[KeithLawrence]

I got the 2012 XP Security virus and blue screen of death on my Dell desktop.

In safe mode I can ran TDSSKiller and it found Rootkit.Win32.ZAccess.c but does nto seem to cure it and I can't run Malware as it shows as not accessable when I try to open it. I also run in safe mode TheKiller program but also does nto seem to fix anything.

Love to have some help.
Keith
Pittsburgh PA

[Advertisements]

Hi
. My name is Michael and I am here to help you fix your computer.

Note: Before we start the process you should:

• POST your logs, don't attach them, as it makes it harder to read. Also please don't edit any log in any case
• Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
• Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.

Can you boot into normal mode? If yes, can you run any programs?


Next:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply


Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here




Next:



Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combofix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**



Next:


OTL Custom Scan

• Download OTL to your Desktop
• Double click on the icon to run it.
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top, make sure Stadard output is selected.
• Select Scan all users
• Check the boxes beside LOP Check and Purity Check.
• Under the Custom Scans/Fixes box copy and paste this in:
  
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  CREATERESTOREPOINT
  
• Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open OTL.Txt in Notepad window.
• Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

[michaelg9]

Hi
. My name is Michael and I am here to help you fix your computer.

Note: Before we start the process you should:

• POST your logs, don't attach them, as it makes it harder to read. Also please don't edit any log in any case
• Disable ANY programs that offer real-time protection features while executing my instructions. That includes your antivirus, antispyware, windows defender or any other program that offers protection. When you're clean or waiting for my next set of instructions, re-enable them .If you need any help disabling them, ask.
• Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.

Can you boot into normal mode? If yes, can you run any programs?


Next:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply


Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here




Next:



Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  

  -----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

  -----------------------------------------------------------

• Double click on combofix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**



Next:


OTL Custom Scan

• Download OTL to your Desktop
• Double click on the icon to run it.
• Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top, make sure Stadard output is selected.
• Select Scan all users
• Check the boxes beside LOP Check and Purity Check.
• Under the Custom Scans/Fixes box copy and paste this in:
  
  netsvcs
  %SYSTEMDRIVE%\*.exe
  /md5start
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  CREATERESTOREPOINT
  
• Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open OTL.Txt in Notepad window.
• Please copy (Edit->Select All, Edit->Copy) the content of this file and post it with your next reply.

[KeithLawrence]

Michael,

Thanks for the help. I used you guys about 5 years ago and "YOU ALL ARE THE BEST THIING SINCE 'CANNED BEER".

I tried to run the activities just like you had them posted but may have run into some troubles - user error or maybe the darn virius..

The Combofix seemed to lock up even after waiting an hour. So I closed it and then proceeded to the OTL.

I only got a text log from one of the procedures. I could not find the log or anything posted onto the desktop.

Here is the log I did get.

Again Many Thanks and looking forward to you continued help.
Keith

Attached Files

•  MBR.zip   499bytes   144 downloads

[michaelg9]

Hello,

Thanks for the help. I used you guys about 5 years ago and "YOU ALL ARE THE BEST THIING SINCE 'CANNED BEER".

Didn't aswMBR save the log to your Desktop after it had finished the scan?
If not, open aswmbr again, click scan and when it finishes take a screenshot of the screen showing what's aswmbr writing and post it here.
Tutorial how to take a screenshot here

Check in C:\ if that's where the OTL log (or any other log) is

[KeithLawrence]

Michael, I was able to find the AswMRB log and it is below.

aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-11 22:20:56
-----------------------------
22:20:56.781 OS Version: Windows 5.1.2600 Service Pack 3
22:20:56.781 Number of processors: 1 586 0x102
22:20:56.781 ComputerName: KEITH-M9FXN5D74 UserName: Keith Lawrence
22:20:57.140 Initialize success
22:21:25.625 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:21:25.625 Disk 0 Vendor: WDC_WD1600JB-00REA0 20.00K20 Size: 152627MB BusType: 3
22:21:27.625 Disk 0 MBR read successfully
22:21:27.625 Disk 0 MBR scan
22:21:27.625 Disk 0 Windows XP default MBR code
22:21:29.625 Disk 0 scanning sectors +268430085
22:21:29.640 Disk 0 scanning C:\WINDOWS\system32\drivers
22:21:30.328 File: C:\WINDOWS\system32\drivers\afd.sys **SUSPICIOUS**
22:21:46.609 File: C:\WINDOWS\system32\drivers\netbt.sys **SUSPICIOUS**
22:22:00.171 Service scanning
22:22:01.234 Disk 0 trace - called modules:
22:22:01.250 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xf1a09890]<<
22:22:01.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87397ab8]
22:22:01.250 3 CLASSPNP.SYS[f76affd7] -> nt!IofCallDriver -> [0x86b57030]
22:22:01.265 \Driver\Disk[0x86de9c30] -> IRP_MJ_CREATE -> 0xf1a09890
22:22:01.578 Scan finished successfully
22:22:13.234 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
22:22:13.296 The log file has been saved successfully to "F:\aswMBR.txt"

The OTL seems to run and start scanning but then it just closes and I cannot find a log in any drive (C or F - pen drive).

