Infected

[dhrock]

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4376

Windows 6.0.6002 Service Pack 2 (Safe Mode)

Internet Explorer 8.0.6001.18928

11/27/2010 2:40:46 PM

mbam-log-2010-11-27 (14-40-46).txt

Scan type: Quick scan

Objects scanned: 154106

Time elapsed: 2 minute(s), 36 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS (Ver_10-11-27.01) - NTFSx86 MINIMAL

Run by standrews at 14:12:46.90 on Sat 11/27/2010

Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_16

Microsoft

Attach.zip

ark.zip

[LDTate]

Please don't attach the scan results, use Copy/Paste

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

[dhrock]

Sorry for the slow response, I have some out of town guests staying at my house. My computer will blue screen if I start it in regular mode so I have to use safe mode. I cannot open any programs (like chrome or itunes) but when I do try and open them I get a windows security essential popup warning me I have a trojan horse (I have not clicked on any buttons on this program just ended it with task manager). That's all I can really think of but if you have more specific questions I will try my best to answer them (I'm not much of a computer person). Thanks

2010/11/28 02:08:10.0504 TDSS rootkit removing tool 2.4.9.0 Nov 26 2010 15:38:31

2010/11/28 02:08:10.0504 ================================================================================

2010/11/28 02:08:10.0504 SystemInfo:

2010/11/28 02:08:10.0504

2010/11/28 02:08:10.0504 OS Version: 6.0.6002 ServicePack: 2.0

2010/11/28 02:08:10.0504 Product type: Workstation

2010/11/28 02:08:10.0504 ComputerName: US-STU-CKERR

2010/11/28 02:08:10.0504 UserName: standrews

2010/11/28 02:08:10.0504 Windows directory: C:\Windows

2010/11/28 02:08:10.0504 System windows directory: C:\Windows

2010/11/28 02:08:10.0504 Processor architecture: Intel x86

2010/11/28 02:08:10.0504 Number of processors: 2

2010/11/28 02:08:10.0504 Page size: 0x1000

2010/11/28 02:08:10.0504 Boot type: Safe boot

2010/11/28 02:08:10.0504 ================================================================================

2010/11/28 02:08:10.0738 Initialize success

2010/11/28 02:08:15.0090 ================================================================================

2010/11/28 02:08:15.0090 Scan started

2010/11/28 02:08:15.0090 Mode: Manual;

2010/11/28 02:08:15.0090 ================================================================================

2010/11/28 02:08:15.0745 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

2010/11/28 02:08:15.0823 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

2010/11/28 02:08:15.0870 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

2010/11/28 02:08:15.0932 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

2010/11/28 02:08:15.0948 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

2010/11/28 02:08:16.0042 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys

2010/11/28 02:08:16.0120 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

2010/11/28 02:08:16.0135 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2010/11/28 02:08:16.0182 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

2010/11/28 02:08:16.0244 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

2010/11/28 02:08:16.0276 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

2010/11/28 02:08:16.0307 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

2010/11/28 02:08:16.0338 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

2010/11/28 02:08:16.0400 ApfiltrService (b83f9da84f7079451c1c6a4a2f140920) C:\Windows\system32\DRIVERS\Apfiltr.sys

2010/11/28 02:08:16.0541 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

2010/11/28 02:08:16.0572 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

2010/11/28 02:08:16.0681 AsfAlrt (acee9813685f4a03ee5a160057dd61a8) C:\Windows\system32\Drivers\AsfAlrt.sys

2010/11/28 02:08:16.0728 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2010/11/28 02:08:16.0759 atapi (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys

2010/11/28 02:08:16.0868 AvgLdx86 (bc12f2404bb6f2b6b2ff3c4c246cb752) C:\Windows\System32\Drivers\avgldx86.sys

2010/11/28 02:08:16.0900 AvgMfx86 (5903d729d4f0c5bca74123c96a1b29e0) C:\Windows\System32\Drivers\avgmfx86.sys

2010/11/28 02:08:16.0931 AvgTdiX (92d8e1e8502e649b60e70074eb29c380) C:\Windows\System32\Drivers\avgtdix.sys

2010/11/28 02:08:16.0993 BCM42RLY (50e7506911a528dc23d85f1eb56ced5d) C:\Windows\system32\drivers\BCM42RLY.sys

2010/11/28 02:08:17.0071 BCM43XX (fa6707a346cd122407f3b0bad1c47639) C:\Windows\system32\DRIVERS\bcmwl6.sys

2010/11/28 02:08:17.0165 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2010/11/28 02:08:17.0227 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

2010/11/28 02:08:17.0258 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys

2010/11/28 02:08:17.0336 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2010/11/28 02:08:17.0368 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2010/11/28 02:08:17.0414 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2010/11/28 02:08:17.0446 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2010/11/28 02:08:17.0508 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2010/11/28 02:08:17.0539 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2010/11/28 02:08:17.0570 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2010/11/28 02:08:17.0914 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2010/11/28 02:08:17.0976 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

2010/11/28 02:08:18.0038 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys

2010/11/28 02:08:18.0101 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

2010/11/28 02:08:18.0257 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys

2010/11/28 02:08:18.0319 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

2010/11/28 02:08:18.0366 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys

2010/11/28 02:08:18.0397 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

2010/11/28 02:08:18.0491 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

2010/11/28 02:08:18.0538 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys

2010/11/28 02:08:18.0584 cvusbdrv (a95d9b8d882adf93ef40d7dc9b9bb508) C:\Windows\system32\Drivers\cvusbdrv.sys

2010/11/28 02:08:18.0662 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys

2010/11/28 02:08:18.0694 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

2010/11/28 02:08:18.0787 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2010/11/28 02:08:18.0850 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys

2010/11/28 02:08:18.0912 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys

2010/11/28 02:08:18.0959 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

2010/11/28 02:08:19.0021 e1yexpress (660d34b47e65f8542dd4a573a0c11a74) C:\Windows\system32\DRIVERS\e1y6032.sys

2010/11/28 02:08:19.0084 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

2010/11/28 02:08:19.0162 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

2010/11/28 02:08:19.0208 ErrDev (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys

2010/11/28 02:08:19.0286 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

2010/11/28 02:08:19.0318 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

2010/11/28 02:08:19.0427 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

2010/11/28 02:08:19.0505 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2010/11/28 02:08:19.0520 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2010/11/28 02:08:19.0583 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2010/11/28 02:08:19.0598 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

