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)O4 - HKLM..\Run: [synchronEyes 7.0 Help Service] C:\Program Files\SynchronEyes Student 7.0\SynchronEyesClient.exe (SMART Technologies Inc.)O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)O4 - HKLM..\Run: [uSCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AutoRun = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not foundO18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll File not foundO20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20 - Winlogon\Notify\cryptnet32: DllName - cryptnet32.dll - File not foundO20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpgO24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpgO28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not foundO30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *) - File not foundO35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*NetSvcs: FastUserSwitchingCompatibility - File not foundNetSvcs: Ias - File not foundNetSvcs: Nla - File not foundNetSvcs: Ntmssvc - File not foundNetSvcs: NWCWorkstation - File not foundNetSvcs: Nwsapagent - File not foundNetSvcs: SRService - File not foundNetSvcs: WmdmPmSp - File not foundNetSvcs: LogonHours - File not foundNetSvcs: PCAudit - File not foundNetSvcs: helpsvc - File not foundNetSvcs: uploadmgr - File not foundDrivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)CREATERESTOREPOINTError creating restore point.========== Files/Folders - Created Within 30 Days ==========[2012/03/31 20:28:01 | 000,000,000 | -HSD | C] -- C:\System Volume Information[2010/12/01 18:14:18 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\standrews\Desktop\OTL.exe[2010/12/01 17:40:46 | 000,000,000 | ---D | C] -- C:\Windows\temp[2010/12/01 17:31:49 | 000,000,000 | --SD | C] -- C:\ComboFix[2010/12/01 17:31:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe[2010/12/01 17:26:07 | 000,000,000 | -HSD | C] -- C:\found.002[2010/12/01 16:57:25 | 000,000,000 | ---D | C] -- C:\Users\standrews\AppData\Local\Adobe[2010/11/29 21:51:03 | 000,000,000 | ---D | C] -- C:\Users\standrews\AppData\Local\temp[2010/11/29 00:13:49 | 000,000,000 | ---D | C] -- C:\Users\standrews\AppData\Local\Apple Computer[2010/11/28 02:06:53 | 000,000,000 | ---D | C] -- C:\Users\standrews\Desktop\GooredFix Backups[2010/11/28 02:06:35 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\standrews\Desktop\GooredFix.exe[2010/11/27 13:48:16 | 000,000,000 | -HSD | C] -- C:\found.001[2010/11/26 15:40:16 | 001,342,552 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\standrews\Desktop\TDSSKiller.exe[2 C:\Users\standrews\Documents\*.tmp files -> C:\Users\standrews\Documents\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2010/12/01 18:15:18 | 000,606,420 | ---- | M] () -- C:\Windows\System32\perfh009.dat[2010/12/01 18:15:18 | 000,104,430 | ---- | M] () -- C:\Windows\System32\perfc009.dat[2010/12/01 18:11:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\standrews\Desktop\OTL.exe[2010/12/01 17:41:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2010/12/01 17:41:22 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys[2010/12/01 17:18:56 | 000,000,000 | ---- | M] () -- C:\Users\standrews\AppData\Local\WavXMapDrive.bat[2010/12/01 17:18:51 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2010/12/01 16:13:28 | 003,983,387 | R--- | M] () -- C:\Users\standrews\Desktop\ComboFix.exe[2010/12/01 15:51:50 | 003,983,387 | R--- | M] () -- C:\Users\standrews\Documents\iexplore.exe.exe[2010/11/29 23:01:54 | 000,001,356 | ---- | M] () -- C:\Users\standrews\AppData\Local\d3d9caps.dat[2010/11/29 23:01:17 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk[2010/11/29 21:56:00 | 000,000,400 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EBA44960-FDAF-431F-A09C-35281B1FD385}.job[2010/11/29 21:51:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts[2010/11/28 19:34:02 | 003,981,348 | ---- | M] () -- C:\Users\standrews\Documents\ComboFix.exe[2010/11/28 02:00:29 | 