[maliprog]

This is official link. Can you try different browser to download the file.

Visit This link for official page and try to download it from there.

[Advertisements]

I selectd "cure" on the scan but there is not continue button. Just "copy all to quarantine (which changes the "cure" button OR restore default action


FORGET the above. I found it.

Edited by realapp, 28 September 2011 - 11:12 AM.

[realapp]

I selectd "cure" on the scan but there is not continue button. Just "copy all to quarantine (which changes the "cure" button OR restore default action


FORGET the above. I found it.

Edited by realapp, 28 September 2011 - 11:12 AM.

[realapp]

I'll post the other logs next. Having to do this one at a time. BTW, I was able to login regular, Not as admin and have keyboard function back now.



12:06:20.0875 1668 TDSS rootkit removing tool 2.6.2.0 Sep 26 2011 18:56:43
12:06:20.0875 1668 ============================================================
12:06:20.0875 1668 Current date / time: 2011/09/28 12:06:20.0875
12:06:20.0875 1668 SystemInfo:
12:06:20.0875 1668
12:06:20.0875 1668 OS Version: 5.1.2600 ServicePack: 3.0
12:06:20.0875 1668 Product type: Workstation
12:06:20.0875 1668 ComputerName: WAYNES
12:06:20.0890 1668 UserName: Administrator
12:06:20.0890 1668 Windows directory: C:\WINDOWS
12:06:20.0890 1668 System windows directory: C:\WINDOWS
12:06:20.0890 1668 Processor architecture: Intel x86
12:06:20.0890 1668 Number of processors: 1
12:06:20.0890 1668 Page size: 0x1000
12:06:20.0890 1668 Boot type: Safe boot
12:06:20.0890 1668 ============================================================
12:06:23.0046 1668 Initialize success
12:06:27.0640 1928 ============================================================
12:06:27.0640 1928 Scan started
12:06:27.0640 1928 Mode: Manual;
12:06:27.0640 1928 ============================================================
12:06:33.0531 1928 Aavmker4 (1ebbd84e856f54eb16d46df9648e872a) C:\WINDOWS\system32\drivers\Aavmker4.sys
12:06:33.0531 1928 Aavmker4 - ok
12:06:33.0687 1928 Abiosdsk - ok
12:06:33.0828 1928 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:06:33.0828 1928 abp480n5 - ok
12:06:33.0984 1928 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:06:34.0000 1928 ACPI - ok
12:06:34.0125 1928 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
12:06:34.0125 1928 ACPIEC - ok
12:06:34.0281 1928 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:06:34.0296 1928 adpu160m - ok
12:06:34.0453 1928 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
12:06:34.0453 1928 aec - ok
12:06:34.0609 1928 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
12:06:34.0640 1928 AFD - ok
12:06:35.0000 1928 AgereSoftModem (baf68dcba949633df0c16d37af2a2351) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
12:06:35.0171 1928 AgereSoftModem - ok
12:06:35.0375 1928 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
12:06:35.0375 1928 agp440 - ok
12:06:35.0484 1928 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:06:35.0484 1928 agpCPQ - ok
12:06:35.0593 1928 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:06:35.0593 1928 Aha154x - ok
12:06:35.0781 1928 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:06:35.0796 1928 aic78u2 - ok
12:06:35.0953 1928 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:06:35.0968 1928 aic78xx - ok
12:06:36.0125 1928 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
12:06:36.0125 1928 AliIde - ok
12:06:36.0281 1928 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:06:36.0281 1928 alim1541 - ok
12:06:36.0453 1928 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:06:36.0453 1928 amdagp - ok
12:06:36.0609 1928 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
12:06:36.0609 1928 amsint - ok
12:06:36.0765 1928 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
12:06:36.0765 1928 asc - ok
12:06:36.0890 1928 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:06:36.0906 1928 asc3350p - ok
12:06:37.0031 1928 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:06:37.0046 1928 asc3550 - ok
12:06:37.0250 1928 aswFsBlk (062287cee536e8af6680d33259de6bd6) C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
12:06:37.0250 1928 aswFsBlk - ok
12:06:37.0375 1928 aswMon2 (05960396794e51ebbb9507c86b8b009e) C:\WINDOWS\system32\drivers\aswMon2.sys
12:06:37.0390 1928 aswMon2 - ok
12:06:37.0562 1928 aswRdr (06b360d8179959798d2bf054437df923) C:\WINDOWS\system32\drivers\aswRdr.sys
12:06:37.0562 1928 aswRdr - ok
12:06:37.0718 1928 aswSP (045ed8ef540e69a41e9c0e255fbaf0c0) C:\WINDOWS\system32\drivers\aswSP.sys
12:06:37.0734 1928 aswSP - ok
12:06:37.0921 1928 aswTdi (2410f10faa00f222b3a29308741598d6) C:\WINDOWS\system32\drivers\aswTdi.sys
12:06:37.0921 1928 aswTdi - ok
12:06:38.0093 1928 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:06:38.0093 1928 AsyncMac - ok
12:06:38.0250 1928 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
12:06:38.0250 1928 atapi - ok
12:06:38.0359 1928 Atdisk - ok
12:06:38.0484 1928 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:06:38.0484 1928 Atmarpc - ok
12:06:38.0687 1928 ATMhelpr (3ef1db7f168851914517d4ed36b57c04) C:\WINDOWS\system32\drivers\ATMhelpr.sys
12:06:38.0687 1928 ATMhelpr - ok
12:06:38.0875 1928 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
12:06:38.0875 1928 audstub - ok
12:06:39.0046 1928 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
12:06:39.0046 1928 Beep - ok
12:06:39.0062 1928 catchme - ok
12:06:39.0265 1928 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:06:39.0265 1928 cbidf - ok
12:06:39.0421 1928 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
12:06:39.0421 1928 cbidf2k - ok
12:06:39.0578 1928 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:06:39.0578 1928 CCDECODE - ok
12:06:39.0750 1928 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:06:39.0765 1928 cd20xrnt - ok
12:06:39.0890 1928 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
12:06:39.0890 1928 Cdaudio - ok
12:06:40.0031 1928 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
12:06:40.0046 1928 Cdfs - ok
12:06:40.0203 1928 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:06:40.0218 1928 Cdrom - ok
12:06:40.0328 1928 Changer - ok
12:06:40.0500 1928 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:06:40.0500 1928 CmdIde - ok
12:06:40.0656 1928 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:06:40.0656 1928 Cpqarray - ok
12:06:40.0843 1928 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:06:40.0875 1928 dac2w2k - ok
12:06:40.0984 1928 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:06:40.0984 1928 dac960nt - ok
12:06:41.0203 1928 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
12:06:41.0203 1928 Disk - ok
12:06:41.0515 1928 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
12:06:41.0671 1928 dmboot - ok
12:06:41.0828 1928 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
12:06:41.0859 1928 dmio - ok
12:06:42.0000 1928 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
12:06:42.0000 1928 dmload - ok
12:06:42.0171 1928 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
12:06:42.0171 1928 DMusic - ok
12:06:42.0328 1928 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:06:42.0328 1928 dpti2o - ok
12:06:42.0453 1928 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
12:06:42.0453 1928 drmkaud - ok
12:06:42.0625 1928 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
12:06:42.0656 1928 Fastfat - ok
12:06:42.0859 1928 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
12:06:42.0875 1928 Fdc - ok
12:06:43.0015 1928 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
12:06:43.0031 1928 Fips - ok
12:06:43.0140 1928 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
12:06:43.0140 1928 Flpydisk - ok
12:06:43.0328 1928 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
12:06:43.0343 1928 FltMgr - ok
12:06:43.0468 1928 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:06:43.0468 1928 Fs_Rec - ok
12:06:43.0656 1928 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:06:43.0671 1928 Ftdisk - ok
12:06:43.0859 1928 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:06:43.0859 1928 Gpc - ok
12:06:44.0062 1928 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:06:44.0062 1928 HDAudBus - ok
12:06:44.0218 1928 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:06:44.0218 1928 HidUsb - ok
12:06:44.0406 1928 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
12:06:44.0406 1928 hpn - ok
12:06:44.0578 1928 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:06:44.0593 1928 HPZid412 - ok
12:06:44.0750 1928 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:06:44.0750 1928 HPZipr12 - ok
12:06:44.0906 1928 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:06:44.0906 1928 HPZius12 - ok
12:06:45.0093 1928 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
12:06:45.0140 1928 HTTP - ok
12:06:45.0296 1928 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
12:06:45.0296 1928 i2omgmt - ok
12:06:45.0421 1928 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:06:45.0421 1928 i2omp - ok
12:06:45.0546 1928 i8042prt (e9e3c8bdf07bb081db27d876b055c08a) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:06:45.0546 1928 i8042prt ( Rootkit.Win32.ZAccess.e ) - infected
12:06:45.0546 1928 i8042prt - detected Rootkit.Win32.ZAccess.e (0)
12:06:45.0765 1928 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
12:06:45.0765 1928 Imapi - ok
12:06:45.0953 1928 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:06:45.0968 1928 ini910u - ok
12:06:46.0140 1928 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\WINDOWS\system32\drivers\int15.sys
12:06:46.0140 1928 int15 - ok
12:06:46.0156 1928 int15.sys - ok
12:06:46.0968 1928 IntcAzAudAddService (19afbb8427ce65042599555e578170df) C:\WINDOWS\system32\drivers\RtkHDAud.sys
12:06:47.0593 1928 IntcAzAudAddService - ok
12:06:47.0796 1928 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
12:06:47.0796 1928 IntelIde - ok
12:06:47.0953 1928 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
12:06:47.0953 1928 Ip6Fw - ok
12:06:48.0125 1928 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:06:48.0125 1928 IpFilterDriver - ok
12:06:48.0234 1928 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:06:48.0234 1928 IpInIp - ok
12:06:48.0375 1928 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:06:48.0406 1928 IpNat - ok
12:06:48.0531 1928 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:06:48.0546 1928 IPSec - ok
12:06:48.0718 1928 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
12:06:48.0718 1928 IRENUM - ok
12:06:48.0906 1928 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:06:48.0921 1928 isapnp - ok
12:06:49.0062 1928 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:06:49.0062 1928 Kbdclass - ok
12:06:49.0218 1928 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
12:06:49.0250 1928 kmixer - ok
12:06:49.0359 1928 KMW_KBD - ok
12:06:49.0484 1928 KMW_USB - ok
12:06:49.0640 1928 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
12:06:49.0656 1928 KSecDD - ok
12:06:49.0781 1928 lbrtfdc - ok
12:06:49.0937 1928 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
12:06:49.0953 1928 mnmdd - ok
12:06:50.0093 1928 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
12:06:50.0093 1928 Modem - ok
12:06:50.0328 1928 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:06:50.0343 1928 Mouclass - ok
12:06:50.0500 1928 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:06:50.0500 1928 mouhid - ok
12:06:50.0640 1928 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
12:06:50.0656 1928 MountMgr - ok
12:06:50.0812 1928 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:06:50.0812 1928 mraid35x - ok
12:06:51.0000 1928 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:06:51.0015 1928 MRxDAV - ok