2010/11/28 02:08:19.0676 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2010/11/28 02:08:19.0692 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

2010/11/28 02:08:19.0754 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

2010/11/28 02:08:19.0848 HBtnKey (91056a89a67e0081a4924d31ad3bc83b) C:\Windows\system32\drivers\hbtnkey.sys

2010/11/28 02:08:19.0895 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

2010/11/28 02:08:19.0942 HECI (2df64415a28ce036ac6acec7645a996f) C:\Windows\system32\drivers\heci.sys

2010/11/28 02:08:19.0973 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2010/11/28 02:08:19.0988 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2010/11/28 02:08:20.0051 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

2010/11/28 02:08:20.0082 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

2010/11/28 02:08:20.0160 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

2010/11/28 02:08:20.0191 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

2010/11/28 02:08:20.0238 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2010/11/28 02:08:20.0285 iaStor (baabb0301949774a66b955c65319635a) C:\Windows\system32\drivers\iastor.sys

2010/11/28 02:08:20.0316 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

2010/11/28 02:08:20.0488 igfx (938753888eaddb29d4b3754139ec19e8) C:\Windows\system32\DRIVERS\igdkmd32.sys

2010/11/28 02:08:20.0550 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2010/11/28 02:08:20.0612 IntcHdmiAddService (092a78e9c6f71bf0e22379503b90e800) C:\Windows\system32\drivers\IntcHdmi.sys

2010/11/28 02:08:20.0644 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

2010/11/28 02:08:20.0690 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

2010/11/28 02:08:20.0737 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2010/11/28 02:08:20.0784 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

2010/11/28 02:08:20.0831 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2010/11/28 02:08:20.0878 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2010/11/28 02:08:20.0909 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

2010/11/28 02:08:20.0956 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

2010/11/28 02:08:20.0987 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2010/11/28 02:08:21.0018 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2010/11/28 02:08:21.0080 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2010/11/28 02:08:21.0112 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys

2010/11/28 02:08:21.0158 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

2010/11/28 02:08:21.0221 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2010/11/28 02:08:21.0268 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

2010/11/28 02:08:21.0299 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

2010/11/28 02:08:21.0330 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

2010/11/28 02:08:21.0361 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2010/11/28 02:08:21.0408 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

2010/11/28 02:08:21.0439 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

2010/11/28 02:08:21.0486 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2010/11/28 02:08:21.0517 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2010/11/28 02:08:21.0548 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2010/11/28 02:08:21.0580 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2010/11/28 02:08:21.0611 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2010/11/28 02:08:21.0658 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

2010/11/28 02:08:21.0689 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2010/11/28 02:08:21.0736 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2010/11/28 02:08:21.0767 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

2010/11/28 02:08:21.0814 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys

2010/11/28 02:08:21.0860 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2010/11/28 02:08:21.0876 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2010/11/28 02:08:21.0907 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys

2010/11/28 02:08:21.0938 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

2010/11/28 02:08:21.0985 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2010/11/28 02:08:22.0048 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2010/11/28 02:08:22.0079 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2010/11/28 02:08:22.0110 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2010/11/28 02:08:22.0141 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2010/11/28 02:08:22.0172 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

2010/11/28 02:08:22.0204 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2010/11/28 02:08:22.0235 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2010/11/28 02:08:22.0266 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

2010/11/28 02:08:22.0313 NAL (a467e1deb3bb2b57426c8a5993ba933e) C:\Windows\system32\Drivers\iqvw32.sys

2010/11/28 02:08:22.0360 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

2010/11/28 02:08:22.0391 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

2010/11/28 02:08:22.0438 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2010/11/28 02:08:22.0453 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2010/11/28 02:08:22.0484 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

2010/11/28 02:08:22.0500 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2010/11/28 02:08:22.0562 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2010/11/28 02:08:22.0578 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

2010/11/28 02:08:22.0640 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2010/11/28 02:08:22.0687 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

2010/11/28 02:08:22.0718 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2010/11/28 02:08:22.0781 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

2010/11/28 02:08:22.0812 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2010/11/28 02:08:22.0859 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2010/11/28 02:08:22.0906 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

2010/11/28 02:08:22.0921 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

2010/11/28 02:08:22.0968 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

2010/11/28 02:08:23.0077 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

2010/11/28 02:08:23.0140 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2010/11/28 02:08:23.0171 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

2010/11/28 02:08:23.0202 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2010/11/28 02:08:23.0264 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\Windows\system32\DRIVERS\PBADRV.sys

2010/11/28 02:08:23.0296 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

2010/11/28 02:08:23.0342 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

2010/11/28 02:08:23.0374 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys

2010/11/28 02:08:23.0420 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2010/11/28 02:08:23.0514 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2010/11/28 02:08:23.0561 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

2010/11/28 02:08:23.0608 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

2010/11/28 02:08:23.0670 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

2010/11/28 02:08:23.0717 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2010/11/28 02:08:23.0748 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2010/11/28 02:08:23.0857 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys

2010/11/28 02:08:23.0904 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2010/11/28 02:08:23.0951 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2010/11/28 02:08:24.0013 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

2010/11/28 02:08:24.0044 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

2010/11/28 02:08:24.0076 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

2010/11/28 02:08:24.0091 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2010/11/28 02:08:24.0154 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys

2010/11/28 02:08:24.0185 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2010/11/28 02:08:24.0216 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

2010/11/28 02:08:24.0278 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys

2010/11/28 02:08:24.0294 rimsptsk (c398bca91216755b098679a8da8a2300) C:\Windows\system32\drivers\rimsptsk.sys

2010/11/28 02:08:24.0325 rismxdp (2a2554cb24506e0a0508fc395c4a1b42) C:\Windows\system32\drivers\rixdptsk.sys

2010/11/28 02:08:24.0403 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2010/11/28 02:08:24.0434 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2010/11/28 02:08:24.0497 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys

2010/11/28 02:08:24.0544 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2010/11/28 02:08:24.0590 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys

2010/11/28 02:08:24.0637 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys

2010/11/28 02:08:24.0684 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2010/11/28 02:08:24.0731 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys

2010/11/28 02:08:24.0762 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

2010/11/28 02:08:24.0809 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys

2010/11/28 02:08:24.0840 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2010/11/28 02:08:24.0887 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