133,653,503 | ---- | M] () -- C:\Windows\MEMORY.DMP[2010/11/28 01:50:40 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\standrews\Desktop\GooredFix.exe[2010/11/27 14:09:39 | 000,000,000 | ---- | M] () -- C:\Users\standrews\defogger_reenable[2010/11/27 14:06:56 | 000,630,272 | ---- | M] () -- C:\Users\standrews\Desktop\dds.scr[2010/11/27 13:56:16 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0[2010/11/27 13:56:16 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0[2010/11/27 13:30:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2256250747-113075341-1845388055-1001UA.job[2010/11/27 13:04:03 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2010/11/27 09:30:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2256250747-113075341-1845388055-1001Core.job[2010/11/26 18:50:12 | 000,000,566 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for standrews.job[2010/11/26 15:40:16 | 001,342,552 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\standrews\Desktop\TDSSKiller.exe[2010/11/18 17:37:47 | 000,019,333 | ---- | M] () -- C:\Users\standrews\Documents\history 10 art.docx[2010/11/17 22:54:09 | 000,010,143 | ---- | M] () -- C:\Users\standrews\Documents\hamlet title.docx[2010/11/11 23:36:35 | 000,011,594 | ---- | M] () -- C:\Users\standrews\Documents\physicslabq.docx[2010/11/09 14:17:17 | 000,036,960 | ---- | M] () -- C:\Users\standrews\Documents\Connor Velocity Challenge.gmbl[2010/11/09 14:15:09 | 000,036,953 | ---- | M] () -- C:\Users\standrews\Documents\ingridvelocitychallenge.gmbl[2010/11/09 14:10:42 | 000,048,107 | ---- | M] () -- C:\Users\standrews\Documents\Connor Challenge.gmbl[2010/11/09 14:06:32 | 000,060,673 | ---- | M] () -- C:\Users\standrews\Documents\ingrid challenge.gmbl[2010/11/09 14:02:20 | 000,043,413 | ---- | M] () -- C:\Users\standrews\Documents\ingrid velocity match.gmbl[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe[2010/11/06 00:11:29 | 000,010,002 | ---- | M] () -- C:\Users\standrews\Documents\shakespear.docx[2010/11/05 10:49:13 | 000,002,064 | ---- | M] () -- C:\Users\standrews\Desktop\Google Chrome.lnk[2010/11/05 10:49:13 | 000,002,026 | ---- | M] () -- C:\Users\standrews\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk[2010/11/03 08:10:26 | 000,034,764 | ---- | M] () -- C:\Users\standrews\Documents\Connor Velocity 2.gmbl[2010/11/03 08:06:16 | 000,065,434 | ---- | M] () -- C:\Users\standrews\Documents\ingrid velocity.gmbl[2010/11/03 07:57:56 | 000,065,431 | ---- | M] () -- C:\Users\standrews\Documents\Sarah Velocity.gmbl[2010/11/03 07:49:27 | 000,065,456 | ---- | M] () -- C:\Users\standrews\Documents\Connor V Graph 1.gmbl[2 C:\Users\standrews\Documents\*.tmp files -> C:\Users\standrews\Documents\*.tmp -> ]========== Files Created - No Company Name ==========[2010/12/01 16:21:21 | 003,983,387 | R--- | C] () -- C:\Users\standrews\Desktop\ComboFix.exe[2010/12/01 16:06:48 | 003,983,387 | R--- | C] () -- C:\Users\standrews\Documents\iexplore.exe.exe[2010/11/28 19:39:41 | 003,981,348 | ---- | C] () -- C:\Users\standrews\Documents\ComboFix.exe[2010/11/28 14:24:19 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys[2010/11/27 14:13:22 | 000,630,272 | ---- | C] () -- C:\Users\standrews\Desktop\dds.scr[2010/11/27 14:09:39 | 000,000,000 | ---- | C] () -- C:\Users\standrews\defogger_reenable[2010/11/17 22:54:07 | 000,010,143 | ---- | C] () -- C:\Users\standrews\Documents\hamlet title.docx[2010/11/11 23:36:33 | 000,011,594 | ---- | C] () -- C:\Users\standrews\Documents\physicslabq.docx[2010/11/09 14:17:16 | 000,036,960 | ---- | C] () -- C:\Users\standrews\Documents\Connor Velocity Challenge.gmbl[2010/11/09 14:15:08 | 000,036,953 | ---- | C] () -- C:\Users\standrews\Documents\ingridvelocitychallenge.gmbl[2010/11/09 14:10:41 | 000,048,107 | ---- | C] () -- C:\Users\standrews\Documents\Connor Challenge.gmbl[2010/11/09 14:06:31 | 000,060,673 | ---- | C] () -- C:\Users\standrews\Documents\ingrid challenge.gmbl[2010/11/09 14:02:19 | 000,043,413 | ---- | C] () -- C:\Users\standrews\Documents\ingrid