12:06:51.0250 1928 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:06:51.0359 1928 MRxSmb - ok
12:06:51.0937 1928 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
12:06:51.0937 1928 Msfs - ok
12:06:52.0093 1928 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:06:52.0093 1928 MSKSSRV - ok
12:06:52.0218 1928 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:06:52.0218 1928 MSPCLOCK - ok
12:06:52.0375 1928 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
12:06:52.0375 1928 MSPQM - ok
12:06:52.0515 1928 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:06:52.0531 1928 mssmbios - ok
12:06:52.0671 1928 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
12:06:52.0671 1928 MSTEE - ok
12:06:52.0812 1928 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
12:06:52.0828 1928 Mup - ok
12:06:52.0984 1928 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:06:53.0000 1928 NABTSFEC - ok
12:06:53.0171 1928 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
12:06:53.0171 1928 NDIS - ok
12:06:53.0343 1928 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:06:53.0343 1928 NdisIP - ok
12:06:53.0500 1928 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:06:53.0515 1928 NdisTapi - ok
12:06:53.0656 1928 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:06:53.0656 1928 Ndisuio - ok
12:06:53.0828 1928 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:06:53.0843 1928 NdisWan - ok
12:06:54.0000 1928 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
12:06:54.0000 1928 NDProxy - ok
12:06:54.0156 1928 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
12:06:54.0171 1928 NetBIOS - ok
12:06:54.0406 1928 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
12:06:54.0437 1928 NetBT - ok
12:06:54.0593 1928 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
12:06:54.0609 1928 Npfs - ok
12:06:54.0828 1928 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
12:06:54.0843 1928 Ntfs - ok
12:06:55.0031 1928 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
12:06:55.0031 1928 NuidFltr - ok
12:06:55.0187 1928 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
12:06:55.0187 1928 Null - ok
12:06:56.0234 1928 nv (8e6c08918dd6af8403cc24969582761a) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
12:06:57.0156 1928 nv - ok
12:06:57.0328 1928 NVENETFD (45ba510db13a0496db1cd16826519e03) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
12:06:57.0343 1928 NVENETFD - ok
12:06:57.0468 1928 nvnetbus (57cbdb934fb1afb7e03b413d151a6152) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
12:06:57.0468 1928 nvnetbus - ok
12:06:57.0640 1928 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:06:57.0656 1928 NwlnkFlt - ok
12:06:57.0812 1928 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:06:57.0812 1928 NwlnkFwd - ok
12:06:58.0000 1928 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
12:06:58.0000 1928 Parport - ok
12:06:58.0171 1928 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
12:06:58.0171 1928 PartMgr - ok
12:06:58.0406 1928 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
12:06:58.0406 1928 ParVdm - ok
12:06:58.0578 1928 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
12:06:58.0593 1928 PCI - ok
12:06:58.0718 1928 PCIDump - ok
12:06:58.0906 1928 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
12:06:58.0906 1928 PCIIde - ok
12:06:59.0046 1928 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
12:06:59.0062 1928 Pcmcia - ok
12:06:59.0171 1928 PDCOMP - ok
12:06:59.0281 1928 PDFRAME - ok
12:06:59.0406 1928 PDRELI - ok
12:06:59.0531 1928 PDRFRAME - ok
12:06:59.0671 1928 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
12:06:59.0671 1928 perc2 - ok
12:06:59.0812 1928 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:06:59.0812 1928 perc2hib - ok
12:06:59.0984 1928 Point32 (2e3394c8ebf31a9b4f0a531eb5cc7bc7) C:\WINDOWS\system32\DRIVERS\point32.sys
12:07:00.0000 1928 Point32 - ok
12:07:00.0171 1928 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:07:00.0171 1928 PptpMiniport - ok
12:07:00.0328 1928 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
12:07:00.0343 1928 Processor - ok
12:07:00.0515 1928 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
12:07:00.0531 1928 PSched - ok
12:07:00.0640 1928 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:07:00.0640 1928 Ptilink - ok
12:07:00.0843 1928 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys
12:07:00.0859 1928 QCDonner - ok
12:07:01.0062 1928 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:07:01.0062 1928 ql1080 - ok
12:07:01.0203 1928 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:07:01.0203 1928 Ql10wnt - ok
12:07:01.0343 1928 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:07:01.0343 1928 ql12160 - ok
12:07:01.0468 1928 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:07:01.0468 1928 ql1240 - ok
12:07:01.0609 1928 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:07:01.0609 1928 ql1280 - ok
12:07:01.0750 1928 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:07:01.0750 1928 RasAcd - ok
12:07:01.0968 1928 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:07:01.0984 1928 Rasl2tp - ok
12:07:02.0109 1928 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:07:02.0125 1928 RasPppoe - ok
12:07:02.0265 1928 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
12:07:02.0265 1928 Raspti - ok
12:07:02.0453 1928 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:07:02.0468 1928 Rdbss - ok
12:07:02.0609 1928 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:07:02.0609 1928 RDPCDD - ok
12:07:02.0765 1928 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:07:02.0796 1928 rdpdr - ok
12:07:02.0984 1928 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
12:07:03.0000 1928 RDPWD - ok
12:07:03.0187 1928 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
12:07:03.0203 1928 redbook - ok
12:07:03.0406 1928 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:07:03.0406 1928 Secdrv - ok
12:07:03.0562 1928 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
12:07:03.0562 1928 Serial - ok
12:07:03.0812 1928 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
12:07:03.0812 1928 Sfloppy - ok
12:07:03.0937 1928 Simbad - ok
12:07:04.0062 1928 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:07:04.0078 1928 sisagp - ok
12:07:04.0234 1928 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
12:07:04.0250 1928 SLIP - ok
12:07:04.0406 1928 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
12:07:04.0406 1928 Sparrow - ok
12:07:04.0546 1928 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
12:07:04.0546 1928 splitter - ok
12:07:04.0750 1928 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
12:07:04.0765 1928 sr - ok
12:07:04.0968 1928 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
12:07:05.0031 1928 Srv - ok
12:07:05.0265 1928 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
12:07:05.0265 1928 streamip - ok
12:07:05.0453 1928 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
12:07:05.0453 1928 swenum - ok
12:07:05.0625 1928 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
12:07:05.0625 1928 swmidi - ok
12:07:05.0781 1928 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
12:07:05.0781 1928 symc810 - ok
12:07:05.0937 1928 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
12:07:05.0937 1928 symc8xx - ok
12:07:06.0078 1928 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
12:07:06.0093 1928 sym_hi - ok
12:07:06.0234 1928 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
12:07:06.0250 1928 sym_u3 - ok
12:07:06.0421 1928 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
12:07:06.0437 1928 sysaudio - ok
12:07:06.0640 1928 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
12:07:06.0640 1928 Tcpip - ok
12:07:06.0796 1928 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
12:07:06.0796 1928 TDPIPE - ok
12:07:06.0937 1928 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
12:07:06.0937 1928 TDTCP - ok
12:07:07.0109 1928 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
12:07:07.0109 1928 TermDD - ok
12:07:07.0265 1928 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
12:07:07.0265 1928 TosIde - ok
12:07:07.0437 1928 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
12:07:07.0453 1928 Udfs - ok
12:07:07.0593 1928 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
12:07:07.0593 1928 ultra - ok
12:07:07.0828 1928 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
12:07:07.0890 1928 Update - ok
12:07:08.0046 1928 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
12:07:08.0062 1928 usbaudio - ok
12:07:08.0218 1928 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
12:07:08.0218 1928 usbccgp - ok
12:07:08.0375 1928 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
12:07:08.0375 1928 usbehci - ok
12:07:08.0546 1928 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
12:07:08.0562 1928 usbhub - ok
12:07:08.0703 1928 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
12:07:08.0703 1928 usbohci - ok
12:07:08.0859 1928 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
12:07:08.0875 1928 usbprint - ok
12:07:09.0046 1928 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
12:07:09.0046 1928 usbscan - ok
12:07:09.0218 1928 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
12:07:09.0218 1928 USBSTOR - ok
12:07:09.0375 1928 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
12:07:09.0375 1928 VgaSave - ok
12:07:09.0562 1928 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
12:07:09.0562 1928 viaagp - ok
12:07:09.0687 1928 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
12:07:09.0687 1928 ViaIde - ok
12:07:09.0828 1928 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
12:07:09.0828 1928 VolSnap - ok
12:07:09.0984 1928 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
12:07:10.0000 1928 Wanarp - ok
12:07:10.0218 1928 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
12:07:10.0281 1928 Wdf01000 - ok
12:07:10.0375 1928 WDICA - ok
12:07:10.0531 1928 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
12:07:10.0531 1928 wdmaud - ok
12:07:10.0718 1928 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
12:07:10.0718 1928 WmiAcpi - ok
12:07:10.0875 1928 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
12:07:10.0890 1928 WpdUsb - ok
12:07:11.0109 1928 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
12:07:11.0109 1928 WSTCODEC - ok
12:07:11.0296 1928 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
12:07:11.0312 1928 WudfPf - ok
12:07:11.0468 1928 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
12:07:11.0484 1928 WudfRd - ok
12:07:11.0546 1928 MBR (0x1B8) (ea228d2d5aad83b7544d12986bdf25a2) \Device\Harddisk0\DR0
12:07:12.0546 1928 \Device\Harddisk0\DR0 - ok
12:07:12.0562 1928 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk3\DR9
12:07:12.0562 1928 \Device\Harddisk3\DR9 - ok
12:07:12.0578 1928 Boot (0x1200) (50331c3621cca62f5edbc815f57fd740) \Device\Harddisk0\DR0\Partition0
12:07:12.0578 1928 \Device\Harddisk0\DR0\Partition0 - ok
12:07:12.0593 1928 Boot (0x1200) (62c078c8342850bc6d3e9bf5f6254ba3) \Device\Harddisk3\DR9\Partition0
12:07:12.0593 1928 \Device\Harddisk3\DR9\Partition0 - ok
12:07:12.0609 1928 ============================================================
12:07:12.0609 1928 Scan finished
12:07:12.0609 1928 ============================================================
12:07:12.0625 0340 Detected object count: 1
12:07:12.0625 0340 Actual detected object count: 1
12:11:29.0546 0340 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\i8042prt.sys) error 1813
12:11:32.0156 0340 Backup copy found, using it..
12:11:32.0187 0340 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - will be cured on reboot
12:11:32.0187 0340 i8042prt ( Rootkit.Win32.ZAccess.e ) - User select action: Cure
12:11:55.0187 1916 Deinitialize success