2010/11/28 02:08:24.0934 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

2010/11/28 02:08:24.0949 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

2010/11/28 02:08:25.0012 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

2010/11/28 02:08:25.0074 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2010/11/28 02:08:25.0136 srv (0debafcc0e3591fca34f077cab62f7f7) C:\Windows\system32\DRIVERS\srv.sys

2010/11/28 02:08:25.0168 srv2 (6b6f3658e0a58c6c50c5f7fbdf3df633) C:\Windows\system32\DRIVERS\srv2.sys

2010/11/28 02:08:25.0199 srvnet (0c5ab1892ae0fa504218db094bf6d041) C:\Windows\system32\DRIVERS\srvnet.sys

2010/11/28 02:08:25.0292 STHDA (9aefc1bc01e03a4afb8e718fc2f72c10) C:\Windows\system32\DRIVERS\stwrt.sys

2010/11/28 02:08:25.0339 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys

2010/11/28 02:08:25.0370 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2010/11/28 02:08:25.0417 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2010/11/28 02:08:25.0448 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2010/11/28 02:08:25.0495 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2010/11/28 02:08:25.0558 Synnetdrv (623b6b03abb2d7b722bfe2018ef47d19) C:\Windows\system32\DRIVERS\Synnetdrv.sys

2010/11/28 02:08:25.0573 SynnetdrvMP (623b6b03abb2d7b722bfe2018ef47d19) C:\Windows\system32\DRIVERS\Synnetdrv.sys

2010/11/28 02:08:25.0667 Tcpip (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\drivers\tcpip.sys

2010/11/28 02:08:25.0698 Tcpip6 (48cbe6d53632d0067c2d6b20f90d84ca) C:\Windows\system32\DRIVERS\tcpip.sys

2010/11/28 02:08:25.0745 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

2010/11/28 02:08:25.0807 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2010/11/28 02:08:25.0838 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2010/11/28 02:08:25.0885 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

2010/11/28 02:08:25.0916 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

2010/11/28 02:08:25.0994 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2010/11/28 02:08:26.0010 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2010/11/28 02:08:26.0072 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

2010/11/28 02:08:26.0119 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

2010/11/28 02:08:26.0166 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

2010/11/28 02:08:26.0197 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

2010/11/28 02:08:26.0244 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

2010/11/28 02:08:26.0260 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2010/11/28 02:08:26.0291 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2010/11/28 02:08:26.0322 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2010/11/28 02:08:26.0400 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys

2010/11/28 02:08:26.0431 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2010/11/28 02:08:26.0478 USBCCID (6b5e4d5e6e5ecd6acd14aed59768ce5c) C:\Windows\system32\DRIVERS\usbccid.sys

2010/11/28 02:08:26.0509 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2010/11/28 02:08:26.0556 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

2010/11/28 02:08:26.0603 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

2010/11/28 02:08:26.0634 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2010/11/28 02:08:26.0665 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys

2010/11/28 02:08:26.0696 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2010/11/28 02:08:26.0728 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

2010/11/28 02:08:26.0774 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

2010/11/28 02:08:26.0806 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2010/11/28 02:08:26.0837 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

2010/11/28 02:08:26.0868 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

2010/11/28 02:08:26.0915 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

2010/11/28 02:08:26.0962 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2010/11/28 02:08:27.0008 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

2010/11/28 02:08:27.0055 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

2010/11/28 02:08:27.0086 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

2010/11/28 02:08:27.0133 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2010/11/28 02:08:27.0180 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2010/11/28 02:08:27.0196 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2010/11/28 02:08:27.0242 WavxDMgr (ab0b2678eb3f4536a2241c3f0da9eb36) C:\Windows\system32\DRIVERS\WavxDMgr.sys

2010/11/28 02:08:27.0289 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

2010/11/28 02:08:27.0336 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2010/11/28 02:08:27.0445 WinDriver6 (451f905bc7bff9e1cff2e7ae76196b2c) C:\Windows\system32\drivers\windrvr6.sys

2010/11/28 02:08:27.0539 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2010/11/28 02:08:27.0617 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

2010/11/28 02:08:27.0648 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2010/11/28 02:08:27.0695 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2010/11/28 02:08:27.0773 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2010/11/28 02:08:27.0835 ================================================================================

2010/11/28 02:08:27.0835 Scan finished

2010/11/28 02:08:27.0835 ================================================================================

2010/11/28 02:08:27.0851 Detected object count: 1

2010/11/28 02:08:45.0026 \HardDisk0 - will be cured after reboot

2010/11/28 02:08:45.0026 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2010/11/28 02:08:47.0242 Deinitialize success

[LDTate]

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
• Double click on ComboFix.exe & follow the prompts.
  Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  Note: If you have SP3, use the SP2 package.
  If Vista or Windows 7, skip the Recovery Console part
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

[dhrock]

I ran combofix unfortunately when the computer restarted it booted back in normal mode so it bluescreened so I do not have the log.

[LDTate]

Search for combofix.txt

It should be in the root of C C:\ComboFix.txt

Or look here:

C:\ComboFix\combofix.txt

[dhrock]

ComboFix 10-11-28.01 - standrews 11/29/2010 18:25:28.6.2 - x86 MINIMAL

Microsoft

[dhrock]

I'm doing all of this in safe mode in case it matters.

[LDTate]

I'm doing all of this in safe mode in case it matters.

Try running it again.

[dhrock]

I have tried running mtiple times and I get the same message everytime.

[LDTate]

Run TDSSKiller again

[dhrock]

TDSSKiller found no threats

[LDTate]

Delete the combofix.exe you have now.

After the above.

Download Combofix from any of the links below but rename it to iexplore.exe before saving it to your desktop.

If need be, Download the tools needed to a flash drive or other USB device, and transfer them to the infected computer.

Note:

If combofix (iexplore.exe) won't run from the desktop, try running it from the USB device.

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save iexplore.exe to your Desktop

Double click on the iexplore.exe ComboFix.exe & follow the prompts.

Be sure to download any updates.

• When finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt so we can continue cleaning the system.
  

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
• Double click on ComboFix.exe & follow the prompts.
  Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  Note: If you have SP3, use the SP2 package.
  If Vista or Windows 7, skip the Recovery Console part
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

[dhrock]

ComboFix 10-11-30.09 - standrews 12/01/2010 16:24:59.6.2 - x86 MINIMAL

Microsoft

[LDTate]

I think you have a new infection:

c:\users\standrews\appdata\roaming\hotfix.exe

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:

c:\users\standrews\appdata\roaming\hotfix.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

If virustotal is too busy you can try these.

http://virusscan.jotti.org

http://www.kaspersky.com/scanforvirus.html

[dhrock]

I've gotten to roaming but I can't seem to find hotfix

[LDTate]

It might be hidden

Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.

Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.

When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

Double-click on the Folder Options icon.

Click on the View tab.

If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.

Click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

[dhrock]

Still no luck.

[LDTate]

These are all bad if still there.

Delete these files if listed

c:\windows\system32\config\systemprofile\appdata\local\lhnetjqms\lkrjfudtssd.exe

c:\users\standrews\appdata\roaming\hotfix.exe

c:\users\standrews\appdata\roaming\aswhj.bat

c:\windows\system32\dll.dll

Delete this folder if listed

c:\windows\system32\config\systemprofile\appdata\local\lhnetjqms

After the above, try rebooting in Normal Mode

[dhrock]

I was able to delete the folder, I couldn't find anything else, and when I rebooted windows in normal mode it still bluescreened. However, the bluescreen message was different than normal but I couldn't read fast enough to see what it was rather long.

[LDTate]

Try combofix again.

If that won't run do this:

Download OTL to your desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Custom Scan box paste this in:
  netsvcs
  drivers32 /all
  %SYSTEMDRIVE%\*.*
  %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
  %systemroot%\system32\*.wt
  %systemroot%\system32\*.ruy
  %systemroot%\Fonts\*.com
  %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\Fonts\*.dll
  %systemroot%\Fonts\*.ini
  %systemroot%\Fonts\*.ini2
  %systemroot%\system32\user32.dll /md5
  %systemroot%\system32\ws2_32.dll /md5
  %systemroot%\system32\ws2help.dll /md5
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and include them in your next post.
  

Please include the following in your next post:

• OTL and Extras logs
  

[dhrock]

OTL logfile created on: 12/1/2010 6:15:36 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\standrews\Desktop

Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18928)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 92.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 72.31 Gb Total Space | 24.21 Gb Free Space | 33.48% Space Free | Partition Type: NTFS

Drive D: | 2.00 Gb Total Space | 1.06 Gb Free Space | 53.17% Space Free | Partition Type: NTFS

Drive F: | 491.34 Mb Total Space | 479.14 Mb Free Space | 97.52% Space Free | Partition Type: FAT

Computer Name: US-STU-CKERR | User Name: standrews | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\standrews\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\standrews\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (avg8wd) -- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe File not found

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\stacsv.exe (IDT, Inc.)

SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_38163857\AEstSrv.exe (Andrea Electronics Corporation)

SRV - (SMManager) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe (Smith Micro Software, Inc.)

SRV - (dcpsysmgrsvc) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe (Dell Inc.)

SRV - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)

SRV - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)

SRV - (TdmService) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe (Wave Systems Corp.)

SRV - (buttonsvc32) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe (Dell Inc.)

SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)

SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()

SRV - (alssvc) -- C:\Program Files\Dell\Ambient Light Sensor\AlsSvc.exe (Dell Inc.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (ASFAgent) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found

DRV - (NvtSp50) -- C:\Windows\System32\Drivers\NvtSp50.sys File not found

DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found

DRV - (catchme) -- C:\Users\STANDR~1\AppData\Local\Temp\catchme.sys File not found

DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys File not found

DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys File not found

DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys File not found

DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)

DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)

DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)

DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (e1yexpress) Intel® -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)

DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (cvusbdrv) -- C:\Windows\System32\drivers\cvusbdrv.sys (Broadcom Corporation)

DRV - (WavxDMgr) -- C:\Windows\System32\drivers\WavxDMgr.sys (Wave Systems Corp.)

DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)

DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)

DRV - (HBtnKey) -- C:\Windows\system32\drivers\hbtnkey.sys (Dell Inc.)

DRV - (HECI) Intel® -- C:\Windows\system32\drivers\heci.sys (Intel Corporation)

DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)

DRV - (WinDriver6) -- C:\Windows\System32\drivers\windrvr6.sys (Jungo)

DRV - (rismxdp) -- C:\Windows\system32\drivers\rixdptsk.sys (REDC)

DRV - (rimsptsk) -- C:\Windows\system32\drivers\rimsptsk.sys (REDC)

DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)

DRV - (PBADRV) -- C:\Windows\system32\DRIVERS\PBADRV.sys (Dell Inc)

DRV - (NAL) -- C:\Windows\System32\drivers\iqvw32.sys (Intel Corporation )

DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (SynnetdrvMP) -- C:\Windows\System32\drivers\Synnetdrv.sys (Windows ® Codename Longhorn DDK provider)

DRV - (Synnetdrv) -- C:\Windows\System32\drivers\Synnetdrv.sys (Windows ® Codename Longhorn DDK provider)

DRV - (AsfAlrt) -- C:\Windows\System32\drivers\Asfalrt.sys (Intel Corporation)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sasaustin.org/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.startup.homepage: "www.facebook.com"

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/28 06:50:27 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/28 06:50:27 | 000,000,000 | ---D | M]

[2009/08/30 11:46:59 | 000,000,000 | ---D | M] -- C:\Users\standrews\AppData\Roaming\mozilla\Extensions

[2010/11/17 11:46:27 | 000,000,000 | ---D | M] -- C:\Users\standrews\AppData\Roaming\mozilla\Firefox\Profiles\rtpktg8y.default\extensions

[2009/09/01 12:25:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\standrews\AppData\Roaming\mozilla\Firefox\Profiles\rtpktg8y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/09/27 20:06:16 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\standrews\AppData\Roaming\mozilla\Firefox\Profiles\rtpktg8y.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2010/11/17 11:46:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/11/29 21:51:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)

O2 - BHO: (CWebBrowserClass Object) - {B0A26676-4185-479F-B7B1-B3968B956468} - C:\Program Files\SynchronEyes Student 7.0\SEyesIEBlock.dll (SMART Technologies Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe File not found

O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)

O4 - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)

O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)

O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)

O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [secureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)

O4 - HKLM..\Run: [synchronEyes 7.0 Help Service] C:\Program Files\SynchronEyes Student 7.0\SynchronEyesClient.exe (SMART Technologies Inc.)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [uSCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)

O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AutoRun = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet32: DllName - cryptnet32.dll - File not found

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - File not found

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)

Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)

Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)

Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)

Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)

Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)

Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)

Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)

Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)

Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)

Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)

Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)

Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT

Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/03/31 20:28:01 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[2010/12/01 18:14:18 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\standrews\Desktop\OTL.exe