velocity match.gmbl[2010/11/06 00:11:27 | 000,010,002 | ---- | C] () -- C:\Users\standrews\Documents\shakespear.docx[2010/11/03 08:10:25 | 000,034,764 | ---- | C] () -- C:\Users\standrews\Documents\Connor Velocity 2.gmbl[2010/11/03 08:06:15 | 000,065,434 | ---- | C] () -- C:\Users\standrews\Documents\ingrid velocity.gmbl[2010/11/03 07:57:56 | 000,065,431 | ---- | C] () -- C:\Users\standrews\Documents\Sarah Velocity.gmbl[2010/11/03 07:44:05 | 000,065,456 | ---- | C] () -- C:\Users\standrews\Documents\Connor V Graph 1.gmbl[2010/09/17 13:19:31 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini[2010/02/05 08:37:21 | 000,001,356 | ---- | C] () -- C:\Users\standrews\AppData\Local\d3d9caps.dat[2009/10/11 21:00:53 | 000,005,632 | ---- | C] () -- C:\Users\standrews\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2009/08/30 12:11:06 | 000,000,809 | ---- | C] () -- C:\ProgramData\hpzinstall.log[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll[2009/07/01 11:12:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll[2009/07/01 10:18:34 | 000,000,000 | ---- | C] () -- C:\Users\standrews\AppData\Local\WavXMapDrive.bat[2009/06/22 10:31:05 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TransCom.dll[2009/06/22 09:40:01 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol[2009/06/22 09:34:30 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI[2009/06/02 04:11:59 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll[2009/06/02 04:11:57 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll[2009/06/02 04:11:43 | 001,164,288 | ---- | C] () -- C:\Windows\System32\taboem.dll[2009/06/02 01:45:58 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll[2009/06/02 01:35:39 | 000,279,888 | ---- | C] () -- C:\Windows\System32\brcmbsp.dll[2009/06/02 01:35:26 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll[2009/06/02 01:26:13 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll[2009/03/01 17:01:02 | 000,143,360 | R--- | C] () -- C:\Windows\System32\preflib.dll[2008/12/22 11:13:54 | 000,249,856 | ---- | C] () -- C:\Windows\System32\wxvault.dll[2008/12/19 17:59:18 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_tr.dll[2008/12/19 17:59:16 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_ro.dll[2008/12/19 17:59:16 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll[2008/12/19 17:59:14 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_hu.dll[2008/12/19 17:59:14 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_he.dll[2008/12/19 17:59:12 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_fi.dll[2008/12/19 17:59:10 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_el.dll[2008/12/19 17:59:10 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_cs.dll[2008/12/19 17:59:08 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_ar.dll[2008/12/19 17:59:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll[2008/12/19 17:59:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll[2008/12/19 17:59:04 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sv.dll[2008/12/19 17:59:04 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll[2008/12/19 17:59:02 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll[2008/12/19 17:59:00 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pl.dll[2008/12/19 17:59:00 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_no.dll[2008/12/19 17:58:58 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_nl.dll[2008/12/19 17:58:56 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll[2008/12/19 17:58:56 | 000,086,016 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll[2008/12/19 17:58:54 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll[2008/12/19 17:58:54 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll[2008/12/19 17:58:52 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll[2008/12/19 17:58:50 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll[2008/12/19 17:58:48 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_da.dll[2008/12/11 