Edited by realapp, 28 September 2011 - 11:28 AM.

[realapp]

OTL Extras logfile created on: 9/28/2011 12:26:13 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = J:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.42 Mb Total Physical Memory | 491.31 Mb Available Physical Memory | 54.93% Memory free
2.11 Gb Paging File | 1.61 Gb Available in Paging File | 76.29% Paging File free
Paging file location(s): C:\pagefile.sys 1341 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.04 Gb Total Space | 109.40 Gb Free Space | 78.68% Space Free | Partition Type: NTFS
Drive E: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 7.47 Gb Total Space | 7.46 Gb Free Space | 99.79% Space Free | Partition Type: FAT32

Computer Name: WAYNES | User Name: Wayne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (Intuit, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2243C6DC-39EA-4D5E-B743-3AE510A91B3A}" = WeatherBug
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 20
"{29BD421B-B574-425E-BCDB-0188DB099038}" = XactPAY Upload Utility
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{494C271C-1528-4886-A78C-BFB3C823A37B}" = MediaFACE 4.0 Image Library
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD
"{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F581D1D-C9A7-4C77-B88A-27537173CEDF}" = MediaFACE 4.0
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{8E3CC782-7FBD-4D02-A470-C0510280EC02}" = QuickCam
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A2F0810-3622-4E86-9072-973FBE1679C5}" = QuickBooks Pro 2009
"{9A2F0810-369F-4E86-9072-973FBE1679C5}" = QuickBooks
"{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{B136E4A4-7660-4F15-9752-EF8E6BA7866D}" = Family Tree Maker 2005
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe Type Manager 4.0" = Adobe Type Manager 4.0
"Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
"AutoCAD LT 2000 Uninstall" = AutoCAD LT 2000
"avast!" = avast! Antivirus
"Google Desktop" = Google Desktop
"GPL Ghostscript_is1" = Docudesk GPL Ghostscript 8.15
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{494C271C-1528-4886-A78C-BFB3C823A37B}" = MediaFACE 4.0 Image Library
"InstallShield_{7F581D1D-C9A7-4C77-B88A-27537173CEDF}" = MediaFACE 4.0
"Jarte_is1" = Jarte Plus
"LanguageNow!" = LanguageNow!
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WildTangent emachines Master Uninstall" = eMachines Games
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2320958936-414440772-572454927-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"magicJack" = magicJack

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 9/23/2011 3:34:39 PM | Computer Name = WAYNES | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe failed, 00000005.

Error - 9/26/2011 1:12:40 PM | Computer Name = WAYNES | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe failed, 00000005.

Error - 9/27/2011 11:25:42 AM | Computer Name = WAYNES | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe failed, 00000005.

Error - 9/27/2011 11:26:26 AM | Computer Name = WAYNES | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Wayne\Desktop\OTL.exe failed, 00000005.

Error - 9/27/2011 11:31:17 AM | Computer Name = WAYNES | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe failed, 00000005.

Error - 9/27/2011 11:31:59 AM | Computer Name = WAYNES | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Wayne\Desktop\OTL.exe failed, 00000005.

Error - 9/27/2011 2:21:13 PM | Computer Name = WAYNES | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe failed, 00000005.

Error - 9/27/2011 2:44:49 PM | Computer Name = WAYNES | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe failed, 00000005.

Error - 9/28/2011 1:13:44 PM | Computer Name = WAYNES | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe failed, 00000005.

Error - 9/28/2011 1:31:18 PM | Computer Name = WAYNES | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Wayne\Desktop\OTL.exe failed, 00000005.

[ Application Events ]
Error - 9/28/2011 10:37:11 AM | Computer Name = WAYNES | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- The installer
has encountered an unexpected error installing this package. This may indicate
a problem with this package. The error code is 2721. The arguments are: CA_ScheduleUpdateAssemblyRB.3643236F_FC70_11D3_A536_0090278A1BB8,
,

Error - 9/28/2011 10:37:11 AM | Computer Name = WAYNES | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB958481'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework
2.0-KB958481_20110928_143709546-Msi0.txt.

Error - 9/28/2011 10:37:11 AM | Computer Name = WAYNES | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
2721.

Error - 9/28/2011 10:37:17 AM | Computer Name = WAYNES | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- The installer
has encountered an unexpected error installing this package. This may indicate
a problem with this package. The error code is 2721. The arguments are: CA_ScheduleUpdateAssemblyRB.3643236F_FC70_11D3_A536_0090278A1BB8,
,

Error - 9/28/2011 10:37:18 AM | Computer Name = WAYNES | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB2539631'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework
2.0-KB2539631_20110928_143716156-Msi0.txt.

Error - 9/28/2011 10:37:18 AM | Computer Name = WAYNES | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2539631,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
2721.

Error - 9/28/2011 10:37:26 AM | Computer Name = WAYNES | Source = MsiInstaller | ID = 10005
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- The installer
has encountered an unexpected error installing this package. This may indicate
a problem with this package. The error code is 2721. The arguments are: CA_ScheduleUpdateAssemblyRB.3643236F_FC70_11D3_A536_0090278A1BB8,
,

Error - 9/28/2011 10:37:26 AM | Computer Name = WAYNES | Source = MsiInstaller | ID = 1023
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 - Update 'KB2518864'
could not be installed. Error code 1603. Additional information is available in
the log file C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET Framework
2.0-KB2518864_20110928_143723984-Msi0.txt.

Error - 9/28/2011 10:37:26 AM | Computer Name = WAYNES | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2518864,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
2721.

Error - 9/28/2011 1:14:26 PM | Computer Name = WAYNES | Source = XactPAY | ID = 0
Description = Could not load file or assembly 'System.EnterpriseServices.Wrapper.dll'
or one of its dependencies. The system cannot find the path specified.

[ System Events ]
Error - 9/28/2011 10:41:22 AM | Computer Name = WAYNES | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AFD aswSP aswTdi ATMhelpr Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip

Error - 9/28/2011 10:42:54 AM | Computer Name = WAYNES | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 9/28/2011 10:43:12 AM | Computer Name = WAYNES | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 9/28/2011 10:46:22 AM | Computer Name = WAYNES | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 9/28/2011 10:47:39 AM | Computer Name = WAYNES | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 9/28/2011 10:52:36 AM | Computer Name = WAYNES | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 9/28/2011 1:03:00 PM | Computer Name = WAYNES | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 9/28/2011 1:05:14 PM | Computer Name = WAYNES | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 9/28/2011 1:11:56 PM | Computer Name = WAYNES | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/28/2011 1:12:51 PM | Computer Name = WAYNES | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.


< End of report >

[realapp]

I hope this is the correct OTL log. It seemed to look different when I copy/pasted. But let me know.