[2010/12/01 17:40:46 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2010/12/01 17:31:49 | 000,000,000 | --SD | C] -- C:\ComboFix

[2010/12/01 17:31:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2010/12/01 17:26:07 | 000,000,000 | -HSD | C] -- C:\found.002

[2010/12/01 16:57:25 | 000,000,000 | ---D | C] -- C:\Users\standrews\AppData\Local\Adobe

[2010/11/29 21:51:03 | 000,000,000 | ---D | C] -- C:\Users\standrews\AppData\Local\temp

[2010/11/29 00:13:49 | 000,000,000 | ---D | C] -- C:\Users\standrews\AppData\Local\Apple Computer

[2010/11/28 02:06:53 | 000,000,000 | ---D | C] -- C:\Users\standrews\Desktop\GooredFix Backups

[2010/11/28 02:06:35 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\standrews\Desktop\GooredFix.exe

[2010/11/27 13:48:16 | 000,000,000 | -HSD | C] -- C:\found.001

[2010/11/26 15:40:16 | 001,342,552 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\standrews\Desktop\TDSSKiller.exe

[2 C:\Users\standrews\Documents\*.tmp files -> C:\Users\standrews\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/01 18:15:18 | 000,606,420 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/12/01 18:15:18 | 000,104,430 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/12/01 18:11:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\standrews\Desktop\OTL.exe

[2010/12/01 17:41:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/12/01 17:41:22 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys

[2010/12/01 17:18:56 | 000,000,000 | ---- | M] () -- C:\Users\standrews\AppData\Local\WavXMapDrive.bat

[2010/12/01 17:18:51 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/12/01 16:13:28 | 003,983,387 | R--- | M] () -- C:\Users\standrews\Desktop\ComboFix.exe

[2010/12/01 15:51:50 | 003,983,387 | R--- | M] () -- C:\Users\standrews\Documents\iexplore.exe.exe

[2010/11/29 23:01:54 | 000,001,356 | ---- | M] () -- C:\Users\standrews\AppData\Local\d3d9caps.dat

[2010/11/29 23:01:17 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/11/29 21:56:00 | 000,000,400 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EBA44960-FDAF-431F-A09C-35281B1FD385}.job

[2010/11/29 21:51:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2010/11/28 19:34:02 | 003,981,348 | ---- | M] () -- C:\Users\standrews\Documents\ComboFix.exe

[2010/11/28 02:00:29 | 133,653,503 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/11/28 01:50:40 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\standrews\Desktop\GooredFix.exe

[2010/11/27 14:09:39 | 000,000,000 | ---- | M] () -- C:\Users\standrews\defogger_reenable

[2010/11/27 14:06:56 | 000,630,272 | ---- | M] () -- C:\Users\standrews\Desktop\dds.scr

[2010/11/27 13:56:16 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/11/27 13:56:16 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/11/27 13:30:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2256250747-113075341-1845388055-1001UA.job

[2010/11/27 13:04:03 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/11/27 09:30:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2256250747-113075341-1845388055-1001Core.job

[2010/11/26 18:50:12 | 000,000,566 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for standrews.job

[2010/11/26 15:40:16 | 001,342,552 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\standrews\Desktop\TDSSKiller.exe

[2010/11/18 17:37:47 | 000,019,333 | ---- | M] () -- C:\Users\standrews\Documents\history 10 art.docx

[2010/11/17 22:54:09 | 000,010,143 | ---- | M] () -- C:\Users\standrews\Documents\hamlet title.docx

[2010/11/11 23:36:35 | 000,011,594 | ---- | M] () -- C:\Users\standrews\Documents\physicslabq.docx

[2010/11/09 14:17:17 | 000,036,960 | ---- | M] () -- C:\Users\standrews\Documents\Connor Velocity Challenge.gmbl

[2010/11/09 14:15:09 | 000,036,953 | ---- | M] () -- C:\Users\standrews\Documents\ingridvelocitychallenge.gmbl

[2010/11/09 14:10:42 | 000,048,107 | ---- | M] () -- C:\Users\standrews\Documents\Connor Challenge.gmbl

[2010/11/09 14:06:32 | 000,060,673 | ---- | M] () -- C:\Users\standrews\Documents\ingrid challenge.gmbl

[2010/11/09 14:02:20 | 000,043,413 | ---- | M] () -- C:\Users\standrews\Documents\ingrid velocity match.gmbl

[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe

[2010/11/06 00:11:29 | 000,010,002 | ---- | M] () -- C:\Users\standrews\Documents\shakespear.docx

[2010/11/05 10:49:13 | 000,002,064 | ---- | M] () -- C:\Users\standrews\Desktop\Google Chrome.lnk

[2010/11/05 10:49:13 | 000,002,026 | ---- | M] () -- C:\Users\standrews\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2010/11/03 08:10:26 | 000,034,764 | ---- | M] () -- C:\Users\standrews\Documents\Connor Velocity 2.gmbl

[2010/11/03 08:06:16 | 000,065,434 | ---- | M] () -- C:\Users\standrews\Documents\ingrid velocity.gmbl

[2010/11/03 07:57:56 | 000,065,431 | ---- | M] () -- C:\Users\standrews\Documents\Sarah Velocity.gmbl

[2010/11/03 07:49:27 | 000,065,456 | ---- | M] () -- C:\Users\standrews\Documents\Connor V Graph 1.gmbl

[2 C:\Users\standrews\Documents\*.tmp files -> C:\Users\standrews\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/01 16:21:21 | 003,983,387 | R--- | C] () -- C:\Users\standrews\Desktop\ComboFix.exe

[2010/12/01 16:06:48 | 003,983,387 | R--- | C] () -- C:\Users\standrews\Documents\iexplore.exe.exe

[2010/11/28 19:39:41 | 003,981,348 | ---- | C] () -- C:\Users\standrews\Documents\ComboFix.exe

[2010/11/28 14:24:19 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys

[2010/11/27 14:13:22 | 000,630,272 | ---- | C] () -- C:\Users\standrews\Desktop\dds.scr

[2010/11/27 14:09:39 | 000,000,000 | ---- | C] () -- C:\Users\standrews\defogger_reenable

[2010/11/17 22:54:07 | 000,010,143 | ---- | C] () -- C:\Users\standrews\Documents\hamlet title.docx

[2010/11/11 23:36:33 | 000,011,594 | ---- | C] () -- C:\Users\standrews\Documents\physicslabq.docx