14:51:36 | 000,010,752 | ---- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll[2008/12/11 11:59:48 | 000,512,000 | ---- | C] () -- C:\Windows\System32\AmRes_en.dll[2008/12/11 11:59:46 | 000,540,672 | ---- | C] () -- C:\Windows\System32\AmRes_fr.dll[2008/12/11 11:59:46 | 000,540,672 | ---- | C] () -- C:\Windows\System32\AmRes_es.dll[2008/12/11 11:59:46 | 000,536,576 | ---- | C] () -- C:\Windows\System32\AmRes_it.dll[2008/12/11 11:59:44 | 000,520,192 | ---- | C] () -- C:\Windows\System32\AmRes_ja.dll[2008/12/11 11:59:44 | 000,503,808 | ---- | C] () -- C:\Windows\System32\AmRes_ko.dll[2008/12/11 11:59:42 | 000,565,248 | ---- | C] () -- C:\Windows\System32\AmRes_ru.dll[2008/12/11 11:59:42 | 000,524,288 | ---- | C] () -- C:\Windows\System32\AmRes_pt-BR.dll[2008/12/11 11:59:40 | 000,516,096 | ---- | C] () -- C:\Windows\System32\AmRes_da.dll[2008/12/11 11:59:40 | 000,479,232 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHT.dll[2008/12/11 11:59:40 | 000,475,136 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHS.dll[2008/12/11 11:59:38 | 000,540,672 | ---- | C] () -- C:\Windows\System32\AmRes_nl.dll[2008/12/11 11:59:38 | 000,512,000 | ---- | C] () -- C:\Windows\System32\AmRes_no.dll[2008/12/11 11:59:36 | 000,528,384 | ---- | C] () -- C:\Windows\System32\AmRes_pl.dll[2008/12/11 11:59:36 | 000,516,096 | ---- | C] () -- C:\Windows\System32\AmRes_sv.dll[2008/12/11 11:59:36 | 000,512,000 | ---- | C] () -- C:\Windows\System32\AmRes_ar.dll[2008/12/11 11:59:34 | 000,536,576 | ---- | C] () -- C:\Windows\System32\AmRes_el.dll[2008/12/11 11:59:34 | 000,528,384 | ---- | C] () -- C:\Windows\System32\AmRes_cs.dll[2008/12/11 11:59:34 | 000,520,192 | ---- | C] () -- C:\Windows\System32\AmRes_fi.dll[2008/12/11 11:59:34 | 000,503,808 | ---- | C] () -- C:\Windows\System32\AmRes_he.dll[2008/12/11 11:59:32 | 000,532,480 | ---- | C] () -- C:\Windows\System32\AmRes_pt-PT.dll[2008/12/11 11:59:32 | 000,528,384 | ---- | C] () -- C:\Windows\System32\AmRes_hu.dll[2008/12/11 11:59:30 | 000,532,480 | ---- | C] () -- C:\Windows\System32\AmRes_ro.dll[2008/12/11 11:59:30 | 000,524,288 | ---- | C] () -- C:\Windows\System32\AmRes_tr.dll[2008/12/11 11:56:30 | 000,544,768 | ---- | C] () -- C:\Windows\System32\AmRes_de.dll[2008/10/06 17:36:56 | 000,839,680 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll[2008/03/25 08:46:00 | 000,077,536 | ---- | C] () -- C:\Windows\System32\xltZlib.dll[2007/04/19 04:52:16 | 000,080,720 | ---- | C] () -- C:\Windows\System32\AsfBios.dll[2007/04/19 04:28:10 | 000,025,424 | ---- | C] () -- C:\Windows\System32\drivers\netamsg.dll[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini[2006/06/30 11:58:44 | 000,176,128 | R--- | C] () -- C:\Windows\System32\bioapi_mds300.dll[2006/06/30 11:58:44 | 000,126,976 | R--- | C] () -- C:\Windows\System32\bioapi100.dll[2004/09/10 12:34:00 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll[2004/09/10 12:34:00 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll========== LOP Check ==========[2010/02/25 07:17:40 | 000,000,000 | ---D | M] -- C:\Users\standrews\AppData\Roaming\.anki[2010/10/04 19:33:54 | 000,000,000 | ---D | M] -- C:\Users\standrews\AppData\Roaming\.minecraft[2009/07/01 10:18:35 | 000,000,000 | ---D | M] -- C:\Users\standrews\AppData\Roaming\Broadcom[2010/09/18 03:54:32 | 000,000,000 | ---D | M] -- C:\Users\standrews\AppData\Roaming\Image Zone Express[2009/09/22 04:31:28 | 000,000,000 | ---D | M] -- C:\Users\standrews\AppData\Roaming\Motic[2010/09/18 03:54:31 | 000,000,000 | ---D | M] -- C:\Users\standrews\AppData\Roaming\Printer Info Cache[2010/07/02 17:14:04 | 000,000,000 | ---D | M] -- C:\Users\standrews\AppData\Roaming\Unity[2009/07/01 10:18:49 | 000,000,000 | ---D | M] -- C:\Users\standrews\AppData\Roaming\Wave Systems Corp[2010/11/27 13:28:05 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT[2010/11/29 21:56:00 | 000,000,400 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EBA44960-FDAF-431F-A09C-35281B1FD385}.job========== Purity Check ==================== Custom Scans ==========< %SYSTEMDRIVE%\*.