I still have a bluescreen in place of my desktop and only simple MS office programs seem to be working. No internet connection so I'm running these checks off of a pen drive.

Keith

[michaelg9]

Hello,

There's something lurking there.


Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Next:

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.

[KeithLawrence]

Here you go:

2011/07/12 19:38:14.0625 3180 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/12 19:38:14.0734 3180 ================================================================================
2011/07/12 19:38:14.0734 3180 SystemInfo:
2011/07/12 19:38:14.0734 3180
2011/07/12 19:38:14.0734 3180 OS Version: 5.1.2600 ServicePack: 3.0
2011/07/12 19:38:14.0734 3180 Product type: Workstation
2011/07/12 19:38:14.0734 3180 ComputerName: KEITH-M9FXN5D74
2011/07/12 19:38:14.0734 3180 UserName: Keith Lawrence
2011/07/12 19:38:14.0734 3180 Windows directory: C:\WINDOWS
2011/07/12 19:38:14.0734 3180 System windows directory: C:\WINDOWS
2011/07/12 19:38:14.0734 3180 Processor architecture: Intel x86
2011/07/12 19:38:14.0734 3180 Number of processors: 1
2011/07/12 19:38:14.0734 3180 Page size: 0x1000
2011/07/12 19:38:14.0734 3180 Boot type: Normal boot
2011/07/12 19:38:14.0734 3180 ================================================================================
2011/07/12 19:38:15.0890 3180 Initialize success
2011/07/12 19:38:20.0484 1936 ================================================================================
2011/07/12 19:38:20.0484 1936 Scan started
2011/07/12 19:38:20.0484 1936 Mode: Manual;
2011/07/12 19:38:20.0484 1936 ================================================================================
2011/07/12 19:38:21.0828 1936 Suspicious service (NoAccess): 1142386238
2011/07/12 19:38:21.0937 1936 1142386238 (78bdf35b004b490074acea8a885cbb8d) C:\WINDOWS\system32\drivers\1142386238.sys
2011/07/12 19:38:21.0937 1936 Suspicious file (NoAccess): C:\WINDOWS\system32\drivers\1142386238.sys. md5: 78bdf35b004b490074acea8a885cbb8d
2011/07/12 19:38:21.0968 1936 1142386238 - detected LockedService.Multi.Generic (1)
2011/07/12 19:38:22.0203 1936 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2011/07/12 19:38:22.0296 1936 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/12 19:38:22.0406 1936 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/12 19:38:22.0562 1936 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/07/12 19:38:22.0671 1936 AFD (23d45ec189f20e70bd703f8887052d2a) C:\WINDOWS\System32\drivers\afd.sys
2011/07/12 19:38:22.0718 1936 AFD - detected Rootkit.Win32.ZAccess.c (0)
2011/07/12 19:38:22.0796 1936 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/07/12 19:38:23.0390 1936 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/07/12 19:38:23.0531 1936 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/12 19:38:23.0625 1936 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\drivers\atapi.sys
2011/07/12 19:38:23.0796 1936 ati2mpaa (9027ae586ef5f0e6a40175e92917b44c) C:\WINDOWS\system32\DRIVERS\ati2mpaa.sys
2011/07/12 19:38:23.0906 1936 ati2mtaa (075e091eebb450eedae9da74f5b46494) C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys
2011/07/12 19:38:24.0000 1936 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/12 19:38:24.0109 1936 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/12 19:38:24.0234 1936 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/07/12 19:38:24.0390 1936 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2011/07/12 19:38:24.0593 1936 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/12 19:38:24.0734 1936 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/12 19:38:24.0781 1936 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/12 19:38:24.0859 1936 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/12 19:38:25.0312 1936 DcCam (30e4c5de753616ba1243a05a4ff5aad2) C:\WINDOWS\system32\DRIVERS\DcCam.sys
2011/07/12 19:38:25.0406 1936 DcFpoint (a444074caaccc2e794d2e5f93d2679ee) C:\WINDOWS\system32\DRIVERS\DcFpoint.sys
2011/07/12 19:38:25.0484 1936 DCFS2K (6e770432a09617ca74cb0525edf06ef3) C:\WINDOWS\system32\drivers\dcfs2k.sys
2011/07/12 19:38:25.0546 1936 DcLps (89977377aa94d71c1dde3a82d23223cc) C:\WINDOWS\system32\DRIVERS\DcLps.sys
2011/07/12 19:38:25.0625 1936 DcPTP (ce0ae71bb5a092d5bb0b298d5bc7a208) C:\WINDOWS\system32\DRIVERS\DcPTP.sys
2011/07/12 19:38:25.0734 1936 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/12 19:38:25.0875 1936 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/12 19:38:25.0968 1936 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/12 19:38:26.0015 1936 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/12 19:38:26.0109 1936 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/12 19:38:26.0218 1936 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/12 19:38:26.0343 1936 Exportit (80fb249def6f5a157b531349e71cc6ac) C:\WINDOWS\system32\DRIVERS\exportit.sys