{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fswiss\fcharset0 Arial;}}
{\*\generator Msftedit 5.41.15.1515;}\viewkind4\uc1\pard\f0\fs20 OTL logfile created on: 9/28/2011 12:26:13 PM - Run 2\par
OTL by OldTimer - Version 3.2.29.1 Folder = J:\\\par
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation\par
Internet Explorer (Version = 8.0.6001.18702)\par
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy\par
\par
894.42 Mb Total Physical Memory | 491.31 Mb Available Physical Memory | 54.93% Memory free\par
2.11 Gb Paging File | 1.61 Gb Available in Paging File | 76.29% Paging File free\par
Paging file location(s): C:\\pagefile.sys 1341 2000 [binary data]\par
\par
%SystemDrive% = C: | %SystemRoot% = C:\\WINDOWS | %ProgramFiles% = C:\\Program Files\par
Drive C: | 139.04 Gb Total Space | 109.40 Gb Free Space | 78.68% Space Free | Partition Type: NTFS\par
Drive E: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS\par
Drive J: | 7.47 Gb Total Space | 7.46 Gb Free Space | 99.79% Space Free | Partition Type: FAT32\par
\par
Computer Name: WAYNES | User Name: Wayne | Logged in as Administrator.\par
Boot Mode: Normal | Scan Mode: All users\par
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days\par
\par
========== Processes (SafeList) ==========\par
\par
PRC - [2011/09/27 10:55:14 | 000,582,656 | ---- | M] (OldTimer Tools) -- J:\\OTL.exe\par
PRC - [2011/06/22 07:13:46 | 000,984,936 | ---- | M] (Intuit Inc.) -- C:\\Program Files\\Common Files\\Intuit\\QuickBooks\\QBUpdate\\qbupdate.exe\par
PRC - [2011/06/22 05:57:14 | 000,045,056 | ---- | M] (Intuit) -- C:\\Program Files\\Common Files\\Intuit\\QuickBooks\\QBCFMonitorService.exe\par
PRC - [2009/10/01 03:22:42 | 000,131,072 | ---- | M] (Intuit, Inc.) -- C:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe\par
PRC - [2009/08/17 11:07:17 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe\par
PRC - [2009/08/17 11:07:01 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe\par
PRC - [2009/08/17 11:04:21 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe\par
PRC - [2009/08/17 10:58:55 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe\par
PRC - [2009/02/09 15:05:12 | 000,165,160 | ---- | M] (The Hartford) -- C:\\Program Files\\Hartford Fire Insurance\\XactPAY Upload Utility\\XactPAY.exe\par
PRC - [2008/06/11 11:18:30 | 000,024,576 | ---- | M] () -- C:\\Program Files\\EMACHINES\\eMachines Recovery Management\\Service\\ETService.exe\par
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\\WINDOWS\\explorer.exe\par
PRC - [2007/12/10 22:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\\WINDOWS\\system32\\agrsmsvc.exe\par
PRC - [2007/08/29 11:55:54 | 001,347,584 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\\Program Files\\AWS\\WeatherBug\\Weather.exe\par
PRC - [2000/07/10 00:58:12 | 000,323,584 | ---- | M] () -- C:\\Program Files\\Reality Fusion\\Reality Fusion GameCam SE\\Program\\RFTray.exe\par
\par
\par
========== Modules (No Company Name) ==========\par
\par
MOD - [2011/06/22 07:13:02 | 000,288,616 | ---- | M] () -- C:\\Program Files\\Intuit\\QuickBooks 2008\\boost_regex-vc80-mt-p-1_33.dll\par
MOD - [2009/08/13 11:27:56 | 000,998,400 | ---- | M] () -- C:\\WINDOWS\\assembly\\NativeImages_v2.0.50727_32\\System.Management\\8642fdfbf02a6cb6f01169fe6fdb5d11\\System.Management.ni.dll\par
MOD - [2009/08/13 11:26:20 | 001,712,128 | ---- | M] () -- C:\\WINDOWS\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.VisualBas#\\1c86afc399d0fdd8e069266ffbe748d1\\Microsoft.VisualBasic.ni.dll\par
MOD - [2009/08/11 11:12:17 | 000,212,992 | ---- | M] () -- C:\\WINDOWS\\assembly\\NativeImages_v2.0.50727_32\\System.ServiceProce#\\ea3366939280c1715f1c620e33ee3c8a\\System.ServiceProcess.ni.dll\par
MOD - [2009/08/11 11:12:13 | 001,840,640 | ---- | M] () -- C:\\WINDOWS\\assembly\\NativeImages_v2.0.50727_32\\System.Web.Services\\b57bb002a655920cbfa2bee29d1e22b7\\System.Web.Services.ni.dll\par
MOD - [2009/08/11 11:12:08 | 000,627,712 | ---- | M] () -- C:\\WINDOWS\\assembly\\NativeImages_v2.0.50727_32\\System.EnterpriseSe#\\4267bd908175603006c6c90bb5d900c7\\System.EnterpriseServices.ni.dll\par
MOD - [2009/08/11 11:12:07 | 000,627,200 | ---- | M] () -- C:\\WINDOWS\\assembly\\NativeImages_v2.0.50727_32\\System.Transactions\\5a555c9ae6984c40157cf940bb519f7c\\System.Transactions.ni.dll\par
MOD - [2009/08/11 11:11:42 | 000,971,264 | ---- | M] () -- C:\\WINDOWS\\assembly\\NativeImages_v2.0.50727_32\\System.Configuration\\b82c00e2d24305ad6cb08556e3779b75\\System.Configuration.ni.dll\par
MOD - [2009/08/08 20:15:46 | 005,450,752 | ---- | M] () -- C:\\WINDOWS\\assembly\\NativeImages_v2.0.50727_32\\System.Xml\\773a9786013451d3baaeff003dc4230f\\System.Xml.ni.dll\par
MOD - [2009/08/08 20:15:34 | 012,430,848 | ---- | M] () -- C:\\WINDOWS\\assembly\\NativeImages_v2.0.50727_32\\System.Windows.Forms\\63406259e94d5c0ff5b79401dfe113ce\\System.Windows.Forms.ni.dll\par
MOD - [2009/08/08 20:15:01 | 001,587,200 | ---- | M] () -- C:\\WINDOWS\\assembly\\NativeImages_v2.0.50727_32\\System.Drawing\\3da96ee075bab9202626ae44c18d226c\\System.Drawing.ni.dll\par
MOD - [2009/08/08 20:14:34 | 006,616,576 | ---- | M] () -- C:\\WINDOWS\\assembly\\NativeImages_v2.0.50727_32\\System.Data\\c70731047b0022638b3f9fb158948a03\\System.Data.ni.dll\par
MOD - [2009/08/08 20:12:09 | 007,868,416 | ---- | M] () -- C:\\WINDOWS\\assembly\\NativeImages_v2.0.50727_32\\System\\80978a322d7dd39f0a71be1251ae395a\\System.ni.dll\par
MOD - [2009/08/08 20:11:58 | 011,486,720 | ---- | M] () -- C:\\WINDOWS\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\6d667f19d687361886990f3ca0f49816\\mscorlib.ni.dll\par
MOD - [2009/08/08 04:18:25 | 002,933,248 | ---- | M] () -- C:\\WINDOWS\\assembly\\GAC_32\\System.Data\\2.0.0.0__b77a5c561934e089\\System.Data.dll\par
MOD - [2009/08/08 04:18:21 | 000,303,104 | ---- | M] () -- C:\\WINDOWS\\assembly\\GAC_MSIL\\System.Runtime.Remoting\\2.0.0.0__b77a5c561934e089\\System.Runtime.Remoting.dll\par
MOD - [2009/08/08 04:18:20 | 000,261,632 | ---- | M] () -- C:\\WINDOWS\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll\par
MOD - [2009/07/24 09:02:12 | 000,270,336 | ---- | M] () -- C:\\WINDOWS\\assembly\\GAC_MSIL\\log4net\\1.2.10.0__1b44e1d426115821\\log4net.dll\par
MOD - [2009/07/24 09:02:12 | 000,061,440 | ---- | M] () -- C:\\WINDOWS\\assembly\\GAC_MSIL\\Framework.Library\\3.0.3009.0__3036420f80dd6947\\Framework.Library.dll\par
MOD - [2009/07/24 09:02:12 | 000,036,864 | ---- | M] () -- C:\\WINDOWS\\assembly\\GAC_MSIL\\Framework.Utility\\3.0.3009.0__4df5dcab8860d239\\Framework.Utility.dll\par
MOD - [2009/07/24 09:02:12 | 000,032,768 | ---- | M] () -- C:\\WINDOWS\\assembly\\GAC_MSIL\\Framework.Utility.CommonFunctions\\3.0.3009.0__770d2a375f176870\\Framework.Utility.CommonFunctions.dll\par
MOD - [2009/07/24 09:02:12 | 000,032,768 | ---- | M] () -- C:\\WINDOWS\\assembly\\GAC_MSIL\\Framework.Model.Controller\\3.0.3009.0__14bcaafdb44b5951\\Framework.Model.Controller.dll\par
MOD - [2009/07/24 09:02:12 | 000,015,360 | ---- | M] () -- C:\\WINDOWS\\assembly\\GAC_MSIL\\Framework.Host\\3.0.3009.0__672b450de5a7e94a\\Framework.Host.dll\par
MOD - [2009/07/24 09:02:12 | 000,009,216 | ---- | M] () -- C:\\WINDOWS\\assembly\\GAC_MSIL\\Framework.Model.ControllerInterface\\3.0.3009.0__d842b71b4d6ed079\\Framework.Model.ControllerInterface.dll\par
MOD - [2009/07/24 09:02:12 | 000,006,144 | ---- | M] () -- C:\\WINDOWS\\assembly\\GAC_MSIL\\Framework.PluginInterface\\3.0.3009.0__9ecdf03bb2054f94\\Framework.PluginInterface.dll\par
MOD - [2008/06/11 11:18:30 | 000,024,576 | ---- | M] () -- C:\\Program Files\\EMACHINES\\eMachines Recovery Management\\Service\\ETService.exe\par
MOD - [2008/04/14 07:00:00 | 000,355,112 | ---- | M] () -- C:\\WINDOWS\\system32\\msjetoledb40.dll\par
MOD - [2008/04/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\\WINDOWS\\system32\\msdmo.dll\par
MOD - [2000/07/10 01:06:24 | 000,086,016 | ---- | M] () -- C:\\Program Files\\Reality Fusion\\Reality Fusion GameCam SE\\Program\\RFTrayRes.dll\par
MOD - [2000/07/10 00:58:12 | 000,323,584 | ---- | M] () -- C:\\Program Files\\Reality Fusion\\Reality Fusion GameCam SE\\Program\\RFTray.exe\par
MOD - [2000/07/10 00:57:32 | 000,040,960 | ---- | M] () -- C:\\Program Files\\Reality Fusion\\Reality Fusion GameCam SE\\Program\\RfDownload.dll\par
\par
\par
========== Win32 Services (SafeList) ==========\par
\par
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)\par
SRV - [2011/06/22 05:57:14 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\\Program Files\\Common Files\\Intuit\\QuickBooks\\QBCFMonitorService.exe -- (QBCFMonitorService)\par