[2010/11/09 14:17:16 | 000,036,960 | ---- | C] () -- C:\Users\standrews\Documents\Connor Velocity Challenge.gmbl

[2010/11/09 14:15:08 | 000,036,953 | ---- | C] () -- C:\Users\standrews\Documents\ingridvelocitychallenge.gmbl

[2010/11/09 14:10:41 | 000,048,107 | ---- | C] () -- C:\Users\standrews\Documents\Connor Challenge.gmbl

[2010/11/09 14:06:31 | 000,060,673 | ---- | C] () -- C:\Users\standrews\Documents\ingrid challenge.gmbl

[2010/11/09 14:02:19 | 000,043,413 | ---- | C] () -- C:\Users\standrews\Documents\ingrid velocity match.gmbl

[2010/11/06 00:11:27 | 000,010,002 | ---- | C] () -- C:\Users\standrews\Documents\shakespear.docx

[2010/11/03 08:10:25 | 000,034,764 | ---- | C] () -- C:\Users\standrews\Documents\Connor Velocity 2.gmbl

[2010/11/03 08:06:15 | 000,065,434 | ---- | C] () -- C:\Users\standrews\Documents\ingrid velocity.gmbl

[2010/11/03 07:57:56 | 000,065,431 | ---- | C] () -- C:\Users\standrews\Documents\Sarah Velocity.gmbl

[2010/11/03 07:44:05 | 000,065,456 | ---- | C] () -- C:\Users\standrews\Documents\Connor V Graph 1.gmbl

[2010/09/17 13:19:31 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini

[2010/02/05 08:37:21 | 000,001,356 | ---- | C] () -- C:\Users\standrews\AppData\Local\d3d9caps.dat

[2009/10/11 21:00:53 | 000,005,632 | ---- | C] () -- C:\Users\standrews\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/08/30 12:11:06 | 000,000,809 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/07/01 11:12:56 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/07/01 10:18:34 | 000,000,000 | ---- | C] () -- C:\Users\standrews\AppData\Local\WavXMapDrive.bat

[2009/06/22 10:31:05 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TransCom.dll

[2009/06/22 09:40:01 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2009/06/22 09:34:30 | 000,002,528 | ---- | C] () -- C:\Windows\FCIC.INI

[2009/06/02 04:11:59 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll

[2009/06/02 04:11:57 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2009/06/02 04:11:43 | 001,164,288 | ---- | C] () -- C:\Windows\System32\taboem.dll

[2009/06/02 01:45:58 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll

[2009/06/02 01:35:39 | 000,279,888 | ---- | C] () -- C:\Windows\System32\brcmbsp.dll

[2009/06/02 01:35:26 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll

[2009/06/02 01:26:13 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll

[2009/03/01 17:01:02 | 000,143,360 | R--- | C] () -- C:\Windows\System32\preflib.dll

[2008/12/22 11:13:54 | 000,249,856 | ---- | C] () -- C:\Windows\System32\wxvault.dll

[2008/12/19 17:59:18 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_tr.dll

[2008/12/19 17:59:16 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_ro.dll

[2008/12/19 17:59:16 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll

[2008/12/19 17:59:14 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_hu.dll

[2008/12/19 17:59:14 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_he.dll

[2008/12/19 17:59:12 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_fi.dll

[2008/12/19 17:59:10 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_el.dll

[2008/12/19 17:59:10 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_cs.dll

[2008/12/19 17:59:08 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_ar.dll

[2008/12/19 17:59:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll

[2008/12/19 17:59:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll

[2008/12/19 17:59:04 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sv.dll

[2008/12/19 17:59:04 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll

[2008/12/19 17:59:02 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll

[2008/12/19 17:59:00 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pl.dll

[2008/12/19 17:59:00 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_no.dll

[2008/12/19 17:58:58 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_nl.dll

[2008/12/19 17:58:56 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll

[2008/12/19 17:58:56 | 000,086,016 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll

[2008/12/19 17:58:54 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll

[2008/12/19 17:58:54 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll

[2008/12/19 17:58:52 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll

[2008/12/19 17:58:50 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll

[2008/12/19 17:58:48 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_da.dll

[2008/12/11 14:51:36 | 000,010,752 | ---- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll

[2008/12/11 11:59:48 | 000,512,000 | ---- | C] () -- C:\Windows\System32\AmRes_en.dll

[2008/12/11 11:59:46 | 000,540,672 | ---- | C] () -- C:\Windows\System32\AmRes_fr.dll

[2008/12/11 11:59:46 | 000,540,672 | ---- | C] () -- C:\Windows\System32\AmRes_es.dll

[2008/12/11 11:59:46 | 000,536,576 | ---- | C] () -- C:\Windows\System32\AmRes_it.dll

[2008/12/11 11:59:44 | 000,520,192 | ---- | C] () -- C:\Windows\System32\AmRes_ja.dll

[2008/12/11 11:59:44 | 000,503,808 | ---- | C] () -- C:\Windows\System32\AmRes_ko.dll

[2008/12/11 11:59:42 | 000,565,248 | ---- | C] () -- C:\Windows\System32\AmRes_ru.dll

[2008/12/11 11:59:42 | 000,524,288 | ---- | C] () -- C:\Windows\System32\AmRes_pt-BR.dll

[2008/12/11 11:59:40 | 000,516,096 | ---- | C] () -- C:\Windows\System32\AmRes_da.dll

[2008/12/11 11:59:40 | 000,479,232 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHT.dll

[2008/12/11 11:59:40 | 000,475,136 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHS.dll

[2008/12/11 11:59:38 | 000,540,672 | ---- | C] () -- C:\Windows\System32\AmRes_nl.dll

[2008/12/11 11:59:38 | 000,512,000 | ---- | C] () -- C:\Windows\System32\AmRes_no.dll

[2008/12/11 11:59:36 | 000,528,384 | ---- | C] () -- C:\Windows\System32\AmRes_pl.dll

[2008/12/11 11:59:36 | 000,516,096 | ---- | C] () -- C:\Windows\System32\AmRes_sv.dll

[2008/12/11 11:59:36 | 000,512,000 | ---- | C] () -- C:\Windows\System32\AmRes_ar.dll

[2008/12/11 11:59:34 | 000,536,576 | ---- | C] () -- C:\Windows\System32\AmRes_el.dll