2011/07/12 19:38:26.0437 1936 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/12 19:38:26.0500 1936 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/12 19:38:26.0546 1936 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/12 19:38:26.0625 1936 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/12 19:38:26.0718 1936 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/07/12 19:38:26.0812 1936 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/12 19:38:26.0875 1936 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/12 19:38:26.0984 1936 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/07/12 19:38:27.0093 1936 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/12 19:38:27.0187 1936 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys
2011/07/12 19:38:27.0312 1936 HCF_MSFT (4236e014632f4163f53ebb717f41594c) C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys
2011/07/12 19:38:27.0437 1936 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/12 19:38:27.0656 1936 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/12 19:38:27.0843 1936 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/12 19:38:27.0921 1936 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/12 19:38:28.0062 1936 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/07/12 19:38:28.0156 1936 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/07/12 19:38:28.0250 1936 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/12 19:38:28.0328 1936 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/12 19:38:28.0421 1936 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/12 19:38:28.0500 1936 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/12 19:38:28.0609 1936 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/12 19:38:28.0718 1936 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/12 19:38:28.0859 1936 ISWKL (2e41433579de4381f1b0f7b30b013ddc) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
2011/07/12 19:38:28.0968 1936 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/12 19:38:29.0046 1936 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/12 19:38:29.0156 1936 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/12 19:38:29.0328 1936 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/12 19:38:29.0546 1936 libusb0 (e2f1dcf4a68cc6cf694fbfba1842f4cd) C:\WINDOWS\system32\drivers\libusb0.sys
2011/07/12 19:38:29.0687 1936 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/12 19:38:29.0796 1936 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/12 19:38:29.0890 1936 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/12 19:38:29.0984 1936 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/12 19:38:30.0062 1936 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/12 19:38:30.0218 1936 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/12 19:38:30.0328 1936 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/12 19:38:30.0453 1936 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/12 19:38:30.0562 1936 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/12 19:38:30.0671 1936 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/12 19:38:30.0765 1936 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/12 19:38:30.0843 1936 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/12 19:38:30.0921 1936 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/12 19:38:31.0031 1936 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/12 19:38:31.0078 1936 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/12 19:38:31.0156 1936 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/12 19:38:31.0218 1936 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/12 19:38:31.0328 1936 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/12 19:38:31.0390 1936 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/12 19:38:31.0484 1936 NetBT (dffdb7d5d0cf660945cad5863ee3577c) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/12 19:38:31.0484 1936 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: dffdb7d5d0cf660945cad5863ee3577c, Fake md5: 74b2b2f5bea5e9a3dc021d685551bd3d
2011/07/12 19:38:31.0500 1936 NetBT - detected Rootkit.Win32.ZAccess.c (0)
2011/07/12 19:38:31.0656 1936 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/12 19:38:31.0750 1936 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/12 19:38:31.0843 1936 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/12 19:38:31.0937 1936 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/12 19:38:32.0015 1936 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/12 19:38:32.0078 1936 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/12 19:38:32.0156 1936 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/12 19:38:32.0234 1936 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/12 19:38:32.0312 1936 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\drivers\pavboot.sys
2011/07/12 19:38:32.0406 1936 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/12 19:38:32.0609 1936 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/12 19:38:33.0203 1936 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/12 19:38:33.0265 1936 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/07/12 19:38:33.0359 1936 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/12 19:38:33.0406 1936 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/12 19:38:33.0750 1936 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/12 19:38:33.0828 1936 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/12 19:38:33.0906 1936 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/12 19:38:33.0953 1936 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/12 19:38:34.0062 1936 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/12 19:38:34.0109 1936 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/12 19:38:34.0218 1936 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/12 19:38:34.0312 1936 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/12 19:38:34.0468 1936 RTL8023xp (7a64f7e115b7db0e0654e8e54147c1f1) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/07/12 19:38:34.0562 1936 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/07/12 19:38:34.0687 1936 RTL8167 (05c2613f661584190c752f6184d1c8ef) C:\WINDOWS\system32\DRIVERS\Rt86win7.sys