SRV - [2009/10/01 03:22:42 | 000,131,072 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- C:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe -- (QuickBooksDB19)\par
SRV - [2009/08/17 11:07:17 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\\Program Files\\Alwil Software\\Avast4\\ashServ.exe -- (avast! Antivirus)\par
SRV - [2009/08/17 11:07:01 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\\Program Files\\Alwil Software\\Avast4\\ashMaiSv.exe -- (avast! Mail Scanner)\par
SRV - [2009/08/17 11:04:21 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\\Program Files\\Alwil Software\\Avast4\\ashWebSv.exe -- (avast! Web Scanner)\par
SRV - [2009/08/17 10:58:55 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\\Program Files\\Alwil Software\\Avast4\\aswUpdSv.exe -- (aswUpdSv)\par
SRV - [2009/07/24 09:04:19 | 000,110,576 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\\Documents and Settings\\All Users\\Application Data\\Partner\\partner.exe -- (Partner Service)\par
SRV - [2008/06/11 11:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\\Program Files\\EMACHINES\\eMachines Recovery Management\\Service\\ETService.exe -- (ETService)\par
SRV - [2008/05/05 17:25:46 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\\Program Files\\eMachines Games\\eMachines Game Console\\GameConsoleService.exe -- (GameConsoleService)\par
SRV - [2007/12/10 22:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\\WINDOWS\\system32\\agrsmsvc.exe -- (AgereModemAudio)\par
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\\Program Files\\Common Files\\Intuit\\QuickBooks\\FCS\\Intuit.QuickBooks.FCS.exe -- (QBFCService)\par
\par
\par
========== Driver Services (SafeList) ==========\par
\par
DRV - [2009/08/17 11:06:43 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\\WINDOWS\\System32\\drivers\\aswmon2.sys -- (aswMon2)\par
DRV - [2009/08/17 11:05:52 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\\WINDOWS\\System32\\drivers\\aswSP.sys -- (aswSP)\par
DRV - [2009/08/17 11:05:37 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\\WINDOWS\\system32\\drivers\\aswFsBlk.sys -- (aswFsBlk)\par
DRV - [2009/08/17 11:04:40 | 000,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\\WINDOWS\\System32\\drivers\\aswTdi.sys -- (aswTdi)\par
DRV - [2009/08/17 11:04:29 | 000,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\\WINDOWS\\System32\\drivers\\aswRdr.sys -- (aswRdr)\par
DRV - [2009/08/17 11:03:21 | 000,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\\WINDOWS\\System32\\drivers\\aavmker4.sys -- (Aavmker4)\par
DRV - [2008/06/11 11:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\\WINDOWS\\system32\\drivers\\int15.sys -- (int15)\par
DRV - [2008/05/20 04:53:00 | 004,800,000 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\\WINDOWS\\system32\\drivers\\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)\par
DRV - [2008/03/05 00:10:54 | 001,203,808 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\\WINDOWS\\system32\\drivers\\AGRSM.sys -- (AgereSoftModem)\par
DRV - [2008/01/28 23:37:48 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\\WINDOWS\\system32\\drivers\\nvnetbus.sys -- (nvnetbus)\par
DRV - [2008/01/28 23:37:46 | 000,054,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\\WINDOWS\\system32\\drivers\\NVENETFD.sys -- (NVENETFD)\par
DRV - [1997/06/17 05:00:00 | 000,004,064 | ---- | M] (Adobe Systems Incorporated) [Kernel | System | Running] -- C:\\WINDOWS\\System32\\drivers\\ATMHELPR.SYS -- (ATMhelpr)\par
\par
\par
========== Standard Registry (SafeList) ==========\par
\par
\par
========== Internet Explorer ==========\par
\par
\par
\par
IE - HKU\\.DEFAULT\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: "ProxyEnable" = 0\par
\par
IE - HKU\\S-1-5-18\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: "ProxyEnable" = 0\par
\par
\par
\par
IE - HKU\\S-1-5-21-2320958936-414440772-572454927-1005\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&s=0&o=xph&d=0709&m=el1300g\par
IE - HKU\\S-1-5-21-2320958936-414440772-572454927-1005\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Search Bar = http://www.google.com/ie\par
IE - HKU\\S-1-5-21-2320958936-414440772-572454927-1005\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Search Page = http://www.google.com\par
IE - HKU\\S-1-5-21-2320958936-414440772-572454927-1005\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = http://google.com/\par
IE - HKU\\S-1-5-21-2320958936-414440772-572454927-1005\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: "ProxyEnable" = 0\par
\par
IE - HKU\\S-1-5-21-2320958936-414440772-572454927-1007\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = http://www.emachines.com\par
IE - HKU\\S-1-5-21-2320958936-414440772-572454927-1007\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: "ProxyEnable" = 0\par
\par
========== FireFox ==========\par
\par
\par
FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/ShockwavePlayer: C:\\WINDOWS\\system32\\Adobe\\Director\\np32dsw.dll (Adobe Systems, Inc.)\par
FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/OfficeAuthz,version=14.0: C:\\PROGRA~1\\MICROS~2\\Office14\\NPAUTHZ.DLL (Microsoft Corporation)\par
FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/SharePoint,version=14.0: C:\\PROGRA~1\\MICROS~2\\Office14\\NPSPWRAP.DLL (Microsoft Corporation)\par
FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WPF,version=3.5: c:\\WINDOWS\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll (Microsoft Corporation)\par
\par
\par
[2010/02/03 00:32:31 | 000,000,000 | ---D | M] (No name found) -- C:\\Documents and Settings\\Wayne\\Application Data\\Mozilla\\Extensions\par
[2010/02/03 00:32:31 | 000,000,000 | ---D | M] (No name found) -- C:\\Documents and Settings\\Wayne\\Application Data\\Mozilla\\Extensions\\\{3550f703-e582-4d05-9a08-453d09bdfdc6\}\par
\par
========== Chrome ==========\par
\par
\par
O1 HOSTS File: ([2011/09/28 09:40:07 | 000,000,027 | ---- | M]) - C:\\WINDOWS\\system32\\drivers\\etc\\hosts\par
O1 - Hosts: 127.0.0.1 localhost\par
O2 - BHO: (no name) - \{02478D38-C3F9-4efb-9B51-7695ECA05670\} - No CLSID value found.\par
O2 - BHO: (Spybot-S&D IE Protection) - \{53707962-6F74-2D53-2644-206D7942484F\} - C:\\Program Files\\Spybot - Search & Destroy\\SDHelper.dll (Safer Networking Limited)\par
O2 - BHO: (no name) - \{5C255C8A-E604-49b4-9D64-90988571CECB\} - No CLSID value found.\par
O2 - BHO: (SSVHelper Class) - \{761497BB-D6F0-462C-B6EB-D4DAF1D92D43\} - C:\\Program Files\\Java\\jre6\\bin\\ssv.dll (Sun Microsystems, Inc.)\par
O2 - BHO: (no name) - \{9030D464-4C02-4ABF-8ECC-5164760863C6\} - No CLSID value found.\par
O2 - BHO: (Office Document Cache Handler) - \{B4F3A835-0E21-4959-BA22-42B3008E02FF\} - C:\\Program Files\\Microsoft Office\\Office14\\URLREDIR.DLL (Microsoft Corporation)\par
O4 - HKLM..\\Run: [DXM6Patch_981116] C:\\WINDOWS\\p_981116.exe (Microsoft Corporation)\par
O4 - HKLM..\\Run: [IMJPMIG8.1] C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE (Microsoft Corporation)\par
O4 - HKLM..\\Run: [Intuit SyncManager] C:\\Program Files\\Common Files\\Intuit\\Sync\\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)\par
O4 - HKLM..\\Run: [LanguageShortcut] C:\\Program Files\\CyberLink\\PowerDVD\\Language\\Language.exe ()\par
O4 - HKLM..\\Run: [MediaFace Integration] C:\\Program Files\\Fellowes\\MediaFACE 4.0\\SetHook.exe (Fellowes, Inc.)\par
O4 - HKLM..\\Run: [Microsoft Works Portfolio] C:\\Program Files\\Microsoft Works\\WksSb.exe (Microsoft\'ae Corporation)\par
O4 - HKLM..\\Run: [MSPY2002] C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe ()\par
O4 - HKLM..\\Run: [NvCplDaemon] C:\\WINDOWS\\System32\\NvCpl.dll (NVIDIA Corporation)\par
O4 - HKLM..\\Run: [NvMediaCenter] C:\\WINDOWS\\System32\\NvMcTray.dll (NVIDIA Corporation)\par
O4 - HKLM..\\Run: [nwiz] C:\\WINDOWS\\System32\\nwiz.exe ()\par
O4 - HKLM..\\Run: [PHIME2002A] C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE (Microsoft Corporation)\par
O4 - HKLM..\\Run: [PHIME2002ASync] C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE (Microsoft Corporation)\par
O4 - HKLM..\\Run: [UpdateP2GoShortCut] C:\\Program Files\\CyberLink\\Power2Go\\MUITransfer\\MUIStartMenu.exe (CyberLink Corp.)\par
O4 - HKLM..\\Run: [UpdatePSTShortCut] C:\\Program Files\\CyberLink\\DVD Suite\\MUITransfer\\MUIStartMenu.exe (CyberLink Corp.)\par
O4 - HKLM..\\Run: [WorksFUD] C:\\Program Files\\Microsoft Works\\wkfud.exe (Microsoft\'ae Corporation)\par
O4 - HKLM..\\Run: [xactpay] C:\\Program Files\\Hartford Fire Insurance\\XactPAY Upload Utility\\XactPAY.exe (The Hartford)\par