[2008/12/11 11:59:34 | 000,528,384 | ---- | C] () -- C:\Windows\System32\AmRes_cs.dll

[2008/12/11 11:59:34 | 000,520,192 | ---- | C] () -- C:\Windows\System32\AmRes_fi.dll

[2008/12/11 11:59:34 | 000,503,808 | ---- | C] () -- C:\Windows\System32\AmRes_he.dll

[2008/12/11 11:59:32 | 000,532,480 | ---- | C] () -- C:\Windows\System32\AmRes_pt-PT.dll

[2008/12/11 11:59:32 | 000,528,384 | ---- | C] () -- C:\Windows\System32\AmRes_hu.dll

[2008/12/11 11:59:30 | 000,532,480 | ---- | C] () -- C:\Windows\System32\AmRes_ro.dll

[2008/12/11 11:59:30 | 000,524,288 | ---- | C] () -- C:\Windows\System32\AmRes_tr.dll

[2008/12/11 11:56:30 | 000,544,768 | ---- | C] () -- C:\Windows\System32\AmRes_de.dll

[2008/10/06 17:36:56 | 000,839,680 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll

[2008/03/25 08:46:00 | 000,077,536 | ---- | C] () -- C:\Windows\System32\xltZlib.dll

[2007/04/19 04:52:16 | 000,080,720 | ---- | C] () -- C:\Windows\System32\AsfBios.dll

[2007/04/19 04:28:10 | 000,025,424 | ---- | C] () -- C:\Windows\System32\drivers\netamsg.dll

[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/06/30 11:58:44 | 000,176,128 | R--- | C] () -- C:\Windows\System32\bioapi_mds300.dll

[2006/06/30 11:58:44 | 000,126,976 | R--- | C] () -- C:\Windows\System32\bioapi100.dll

[2004/09/10 12:34:00 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll

[2004/09/10 12:34:00 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll

========== LOP Check ==========

[2010/02/25 07:17:40 | 000,000,000 | ---D | M] -- C:\Users\standrews\AppData\Roaming\.anki

[2010/10/04 19:33:54 | 000,000,000 | ---D | M] -- C:\Users\standrews\AppData\Roaming\.minecraft

[2009/07/01 10:18:35 | 000,000,000 | ---D | M] -- C:\Users\standrews\AppData\Roaming\Broadcom

[2010/09/18 03:54:32 | 000,000,000 | ---D | M] -- C:\Users\standrews\AppData\Roaming\Image Zone Express

[2009/09/22 04:31:28 | 000,000,000 | ---D | M] -- C:\Users\standrews\AppData\Roaming\Motic

[2010/09/18 03:54:31 | 000,000,000 | ---D | M] -- C:\Users\standrews\AppData\Roaming\Printer Info Cache

[2010/07/02 17:14:04 | 000,000,000 | ---D | M] -- C:\Users\standrews\AppData\Roaming\Unity

[2009/07/01 10:18:49 | 000,000,000 | ---D | M] -- C:\Users\standrews\AppData\Roaming\Wave Systems Corp

[2010/11/27 13:28:05 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2010/11/29 21:56:00 | 000,000,400 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EBA44960-FDAF-431F-A09C-35281B1FD385}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2006/09/18 15:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2010/12/01 17:26:40 | 000,005,856 | ---- | M] () -- C:\bootex.log

[2009/04/11 00:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr

[2006/09/18 15:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys

[2009/06/02 04:12:14 | 000,003,396 | RH-- | M] () -- C:\dell.sdr

[2010/11/28 02:00:40 | 3484,610,560 | -HS- | M] () -- C:\pagefile.sys

[2010/12/01 07:14:49 | 000,058,926 | ---- | M] () -- C:\TDSSKiller.2.4.9.0_01.12.2010_07.14.17_log.txt

[2010/12/01 07:15:07 | 000,058,926 | ---- | M] () -- C:\TDSSKiller.2.4.9.0_01.12.2010_07.14.52_log.txt

[2010/11/28 02:08:47 | 000,060,198 | ---- | M] () -- C:\TDSSKiller.2.4.9.0_28.11.2010_02.08.10_log.txt

[2010/11/28 14:29:36 | 000,059,632 | ---- | M] () -- C:\TDSSKiller.2.4.9.0_28.11.2010_14.28.57_log.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2008/01/20 20:23:39 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL

[2006/11/02 06:36:30 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

[2006/11/02 06:37:19 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

[2006/11/02 06:37:19 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont

[2006/11/02 06:37:19 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

[2009/07/01 12:14:11 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2008/01/20 21:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008/01/20 21:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008/01/20 21:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006/11/02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006/11/02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >

[2006/09/18 15:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\user32.dll /md5 >

[2009/04/11 00:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >

[2008/01/20 20:25:16 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\System32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >

[2006/11/02 03:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-15 08:12:51

========== Files - Unicode (All) ==========

[2010/09/08 17:19:12 | 000,010,242 | ---- | M] ()(C:\Users\standrews\Documents\??????.docx) -- C:\Users\standrews\Documents\??????.docx

[2010/09/08 17:19:07 | 000,010,242 | ---- | C] ()(C:\Users\standrews\Documents\??????.docx) -- C:\Users\standrews\Documents\??????.docx

< End of report >

TL Extras logfile created on: 12/1/2010 6:15:36 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\standrews\Desktop

Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18928)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 92.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 72.31 Gb Total Space | 24.21 Gb Free Space | 33.48% Space Free | Partition Type: NTFS

Drive D: | 2.00 Gb Total Space | 1.06 Gb Free Space | 53.17% Space Free | Partition Type: NTFS

Drive F: | 491.34 Mb Total Space | 479.14 Mb Free Space | 97.52% Space Free | Partition Type: FAT

Computer Name: US-STU-CKERR | User Name: standrews | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2256250747-113075341-1845388055-1000]

"EnableNotifications" = 0

"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2256250747-113075341-1845388055-1001]

"EnableNotifications" = 0

"EnableNotificationsRef" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0F6A3EAB-C414-43E0-AB17-C68835968287}" = rport=139 | protocol=6 | dir=out | app=system |

"{19BE074C-823F-4AB9-B5E9-C5935099D82F}" = lport=445 | protocol=6 | dir=in | app=system |

"{1FE1E0BF-03A2-47E4-8D0D-79D6C0036E7B}" = rport=138 | protocol=17 | dir=out | app=system |