* >[2006/09/18 15:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat[2010/12/01 17:26:40 | 000,005,856 | ---- | M] () -- C:\bootex.log[2009/04/11 00:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr[2006/09/18 15:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys[2009/06/02 04:12:14 | 000,003,396 | RH-- | M] () -- C:\dell.sdr[2010/11/28 02:00:40 | 3484,610,560 | -HS- | M] () -- C:\pagefile.sys[2010/12/01 07:14:49 | 000,058,926 | ---- | M] () -- C:\TDSSKiller.2.4.9.0_01.12.2010_07.14.17_log.txt[2010/12/01 07:15:07 | 000,058,926 | ---- | M] () -- C:\TDSSKiller.2.4.9.0_01.12.2010_07.14.52_log.txt[2010/11/28 02:08:47 | 000,060,198 | ---- | M] () -- C:\TDSSKiller.2.4.9.0_28.11.2010_02.08.10_log.txt[2010/11/28 14:29:36 | 000,059,632 | ---- | M] () -- C:\TDSSKiller.2.4.9.0_28.11.2010_14.28.57_log.txt< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >[2008/01/20 20:23:39 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL[2006/11/02 06:36:30 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll< %systemroot%\system32\*.wt >< %systemroot%\system32\*.ruy >< %systemroot%\Fonts\*.com >[2006/11/02 06:37:19 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont[2006/11/02 06:37:19 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont[2006/11/02 06:37:19 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont[2009/07/01 12:14:11 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >< %systemroot%\*. /mp /s >< %systemroot%\system32\*.dll /lockedfiles >< %systemroot%\Tasks\*.job /lockedfiles >< %systemroot%\System32\config\*.sav >[2008/01/20 21:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV[2008/01/20 21:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV[2008/01/20 21:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV[2006/11/02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV[2006/11/02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV< %systemroot%\Fonts\*.dll >< %systemroot%\Fonts\*.ini >[2006/09/18 15:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini< %systemroot%\Fonts\*.ini2 >< %systemroot%\system32\user32.dll /md5 >[2009/04/11 00:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll< %systemroot%\system32\ws2_32.dll /md5 >[2008/01/20 20:25:16 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\System32\ws2_32.dll< %systemroot%\system32\ws2help.dll /md5 >[2006/11/02 03:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-15 08:12:51========== Files - Unicode (All) ==========[2010/09/08 17:19:12 | 000,010,242 | ---- | M] ()(C:\Users\standrews\Documents\??????.docx) -- C:\Users\standrews\Documents\??????.docx[2010/09/08 17:19:07 | 000,010,242 | ---- | C] ()(C:\Users\standrews\Documents\??????.docx) -- C:\Users\standrews\Documents\??????.docx< End of report >TL Extras logfile created on: 12/1/2010 6:15:36 PM - Run 1OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\standrews\DesktopWindows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstationInternet Explorer (Version = 8.0.6001.18928)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free3.00 Gb Paging File | 3.00 Gb Available in Paging File | 92.00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 72.31 Gb Total Space | 24.21 Gb Free Space | 33.48% Space Free | Partition Type: NTFSDrive D: | 2.00 Gb Total Space | 1.06 Gb Free Space | 53.17% Space Free | Partition Type: NTFSDrive F: | 491.34 Mb Total Space | 479.14 Mb Free Space | 97.52% Space Free | Partition Type: FATComputer Name: US-STU-CKERR | User Name: standrews | Logged in as Administrator.Boot Mode: SafeMode | Scan Mode: Current user | Quick ScanCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>].html [@ = ChromeHTML] -- Reg Error: Key error. File not found========== Shell Spawning ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)scrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0"VistaSp1" = Reg Error: Unknown registry data type -- File not found"VistaSp2" = Reg Error: Unknown registry data type -- File not found[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2256250747-113075341-1845388055-1000]"EnableNotifications" = 0"EnableNotificationsRef" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2256250747-113075341-1845388055-1001]"EnableNotifications" = 0"EnableNotificationsRef" = 1========== System Restore Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall" = 0"DisableNotifications" = 0========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]========== Vista Active Open Ports Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0F6A3EAB-C414-43E0-AB17-C68835968287}" = rport=139 | protocol=6 | dir=out | app=system | "{19BE074C-823F-4AB9-B5E9-C5935099D82F}" = lport=445 | protocol=6 | dir=in | app=system | "{1FE1E0BF-03A2-47E4-8D0D-79D6C0036E7B}" = rport=138 | protocol=17 | dir=out | app=system | "{211FC418-0BA3-4667-85F3-8CA4C665C863}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4A40EC5F-8CC6-4165-B276-2D44A610D9EB}" = lport=137 | protocol=17 | dir=in | app=system | "{60F599C7-AA67-4D4C-81A1-DE84CA5663C0}" = rport=445 | protocol=6 | dir=out | app=system | "{6BEB5396-4AC9-4ABC-90B0-308E2A3E437D}" = lport=138 | protocol=17 | dir=in | app=system | "{932C28EC-4B86-4DBC-A6A7-38CF7FC8411C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{C4E3BF1B-9AB0-4C6D-BFF4-CD5C97DF55C7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{C57E4DC0-7F7B-4FC9-A3E1-6A993731557C}" = lport=139 | protocol=6 | dir=in | app=system | "{DD0CED93-8EB2-4230-9037-FDC594E5A02B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{E14B8EC1-B0AD-4B5F-B0B4-37B85F11A8AF}" = lport=2869 | protocol=6 | dir=in | app=system | "{ED6899F8-706F-4E98-AB01-EA7CC56721A1}" = rport=137 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0C1414F6-52FF-41FC-9AC8-C33A3011CAAB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{1663F2A9-F94B-470F-A50A-A8827DBD552F}" = protocol=6 | dir=in | app=c:\program files\synchroneyes student 7.0\dax64.exe | "{334988A3-EE18-4A5C-82F3-013ACAC0C6E5}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{390EF003-FCAA-40C1-9E9A-A1E2A7838854}" = protocol=6 | dir=in | app=c:\program files\synchroneyes student 7.0\studentconfig.exe | "{4105C829-B05A-4408-B480-8D44C30B0BA8}" = protocol=17 | dir=in | app=c:\program files\synchroneyes student 7.0\dax64.exe | "{4F3471EF-A39C-46F7-87D3-6995B40B3E66}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{58DCE78B-8EA5-40A6-B8A8-FE529B77D1C5}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{650A487D-8168-4363-85CF-1F8D1693A43A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{854BFDFD-8A51-46BF-A345-9B5308E68848}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{85C8AAE0-C899-4E23-9F23-E70E8C4BED3D}" = protocol=17 | dir=in | app=c:\program files\synchroneyes student 7.0\studentconfig.exe | "{8C51E915-51E7-4A12-8D5D-51B831EE98D9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{97C153E8-C62B-43C7-84FE-C0EED2388002}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{9944B639-A8B1-4ABD-98E1-0C81BC8336BA}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{9A93DF25-DC4E-406C-A6C4-D8F6190E9655}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe | "{9D042882-1DC9-4537-AFF5-EFEF79ACAF15}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{9DD595A6-0C99-4F51-9B65-4FA3A5778A7B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{A35846DE-8BDA-4BB1-8CC7-4C00CF85CA5C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{A8C9703C-88B6-42D4-BE2C-F310FCFE984C}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe | "{B86778CB-CD65-4FDF-A011-7A4119E683B2}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe | "{CAC085C2-FDF7-468B-8B0F-8AD6AC5ECCEC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{DA7FDF95-DA78-42AE-9DEA-68B01B48D99F}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | "{ED8A62F5-1FAD-4854-8A88-E1CF69D9FD2E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{EF41FFD7-B7A0-44C5-8AC2-CFEB76EAE813}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | "{F5F853B5-4EF8-4D61-A8F3-C3FD46A1CB28}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe | "{F7887529-3E8C-455F-8486-6364B17D9685}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe | "TCP Query User{8E582F8C-9CDE-43B6-9D04-FD28ED91BBB5}C:\program files\synchroneyes student 7.0\dax64.exe" = protocol=6 | dir=in | app=c:\program files\synchroneyes student 7.0\dax64.exe | "UDP Query User{F418DCD7-FD24-4B69-B913-12A8AE425018}C:\program files\synchroneyes student 7.0\dax64.exe" = protocol=17 | dir=in | app=c:\program files\synchroneyes student 7.0\dax64.