O4 - HKU\\S-1-5-21-2320958936-414440772-572454927-1005..\\Run: [SpybotSD TeaTimer] C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe ()\par
O4 - HKU\\S-1-5-21-2320958936-414440772-572454927-1005..\\Run: [SUPERAntiSpyware] C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe File not found\par
O4 - HKU\\S-1-5-21-2320958936-414440772-572454927-1005..\\Run: [Weather] C:\\Program Files\\AWS\\WeatherBug\\Weather.exe (AWS Convergence Technologies, Inc.)\par
O4 - Startup: C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\QuickBooks Update Agent.lnk = C:\\Program Files\\Common Files\\Intuit\\QuickBooks\\QBUpdate\\qbupdate.exe (Intuit Inc.)\par
O4 - Startup: C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Reality Fusion GameCam SE.lnk = C:\\Program Files\\Reality Fusion\\Reality Fusion GameCam SE\\Program\\RFTray.exe ()\par
O6 - HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions present\par
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: HonorAutoRunSetting = 1\par
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveAutoRun = 67108863\par
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveTypeAutoRun = 323\par
O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDrives = 0\par
O7 - HKU\\.DEFAULT\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveTypeAutoRun = 323\par
O7 - HKU\\.DEFAULT\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveAutoRun = 67108863\par
O7 - HKU\\S-1-5-18\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveTypeAutoRun = 323\par
O7 - HKU\\S-1-5-18\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveAutoRun = 67108863\par
O7 - HKU\\S-1-5-19\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveTypeAutoRun = 145\par
O7 - HKU\\S-1-5-20\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveTypeAutoRun = 145\par
O7 - HKU\\S-1-5-21-2320958936-414440772-572454927-1005\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveTypeAutoRun = 323\par
O7 - HKU\\S-1-5-21-2320958936-414440772-572454927-1005\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveAutoRun = 67108863\par
O7 - HKU\\S-1-5-21-2320958936-414440772-572454927-1007\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveTypeAutoRun = 145\par
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\\Program Files\\Microsoft Office\\Office14\\EXCEL.EXE (Microsoft Corporation)\par
O8 - Extra context menu item: Se&nd to OneNote - C:\\Program Files\\Microsoft Office\\Office14\\ONBttnIE.dll (Microsoft Corporation)\par
O9 - Extra 'Tools' menuitem : Sun Java Console - \{08B0E5C0-4FCB-11CF-AAA5-00401C608501\} - C:\\Program Files\\Java\\jre6\\bin\\npjpi160_20.dll (Sun Microsystems, Inc.)\par
O9 - Extra Button: Send to OneNote - \{2670000A-7350-4f3c-8081-5663EE0C6C49\} - C:\\Program Files\\Microsoft Office\\Office14\\ONBttnIE.dll (Microsoft Corporation)\par
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - \{2670000A-7350-4f3c-8081-5663EE0C6C49\} - C:\\Program Files\\Microsoft Office\\Office14\\ONBttnIE.dll (Microsoft Corporation)\par
O9 - Extra Button: OneNote Lin&ked Notes - \{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA\} - C:\\Program Files\\Microsoft Office\\Office14\\ONBttnIELinkedNotes.dll (Microsoft Corporation)\par
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - \{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA\} - C:\\Program Files\\Microsoft Office\\Office14\\ONBttnIELinkedNotes.dll (Microsoft Corporation)\par
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - \{DFB852A3-47F8-48C4-A200-58CAB36FD2A2\} - C:\\Program Files\\Spybot - Search & Destroy\\SDHelper.dll (Safer Networking Limited)\par
O15 - HKU\\S-1-5-21-2320958936-414440772-572454927-1005\\..Trusted Domains: localhost ([]http in Local intranet)\par
O15 - HKU\\S-1-5-21-2320958936-414440772-572454927-1005\\..Trusted Ranges: GD ([http] in Local intranet)\par
O16 - DPF: \{02BCC737-B171-4746-94C9-0D8A0B2C0089\} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)\par
O16 - DPF: \{166B1BCA-3F9C-11CF-8075-444553540000\} http://download.macr...director/sw.cab (Shockwave ActiveX Control)\par
O16 - DPF: \{8AD9C840-044E-11D1-B3E9-00805F499D93\} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)\par
O16 - DPF: \{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA\} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)\par
O16 - DPF: \{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA\} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)\par
O16 - DPF: \{D27CDB6E-AE6D-11CF-96B8-444553540000\} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)\par
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: DhcpNameServer = 192.168.1.1\par
O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\\{DE8883F0-65BF-4A4A-AE89-C7DF8A91E762\}: DhcpNameServer = 192.168.1.1\par
O18 - Protocol\\Handler\\intu-help-qb1 \{9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3\} - C:\\Program Files\\Intuit\\QuickBooks 2008\\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)\par
O18 - Protocol\\Handler\\intu-help-qb2 \{84D77A00-41B5-4b8b-8ADF-86486D72E749\} - C:\\Program Files\\Intuit\\QuickBooks 2008\\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)\par
O20 - AppInit_DLLs: (C:\\PROGRA~1\\GOOGLE\\GOOGLE~1\\GOEC62~1.DLL) -C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktopNetwork3.dll (Google)\par
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\\WINDOWS\\explorer.exe (Microsoft Corporation)\par
O20 - HKLM Winlogon: UserInit - (C:\\WINDOWS\\system32\\userinit.exe) -C:\\WINDOWS\\system32\\userinit.exe (Microsoft Corporation)\par
O24 - Desktop Components:1 () - http://www.zimbra.com/\par
O32 - HKLM CDRom: AutoRun - 1\par
O32 - AutoRun File - [2009/03/13 10:27:39 | 000,000,000 | ---- | M] () - C:\\AUTOEXEC.BAT -- [ NTFS ]\par
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - E:\\autorun.inf -- [ CDFS ]\par
O32 - AutoRun File - [2011/05/29 10:45:58 | 000,000,042 | -H-- | M] () - J:\\Autorun.ini -- [ FAT32 ]\par
O32 - AutoRun File - [2011/09/27 12:50:20 | 000,000,000 | RHSD | M] - J:\\autorun.inf -- [ FAT32 ]\par
O34 - HKLM BootExecute: (autocheck autochk *)\par
O35 - HKLM\\..comfile [open] -- "%1" %*\par
O35 - HKLM\\..exefile [open] -- "%1" %*\par
O37 - HKLM\\...com [@ = ComFile] -- "%1" %*\par
O37 - HKLM\\...exe [@ = exefile] -- "%1" %*\par
\par
========== Files/Folders - Created Within 30 Days ==========\par
\par
[2011/09/28 09:43:54 | 000,000,000 | ---D | C] -- C:\\WINDOWS\\temp\par
[2011/09/27 13:57:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\\WINDOWS\\SWREG.exe\par
[2011/09/27 13:57:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\\WINDOWS\\SWSC.exe\par
[2011/09/27 13:57:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\\WINDOWS\\SWXCACLS.exe\par
[2011/09/27 13:57:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\\WINDOWS\\NIRCMD.exe\par
[2011/09/27 13:57:00 | 000,000,000 | ---D | C] -- C:\\WINDOWS\\ERDNT\par
[2011/09/27 13:56:53 | 000,000,000 | ---D | C] -- C:\\Qoobox\par
[2011/09/27 10:16:31 | 000,000,000 | ---D | C] -- C:\\_OTL\par
[2011/09/23 08:30:22 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\Wayne\\Desktop\\Teresa's\par
[2011/09/21 14:53:59 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\\WINDOWS\\System32\\drivers\\mbamswissarmy.sys\par
[2011/09/21 14:51:12 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\Wayne\\Application Data\\SUPERAntiSpyware.com\par
[2011/09/21 14:50:38 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Application Data\\SUPERAntiSpyware.com\par
[2011/09/21 14:48:51 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\SpywareBlaster\par
[2011/09/21 14:48:48 | 000,000,000 | ---D | C] -- C:\\Program Files\\SpywareBlaster\par
[2011/09/21 14:47:54 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\Wayne\\Application Data\\Malwarebytes\par
[2011/09/21 14:47:43 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\All Users\\Application Data\\Malwarebytes\par
[2011/09/21 14:39:41 | 003,194,296 | ---- | C] (Javacool Software LLC ) -- C:\\Documents and Settings\\Wayne\\Desktop\\spywareblastersetup44.exe\par
[2011/09/18 09:06:33 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\NetworkService\\Local Settings\\Application Data\\Adobe\par
[2011/09/18 09:06:15 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\NetworkService\\Application Data\\Sun\par
[2011/09/16 15:18:29 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\NetworkService\\Application Data\\Macromedia\par
[2011/09/16 15:18:23 | 000,000,000 | ---D | C] -- C:\\Documents and Settings\\NetworkService\\Application Data\\Adobe\par
[1 C:\\WINDOWS\\System32\\*.tmp files -> C:\\WINDOWS\\System32\\*.tmp -> ]\par