"{211FC418-0BA3-4667-85F3-8CA4C665C863}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{4A40EC5F-8CC6-4165-B276-2D44A610D9EB}" = lport=137 | protocol=17 | dir=in | app=system |

"{60F599C7-AA67-4D4C-81A1-DE84CA5663C0}" = rport=445 | protocol=6 | dir=out | app=system |

"{6BEB5396-4AC9-4ABC-90B0-308E2A3E437D}" = lport=138 | protocol=17 | dir=in | app=system |

"{932C28EC-4B86-4DBC-A6A7-38CF7FC8411C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{C4E3BF1B-9AB0-4C6D-BFF4-CD5C97DF55C7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{C57E4DC0-7F7B-4FC9-A3E1-6A993731557C}" = lport=139 | protocol=6 | dir=in | app=system |

"{DD0CED93-8EB2-4230-9037-FDC594E5A02B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{E14B8EC1-B0AD-4B5F-B0B4-37B85F11A8AF}" = lport=2869 | protocol=6 | dir=in | app=system |

"{ED6899F8-706F-4E98-AB01-EA7CC56721A1}" = rport=137 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0C1414F6-52FF-41FC-9AC8-C33A3011CAAB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{1663F2A9-F94B-470F-A50A-A8827DBD552F}" = protocol=6 | dir=in | app=c:\program files\synchroneyes student 7.0\dax64.exe |

"{334988A3-EE18-4A5C-82F3-013ACAC0C6E5}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{390EF003-FCAA-40C1-9E9A-A1E2A7838854}" = protocol=6 | dir=in | app=c:\program files\synchroneyes student 7.0\studentconfig.exe |

"{4105C829-B05A-4408-B480-8D44C30B0BA8}" = protocol=17 | dir=in | app=c:\program files\synchroneyes student 7.0\dax64.exe |

"{4F3471EF-A39C-46F7-87D3-6995B40B3E66}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{58DCE78B-8EA5-40A6-B8A8-FE529B77D1C5}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |

"{650A487D-8168-4363-85CF-1F8D1693A43A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{854BFDFD-8A51-46BF-A345-9B5308E68848}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{85C8AAE0-C899-4E23-9F23-E70E8C4BED3D}" = protocol=17 | dir=in | app=c:\program files\synchroneyes student 7.0\studentconfig.exe |

"{8C51E915-51E7-4A12-8D5D-51B831EE98D9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{97C153E8-C62B-43C7-84FE-C0EED2388002}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{9944B639-A8B1-4ABD-98E1-0C81BC8336BA}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{9A93DF25-DC4E-406C-A6C4-D8F6190E9655}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |

"{9D042882-1DC9-4537-AFF5-EFEF79ACAF15}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{9DD595A6-0C99-4F51-9B65-4FA3A5778A7B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{A35846DE-8BDA-4BB1-8CC7-4C00CF85CA5C}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{A8C9703C-88B6-42D4-BE2C-F310FCFE984C}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |

"{B86778CB-CD65-4FDF-A011-7A4119E683B2}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |

"{CAC085C2-FDF7-468B-8B0F-8AD6AC5ECCEC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{DA7FDF95-DA78-42AE-9DEA-68B01B48D99F}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |

"{ED8A62F5-1FAD-4854-8A88-E1CF69D9FD2E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{EF41FFD7-B7A0-44C5-8AC2-CFEB76EAE813}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |

"{F5F853B5-4EF8-4D61-A8F3-C3FD46A1CB28}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |

"{F7887529-3E8C-455F-8486-6364B17D9685}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |

"TCP Query User{8E582F8C-9CDE-43B6-9D04-FD28ED91BBB5}C:\program files\synchroneyes student 7.0\dax64.exe" = protocol=6 | dir=in | app=c:\program files\synchroneyes student 7.0\dax64.exe |

"UDP Query User{F418DCD7-FD24-4B69-B913-12A8AE425018}C:\program files\synchroneyes student 7.0\dax64.exe" = protocol=17 | dir=in | app=c:\program files\synchroneyes student 7.0\dax64.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call

"{06960020-59A4-11D5-9721-00B0D03F1A43}" = Motic Images Plus 2.0

"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack

"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software

"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger

"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager

"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan

"{17271AB7-D7EC-4a95-9861-FAFE5A4664AD}" = 6300Trb

"{173497F1-F291-4AA7-943E-61CB9378771D}" = SO32MMWrapper

"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan

"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration

"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}" = Intel® Network Connections 13.0.42.0

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16

"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar

"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes

"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer

"{32603779-1B20-4342-8FE6-F8431D502811}" = SynchronEyes Student 7.0

"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{405ABBEB-8DF1-4174-86C0-DCB5E1C78F14}" = NetDeviceManager

"{41573DB1-9DAA-43C7-BCBC-49696A648079}" = Dell ControlPoint Connection Manager

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{4994A7CB-2BF4-4664-8FCE-DB66055ECEBC}" = Broadcom USH Host Components

"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc

"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update

"{4BBB7E33-4B07-4B8E-8A43-2BE0C4582ADC}" = Logger Pro 3.3

"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows

"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite

"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup

"{597E70FF-7C46-4EED-8092-91B7C2E0529D}" = Google SketchUp 7

"{5AF4F4C5-C71C-418F-B0B1-3903A345BD71}" = Ambient Light Sensor

"{5B35C417-2649-11D6-83D1-0050FC01225C}" = FirstClass

[LDTate]

OTL Fix

Run OTL.exe

• Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
  

  :OTL
  O20 - Winlogon\Notify\cryptnet32.dll
  
  :Commands
  [EmptyFlash]
  [EmptyTemp]
  [RESETHOSTS] 
  [purity]
  [start explorer]
  [Reboot]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, it will reboot when it is done and produce a log
  

[dhrock]

My computer bluescreened again on reboot but here is the log I found under _OTL

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ deleted successfully.

File ogon\Notify\cryptnet32.dll not found.

========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: rem

User: rmabry

->Flash cache emptied: 0 bytes

User: standrews

->Flash cache emptied: 170929 bytes

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: rem

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

User: rmabry

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: standrews

->Temp folder emptied: 31832 bytes

->Temporary Internet Files folder emptied: 4501756 bytes

->Java cache emptied: 4636432 bytes

->FireFox cache emptied: 49509062 bytes

->Google Chrome cache emptied: 594288 bytes

->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 9953079 bytes

%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 26986 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 66.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.17.3 log created on 12012010_183758

[LDTate]

So still only Safe Mode will work?