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call"{06960020-59A4-11D5-9721-00B0D03F1A43}" = Motic Images Plus 2.0"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan"{17271AB7-D7EC-4a95-9861-FAFE5A4664AD}" = 6300Trb"{173497F1-F291-4AA7-943E-61CB9378771D}" = SO32MMWrapper"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel® Network Connections 13.0.42.0"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer"{32603779-1B20-4342-8FE6-F8431D502811}" = SynchronEyes Student 7.0"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile"{405ABBEB-8DF1-4174-86C0-DCB5E1C78F14}" = NetDeviceManager"{41573DB1-9DAA-43C7-BCBC-49696A648079}" = Dell ControlPoint Connection Manager"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth"{4994A7CB-2BF4-4664-8FCE-DB66055ECEBC}" = Broadcom USH Host Components"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update"{4BBB7E33-4B07-4B8E-8A43-2BE0C4582ADC}" = Logger Pro 3.3"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7"{5AF4F4C5-C71C-418F-B0B1-3903A345BD71}" = Ambient Light Sensor"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass Link to post Share on other sites More sharing options...
LDTate Posted December 2, 2010 ID:354725 Share Posted December 2, 2010 OTL FixRun OTL.exeCopy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL:OTLO20 - Winlogon\Notify\cryptnet32.dll:Commands[EmptyFlash][EmptyTemp][RESETHOSTS] [purity][start explorer][Reboot]Then click the Run Fix button at the topLet the program run unhindered, it will reboot when it is done and produce a log Link to post Share on other sites More sharing options...
dhrock Posted December 2, 2010 Author ID:354729 Share Posted December 2, 2010 My computer bluescreened again on reboot but here is the log I found under _OTLAll processes killed========== OTL ==========Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ deleted successfully.File ogon\Notify\cryptnet32.dll not found.========== COMMANDS ==========[EMPTYFLASH]User: All UsersUser: DefaultUser: Default UserUser: PublicUser: remUser: rmabry->Flash cache emptied: 0 bytesUser: standrews->Flash cache emptied: 170929 bytesTotal Flash Files Cleaned = 0.00 mb[EMPTYTEMP]User: All UsersUser: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytesUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytesUser: PublicUser: rem->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Java cache emptied: 0 bytesUser: rmabry->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 0 bytes->Flash cache emptied: 0 bytesUser: standrews->Temp folder emptied: 31832 bytes->Temporary Internet Files folder emptied: 4501756 bytes->Java cache emptied: 4636432 bytes->FireFox cache emptied: 49509062 bytes->Google Chrome cache emptied: 594288 bytes->Flash cache emptied: 0 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 0 bytes%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 9953079 bytes%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 26986 bytesRecycleBin emptied: 0 bytesTotal Files Cleaned = 66.00 mbC:\Windows\System32\drivers\etc\Hosts moved successfully.HOSTS file reset successfullyOTL by OldTimer - Version 3.2.17.3 log created on 12012010_183758 Link to post Share on other sites More sharing options...
LDTate Posted December 2, 2010 ID:354731 Share Posted December 2, 2010 So still only Safe Mode will work? Link to post Share on other sites More sharing options...
Recommended Posts