[1 C:\\WINDOWS\\*.tmp files -> C:\\WINDOWS\\*.tmp -> ]\par
\par
========== Files - Modified Within 30 Days ==========\par
\par
[2011/09/28 12:18:33 | 000,000,879 | ---- | M] () -- C:\\Documents and Settings\\Wayne\\Desktop\\WordPad.lnk\par
[2011/09/28 12:17:02 | 000,433,698 | ---- | M] () -- C:\\WINDOWS\\System32\\perfh009.dat\par
[2011/09/28 12:17:02 | 000,067,984 | ---- | M] () -- C:\\WINDOWS\\System32\\perfc009.dat\par
[2011/09/28 12:12:53 | 000,000,000 | ---- | M] () -- C:\\WINDOWS\\System32\\LogConfigTemp.xml\par
[2011/09/28 12:12:37 | 000,002,048 | --S- | M] () -- C:\\WINDOWS\\bootstat.dat\par
[2011/09/28 09:40:07 | 000,000,027 | ---- | M] () -- C:\\WINDOWS\\System32\\drivers\\etc\\hosts\par
[2011/09/26 12:09:14 | 000,001,158 | ---- | M] () -- C:\\WINDOWS\\System32\\wpa.dbl\par
[2011/09/22 20:33:20 | 000,000,082 | ---- | M] () -- C:\\WINDOWS\\MPLAYER.INI\par
[2011/09/22 20:32:19 | 000,485,888 | ---- | M] () -- C:\\Documents and Settings\\Wayne\\Desktop\\Alf Anderson Family.FTW\par
[2011/09/22 15:24:03 | 000,001,006 | ---- | M] () -- C:\\Documents and Settings\\Wayne\\Desktop\\magicJack.lnk\par
[2011/09/21 15:47:49 | 000,582,656 | ---- | M] () -- C:\\Documents and Settings\\Wayne\\Desktop\\OTL.exe\par
[2011/09/21 14:53:59 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\\WINDOWS\\System32\\drivers\\mbamswissarmy.sys\par
[2011/09/21 14:48:51 | 000,000,692 | ---- | M] () -- C:\\Documents and Settings\\Wayne\\Desktop\\SpywareBlaster.lnk\par
[2011/09/21 14:39:50 | 003,194,296 | ---- | M] (Javacool Software LLC ) -- C:\\Documents and Settings\\Wayne\\Desktop\\spywareblastersetup44.exe\par
[2011/09/16 03:04:31 | 000,001,374 | ---- | M] () -- C:\\WINDOWS\\imsins.BAK\par
[2011/09/09 04:12:13 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\\WINDOWS\\System32\\dllcache\\crypt32.dll\par
[2011/08/31 12:12:00 | 000,107,745 | ---- | M] () -- C:\\Documents and Settings\\Wayne\\Desktop\\abbyphone.pdf\par
[1 C:\\WINDOWS\\System32\\*.tmp files -> C:\\WINDOWS\\System32\\*.tmp -> ]\par
[1 C:\\WINDOWS\\*.tmp files -> C:\\WINDOWS\\*.tmp -> ]\par
\par
========== Files Created - No Company Name ==========\par
\par
[2011/09/28 12:18:33 | 000,000,879 | ---- | C] () -- C:\\Documents and Settings\\Wayne\\Desktop\\WordPad.lnk\par
[2011/09/27 13:57:06 | 000,256,000 | ---- | C] () -- C:\\WINDOWS\\PEV.exe\par
[2011/09/27 13:57:06 | 000,208,896 | ---- | C] () -- C:\\WINDOWS\\MBR.exe\par
[2011/09/27 13:57:06 | 000,098,816 | ---- | C] () -- C:\\WINDOWS\\sed.exe\par
[2011/09/27 13:57:06 | 000,080,412 | ---- | C] () -- C:\\WINDOWS\\grep.exe\par
[2011/09/27 13:57:06 | 000,068,096 | ---- | C] () -- C:\\WINDOWS\\zip.exe\par
[2011/09/21 15:47:46 | 000,582,656 | ---- | C] () -- C:\\Documents and Settings\\Wayne\\Desktop\\OTL.exe\par
[2011/09/21 14:48:51 | 000,000,692 | ---- | C] () -- C:\\Documents and Settings\\Wayne\\Desktop\\SpywareBlaster.lnk\par
[2011/08/31 12:12:00 | 000,107,745 | ---- | C] () -- C:\\Documents and Settings\\Wayne\\Desktop\\abbyphone.pdf\par
[2010/06/01 23:51:21 | 000,020,886 | ---- | C] () -- C:\\WINDOWS\\System32\\ddmon.dll\par
[2010/05/07 20:01:14 | 000,000,000 | ---- | C] () -- C:\\WINDOWS\\MSDraw.ini\par
[2010/03/20 21:45:18 | 000,000,016 | ---- | C] () -- C:\\WINDOWS\\RealityFusion.ini\par
[2010/03/20 21:42:55 | 000,010,240 | ---- | C] () -- C:\\WINDOWS\\System32\\vidx16.dll\par
[2010/02/23 20:53:52 | 000,000,042 | ---- | C] () -- C:\\WINDOWS\\AlchemyMindworksUpdateList.INI\par
[2010/02/23 20:45:47 | 000,212,992 | ---- | C] () -- C:\\WINDOWS\\ALCHUNIN.EXE\par
[2010/02/03 00:32:06 | 000,000,000 | ---- | C] () -- C:\\WINDOWS\\nsreg.dat\par
[2009/12/03 02:38:15 | 000,000,754 | ---- | C] () -- C:\\WINDOWS\\WORDPAD.INI\par
[2009/09/26 23:53:52 | 000,000,090 | ---- | C] () -- C:\\WINDOWS\\QBChanUtil_Trigger.ini\par
[2009/08/13 11:54:06 | 000,054,272 | ---- | C] () -- C:\\Documents and Settings\\Wayne\\Local Settings\\Application Data\\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini\par
[2009/07/26 23:30:05 | 000,002,348 | ---- | C] () -- C:\\Documents and Settings\\Wayne\\Application Data\\wklnhst.dat\par
[2009/07/26 23:01:08 | 000,000,000 | ---- | C] () -- C:\\WINDOWS\\mtstack.INI\par
[2009/07/26 22:59:15 | 000,045,056 | ---- | C] () -- C:\\WINDOWS\\System32\\MTSTACK.EXE\par
[2009/07/26 02:00:00 | 000,000,376 | ---- | C] () -- C:\\WINDOWS\\ODBC.INI\par
[2009/07/26 01:10:55 | 000,210,944 | ---- | C] () -- C:\\WINDOWS\\System32\\MSVCRT10.DLL\par
[2009/07/26 01:10:55 | 000,000,114 | ---- | C] () -- C:\\WINDOWS\\kpcms.ini\par
[2009/07/26 01:02:43 | 000,000,082 | ---- | C] () -- C:\\WINDOWS\\MPLAYER.INI\par
[2009/07/25 05:42:52 | 000,000,359 | ---- | C] () -- C:\\Program Files\\German Machine Works,Inc Apr 3 2009.ND\par
[2009/07/25 02:42:21 | 000,130,348 | ---- | C] () -- C:\\WINDOWS\\hpoins12.dat\par
[2009/07/25 02:42:21 | 000,001,470 | ---- | C] () -- C:\\WINDOWS\\hpomdl12.dat\par
[2009/07/24 09:02:18 | 000,487,424 | ---- | C] () -- C:\\WINDOWS\\System32\\INT15.dll\par
[2009/03/13 12:29:26 | 000,000,061 | ---- | C] () -- C:\\WINDOWS\\smscfg.ini\par
[2009/03/13 10:38:53 | 000,000,169 | ---- | C] () -- C:\\WINDOWS\\FR-CA.INI\par
[2009/03/13 10:38:53 | 000,000,169 | ---- | C] () -- C:\\WINDOWS\\EN-CA.INI\par
[2009/03/13 10:38:53 | 000,000,168 | ---- | C] () -- C:\\WINDOWS\\ZH.INI\par
[2009/03/13 10:38:21 | 000,049,152 | ---- | C] () -- C:\\WINDOWS\\System32\\ChCfg.exe\par
[2009/03/13 10:33:52 | 000,003,948 | ---- | C] () -- C:\\WINDOWS\\System32\\drivers\\nvphy.bin\par
[2009/03/13 10:29:36 | 000,032,768 | ---- | C] () -- C:\\WINDOWS\\AMove.exe\par
[2009/03/13 10:29:36 | 000,007,492 | ---- | C] () -- C:\\WINDOWS\\System32\\oeminfo.ini\par
[2009/03/13 10:28:42 | 000,002,048 | --S- | C] () -- C:\\WINDOWS\\bootstat.dat\par
[2009/03/13 10:26:07 | 000,021,640 | ---- | C] () -- C:\\WINDOWS\\System32\\emptyregdb.dat\par
[2009/03/13 10:25:23 | 000,001,793 | ---- | C] () -- C:\\WINDOWS\\System32\\fxsperf.ini\par
[2009/03/13 10:16:25 | 001,626,112 | ---- | C] () -- C:\\WINDOWS\\System32\\nwiz.exe\par
[2009/03/13 10:16:24 | 001,703,936 | ---- | C] () -- C:\\WINDOWS\\System32\\nvwdmcpl.dll\par
[2009/03/13 10:16:24 | 001,019,904 | ---- | C] () -- C:\\WINDOWS\\System32\\nvwimg.dll\par
[2009/03/13 10:16:24 | 000,466,944 | ---- | C] () -- C:\\WINDOWS\\System32\\nvshell.dll\par
[2009/03/13 10:16:23 | 001,482,752 | ---- | C] () -- C:\\WINDOWS\\System32\\nview.dll\par
[2009/03/13 10:16:23 | 001,339,392 | ---- | C] () -- C:\\WINDOWS\\System32\\nvdspsch.exe\par
[2009/03/13 10:16:23 | 000,286,720 | ---- | C] () -- C:\\WINDOWS\\System32\\nvnt4cpl.dll\par
[2009/03/13 10:16:22 | 000,442,368 | ---- | C] () -- C:\\WINDOWS\\System32\\nvappbar.exe\par
[2009/03/13 10:16:22 | 000,425,984 | ---- | C] () -- C:\\WINDOWS\\System32\\keystone.exe\par
[2009/03/13 10:15:59 | 000,004,569 | ---- | C] () -- C:\\WINDOWS\\System32\\secupd.dat\par
[2009/03/13 10:15:58 | 000,433,698 | ---- | C] () -- C:\\WINDOWS\\System32\\perfh009.dat\par
[2009/03/13 10:15:58 | 000,272,128 | ---- | C] () -- C:\\WINDOWS\\System32\\perfi009.dat\par
[2009/03/13 10:15:58 | 000,067,984 | ---- | C] () -- C:\\WINDOWS\\System32\\perfc009.dat\par
[2009/03/13 10:15:58 | 000,028,626 | ---- | C] () -- C:\\WINDOWS\\System32\\perfd009.dat\par
[2009/03/13 10:15:58 | 000,004,524 | ---- | C] () -- C:\\WINDOWS\\System32\\oembios.dat\par
[2009/03/13 10:15:57 | 013,107,200 | ---- | C] () -- C:\\WINDOWS\\System32\\oembios.bin\par
[2009/03/13 10:15:57 | 000,000,741 | ---- | C] () -- C:\\WINDOWS\\System32\\noise.dat\par
[2009/03/13 10:15:56 | 000,673,088 | ---- | C] () -- C:\\WINDOWS\\System32\\mlang.dat\par
[2009/03/13 10:15:56 | 000,046,258 | ---- | C] () -- C:\\WINDOWS\\System32\\mib.bin\par
[2009/03/13 10:15:55 | 000,218,003 | ---- | C] () -- C:\\WINDOWS\\System32\\dssec.dat\par
[2009/03/13 10:15:54 | 000,001,804 | ---- | C] () -- C:\\WINDOWS\\System32\\Dcache.bin\par
[2009/03/13 02:22:41 | 000,004,161 | ---- | C] () -- C:\\WINDOWS\\ODBCINST.INI\par
[2009/03/13 02:22:07 | 000,526,512 | ---- | C] () -- C:\\WINDOWS\\System32\\FNTCACHE.DAT\par
[2002/11/26 21:12:16 | 000,147,456 | ---- | C] () -- C:\\WINDOWS\\System32\\lttls13n.dll\par
[2002/11/26 21:12:00 | 000,708,608 | ---- | C] () -- C:\\WINDOWS\\System32\\ltcry13n.dll\par
[1999/08/10 12:02:20 | 000,116,736 | ---- | C] () -- C:\\WINDOWS\\System32\\LFKODAK.DLL\par
[1999/08/10 12:02:16 | 000,343,040 | ---- | C] () -- C:\\WINDOWS\\System32\\lffpx7.dll\par
\par
========== Alternate Data Streams ==========\par
\par
@Alternate Data Stream - 95 bytes -> C:\\Documents and Settings\\All Users\\Application Data\\Temp:5C321E34\par
\par
< End of report >\par
}

[maliprog]

Hi realapp,

TDSSKiller removed rest of the infection and fixed keyboard driver that was infected. How is your system now? Test it after VRT scan and let me know.

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right



Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan


Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

[realapp]

Status: Disinfected (events: 25)
9/29/2011 9:09:40 AM Disinfected Trojan program Exploit.Java.CVE-2010-0840.cs C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\18\70b162d2-4b2dcf63 High
9/29/2011 9:09:40 AM Disinfected Trojan program Exploit.Java.CVE-2010-0840.cw C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\52\62385c74-6274a067 High
9/29/2011 9:09:40 AM Disinfected Trojan program Exploit.Java.CVE-2010-0840.cw C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\52\62385c74-6274a067/mail/MailAgent.class High
9/29/2011 9:09:40 AM Disinfected Trojan program Exploit.Java.CVE-2010-0840.cs C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\18\70b162d2-4b2dcf63/mail/MailAgent.class High
9/29/2011 9:09:41 AM Disinfected Trojan program Trojan.Java.Agent.ac C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\0\19a918c0-4de642be High
9/29/2011 9:09:41 AM Disinfected Trojan program Trojan.Java.Agent.ab C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\0\19a918c0-4de642be/Is.class High
9/29/2011 9:09:41 AM Disinfected Trojan program Trojan.Java.Agent.aa C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\0\19a918c0-4de642be/MyName.class High
9/29/2011 9:09:42 AM Disinfected Trojan program Trojan.Java.Agent.ac C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\0\38fadb00-48ba22e6 High
9/29/2011 9:09:42 AM Disinfected Trojan program Trojan.Java.Agent.ab C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\0\38fadb00-48ba22e6/Is.class High
9/29/2011 9:09:41 AM Disinfected Trojan program Trojan.Java.Agent.ac C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\0\19a918c0-4de642be/Phone.class High
9/29/2011 9:09:42 AM Disinfected Trojan program Trojan.Java.Agent.aa C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\0\38fadb00-48ba22e6/MyName.class High
9/29/2011 9:09:42 AM Disinfected Trojan program Trojan.Java.Agent.ac C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\0\38fadb00-48ba22e6/Phone.class High
9/29/2011 9:09:45 AM Disinfected Trojan program Exploit.Java.Agent.dy C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\18\6bd08ed2-6dd6cb06 High
9/29/2011 9:09:45 AM Disinfected Trojan program Exploit.Java.Agent.dx C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\18\6bd08ed2-6dd6cb06/JavaUpdateApplication.class High
9/29/2011 9:09:45 AM Disinfected Trojan program Exploit.Java.Agent.dy C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\18\6bd08ed2-6dd6cb06/JavaUpdateManager.class High
9/29/2011 9:10:12 AM Disinfected Trojan program Exploit.Java.CVE-2010-0840.cu C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\2\49a4e0c2-7f5c1824 High
9/29/2011 9:10:12 AM Disinfected Trojan program Exploit.Java.CVE-2010-0840.cu C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\2\49a4e0c2-7f5c1824/mail/MailAgent.class High
9/29/2011 9:10:16 AM Disinfected Trojan program Trojan-Downloader.Java.Agent.fy C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\29\52ef675d-4c9bc57d High
9/29/2011 9:10:16 AM Disinfected Trojan program Trojan-Downloader.Java.Agent.fx C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\29\52ef675d-4c9bc57d/gogol/Emailer.class High
9/29/2011 9:10:16 AM Disinfected Trojan program Exploit.Java.Agent.f C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\29\52ef675d-4c9bc57d/gogol/Familie.class High
9/29/2011 9:10:16 AM Disinfected Trojan program Trojan-Downloader.Java.Agent.fy C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\29\52ef675d-4c9bc57d/gogol/PhonBook.class High
9/29/2011 9:10:49 AM Disinfected Trojan program Trojan-Downloader.Java.Agent.fy C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\5\339aa645-26e88a97 High
9/29/2011 9:10:49 AM Disinfected Trojan program Trojan-Downloader.Java.Agent.fx C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\5\339aa645-26e88a97/gogol/Emailer.class High
9/29/2011 9:10:49 AM Disinfected Trojan program Exploit.Java.Agent.f C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\5\339aa645-26e88a97/gogol/Familie.class High
9/29/2011 9:10:49 AM Disinfected Trojan program Trojan-Downloader.Java.Agent.fy C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\5\339aa645-26e88a97/gogol/PhonBook.class High
Status: Deleted (events: 31)
9/29/2011 9:11:44 AM Deleted Trojan program Exploit.Java.CVE-2010-4452.a C:\Documents and Settings\Wayne\Application Data\Sun\Java\Deployment\cache\6.0\34\37db3fe2-39175957 High
9/29/2011 10:20:05 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP646\A0058924.sys High
9/29/2011 10:20:05 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP647\A0059924.sys High
9/29/2011 10:21:11 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP648\A0060924.sys High
9/29/2011 10:21:13 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP649\A0061924.sys High
9/29/2011 10:23:17 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP650\A0062019.sys High
9/29/2011 10:23:20 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP651\A0063019.sys High
9/29/2011 10:23:18 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP651\A0064019.sys High
9/29/2011 10:23:41 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP651\A0065019.sys High
9/29/2011 10:23:50 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP651\A0065070.sys High
9/29/2011 10:24:08 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP651\A0065146.sys High
9/29/2011 10:24:08 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP651\A0066146.sys High
9/29/2011 10:25:57 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP651\A0067146.sys High
9/29/2011 10:26:00 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP652\A0067238.sys High
9/29/2011 10:26:04 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP653\A0068238.sys High
9/29/2011 10:26:08 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP653\A0068261.sys High
9/29/2011 10:26:10 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP653\A0068270.sys High
9/29/2011 10:26:12 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP653\A0068305.sys High
9/29/2011 10:26:13 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP653\A0069305.sys High
9/29/2011 10:26:14 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP653\A0070305.sys High
9/29/2011 10:26:15 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP653\A0070329.sys High
9/29/2011 10:26:16 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP653\A0070345.sys High
9/29/2011 10:26:18 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP653\A0070361.sys High
9/29/2011 10:26:19 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP653\A0070377.sys High
9/29/2011 10:26:20 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP653\A0070393.sys High
9/29/2011 10:26:22 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP653\A0070410.sys High
9/29/2011 10:26:23 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP653\A0070427.sys High
9/29/2011 10:26:24 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP653\A0071427.sys High
9/29/2011 10:26:26 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP653\A0071446.sys High
9/29/2011 10:26:31 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP653\A0071475.sys High
9/29/2011 10:26:33 AM Deleted Trojan program Rootkit.Win32.ZAccess.e C:\System Volume Information\_restore{B498680B-D1B9-49BB-BA36-6806851B93D9}\RP653\A0072475.sys High

[maliprog]

How is your system now? Problems?

[realapp]

It seems to be runnning much better. Is everything clean now so I can add some antispware, etc?

[maliprog]

Hi realapp,

Your logs and system are clean now. I'm glad we fix up your computer. We need to clean up your PC from programs we used. After this you can install you favorite protection and other programs you want

Step 1

Please close all running programs and Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [clearallrestorepoints]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Step 2

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update

• Click Start, click Run, type sysdm.cpl, and then press ENTER.
• Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
• Click OK button

2. Delete Temp files

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automatically check for newer version of software installed on your system.

[realapp]

I did all the above, Can't seem to download the TFC file. I get the Internet Exploer error that says it blocked it. Why is this?

[maliprog]

That is optional download. You can try to download it later or try with different browser (like Firefox). Hope this helps.

Goodbye and stay safe

[realapp]

Ok, Thank you for your help!

[maliprog]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.