2011/07/12 19:38:34.0843 1936 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/12 19:38:34.0968 1936 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/12 19:38:35.0046 1936 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/12 19:38:35.0187 1936 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/12 19:38:35.0421 1936 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/12 19:38:35.0546 1936 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/12 19:38:35.0765 1936 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/12 19:38:35.0937 1936 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/12 19:38:36.0046 1936 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/12 19:38:36.0406 1936 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/12 19:38:36.0531 1936 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/12 19:38:36.0656 1936 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/12 19:38:36.0734 1936 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/12 19:38:36.0828 1936 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/12 19:38:37.0062 1936 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/12 19:38:37.0218 1936 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/12 19:38:37.0343 1936 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/07/12 19:38:37.0437 1936 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/12 19:38:37.0546 1936 USBCM (d21cde1c635bcc5053463579eee453cf) C:\WINDOWS\system32\DRIVERS\Sacm2A.sys
2011/07/12 19:38:37.0640 1936 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/12 19:38:37.0734 1936 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/07/12 19:38:37.0812 1936 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/12 19:38:37.0875 1936 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/12 19:38:37.0968 1936 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/07/12 19:38:38.0078 1936 USB_RNDIS (bee793d4a059caea55d6ac20e19b3a8f) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2011/07/12 19:38:38.0171 1936 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/07/12 19:38:38.0328 1936 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/12 19:38:38.0437 1936 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
2011/07/12 19:38:38.0656 1936 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/12 19:38:38.0750 1936 wandrv (30211add92098d4b5cfadbf3da01e69b) C:\WINDOWS\system32\DRIVERS\wandrv.sys
2011/07/12 19:38:38.0921 1936 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/12 19:38:39.0171 1936 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/07/12 19:38:39.0281 1936 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/07/12 19:38:39.0375 1936 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/07/12 19:38:39.0546 1936 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/07/12 19:38:39.0781 1936 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR12
2011/07/12 19:38:39.0890 1936 Boot (0x1200) (67d2baeff3ecf5d5d62c691cc355d09c) \Device\Harddisk0\DR0\Partition0
2011/07/12 19:38:39.0953 1936 Boot (0x1200) (0003eb602a54c8a1c58128ed2e6d7204) \Device\Harddisk1\DR12\Partition0
2011/07/12 19:38:39.0968 1936 ================================================================================
2011/07/12 19:38:39.0968 1936 Scan finished
2011/07/12 19:38:39.0968 1936 ================================================================================
2011/07/12 19:38:40.0015 3820 Detected object count: 3
2011/07/12 19:38:40.0015 3820 Actual detected object count: 3
2011/07/12 19:38:43.0437 3820 LockedService.Multi.Generic(1142386238) - User select action: Skip
2011/07/12 19:38:43.0546 3820 AFD (23d45ec189f20e70bd703f8887052d2a) C:\WINDOWS\System32\drivers\afd.sys
2011/07/12 19:38:43.0859 3820 Backup copy not found, trying to cure infected file..
2011/07/12 19:38:43.0859 3820 C:\WINDOWS\System32\drivers\afd.sys - Cure failed (FFFFFFFF)
2011/07/12 19:38:43.0859 3820 C:\WINDOWS\System32\drivers\afd.sys - processing error
2011/07/12 19:38:43.0859 3820 Rootkit.Win32.ZAccess.c(AFD) - User select action: Cure
2011/07/12 19:38:43.0968 3820 NetBT (dffdb7d5d0cf660945cad5863ee3577c) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/12 19:38:43.0984 3820 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: dffdb7d5d0cf660945cad5863ee3577c, Fake md5: 74b2b2f5bea5e9a3dc021d685551bd3d
2011/07/12 19:38:51.0031 3820 Backup copy found, using it..
2011/07/12 19:38:51.0078 3820 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured after reboot
2011/07/12 19:38:51.0078 3820 Rootkit.Win32.ZAccess.c(NetBT) - User select action: Cure
2011/07/12 19:38:58.0265 3856 Deinitialize success

And:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 123):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF7B6F000 \WINDOWS\system32\KDCOM.DLL
0xF7A7F000 \WINDOWS\system32\BOOTVID.dll
0xF7639000 74501461.sys
0xF760B000 ACPI.sys
0xF7B71000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF75FA000 pci.sys
0xF766F000 isapnp.sys
0xF7B73000 intelide.sys
0xF78EF000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF767F000 MountMgr.sys
0xF75DB000 ftdisk.sys
0xF78F7000 PartMgr.sys
0xF78FF000 pavboot.sys
0xF768F000 VolSnap.sys
0xF75C3000 atapi.sys
0xF769F000 disk.sys
0xF76AF000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF75A3000 fltmgr.sys
0xF7591000 sr.sys
0xF757A000 KSecDD.sys
0xF74ED000 Ntfs.sys
0xF74C0000 NDIS.sys
0xF74A6000 Mup.sys
0xF76BF000 agp440.sys
0xF7A27000 \SystemRoot\System32\Drivers\1142386238.SYS
0xF77FF000 \SystemRoot\System32\DRIVERS\processr.sys
0xF7340000 \SystemRoot\system32\DRIVERS\ati2mtaa.sys
0xF732C000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF724E000 \SystemRoot\System32\DRIVERS\HCF_MSFT.sys
0xF7A2F000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7A37000 \SystemRoot\system32\DRIVERS\RTL8139.SYS
0xF7A3F000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF780F000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF7A47000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF781F000 \SystemRoot\System32\DRIVERS\serial.sys
0xF7AF3000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF723A000 \SystemRoot\System32\DRIVERS\parport.sys
0xF782F000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF783F000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF7217000 \SystemRoot\System32\DRIVERS\ks.sys
0xF7A4F000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF784F000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF7A57000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF71F3000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF71DB000 \SystemRoot\system32\drivers\ac97intc.sys
0xF71B7000 \SystemRoot\system32\drivers\portcls.sys
0xF785F000 \SystemRoot\system32\drivers\drmk.sys
0xF786F000 \SystemRoot\system32\drivers\libusb0.sys
0xF7BA1000 \SystemRoot\system32\drivers\usbd.sys
0xF7D56000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF787F000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF73A5000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF71A0000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF788F000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF789F000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7A5F000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF718F000 \SystemRoot\System32\DRIVERS\psched.sys
0xF78AF000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7A67000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7A6F000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF78BF000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7A77000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF7BA5000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF7120000 \SystemRoot\System32\DRIVERS\update.sys
0xF738D000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF76EF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF70AE000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7997000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF7BFB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF708E000 \SystemRoot\System32\DRIVERS\DcCam.sys
0xF3B94000 \SystemRoot\System32\DRIVERS\EXPORTIT.SYS
0xF7CF5000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BFD000 \SystemRoot\System32\Drivers\Beep.SYS
0xF79A7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF79AF000 \SystemRoot\System32\drivers\vga.sys
0xF7BFF000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7C01000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF79B7000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF79BF000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7B47000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF3B61000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF3B08000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF3AE0000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF705E000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF3A39000 \SystemRoot\System32\vsdatant.sys
0xF704E000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF3A0E000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF399E000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF703E000 \SystemRoot\System32\Drivers\Fips.SYS
0xF3CAE000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF6D3A000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xF3C9E000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xF79C7000 \SystemRoot\System32\DRIVERS\usbprint.sys
0xF6D36000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xF3986000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7C1D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF7B2F000 \SystemRoot\System32\drivers\Dxapi.sys
0xF79DF000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CBA000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvaa.dll
0xBF060000 \SystemRoot\System32\ATMFD.DLL
0xF776F000 \SystemRoot\system32\drivers\dcfs2k.sys
0xF2916000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF7A17000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
0xF26BA000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF2665000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF7B7B000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF7B7F000 \SystemRoot\System32\Drivers\ASCTRM.SYS
0xF251D000 \SystemRoot\System32\DRIVERS\srv.sys
0xF2300000 \SystemRoot\system32\drivers\wdmaud.sys
0xF235D000 \SystemRoot\system32\drivers\sysaudio.sys
0xF7BE3000 \SystemRoot\system32\drivers\splitter.sys
0xF22DD000 \SystemRoot\system32\drivers\aec.sys
0xF249D000 \SystemRoot\system32\drivers\swmidi.sys
0xF248D000 \SystemRoot\system32\drivers\DMusic.sys
0xF22B2000 \SystemRoot\system32\drivers\kmixer.sys
0xF7D2A000 \SystemRoot\system32\drivers\drmkaud.sys
0xF7A1F000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 27):
0 System Idle Process
4 System
428 C:\WINDOWS\system32\smss.exe
536 csrss.exe
560 C:\WINDOWS\system32\winlogon.exe
620 C:\WINDOWS\system32\services.exe
632 C:\WINDOWS\system32\lsass.exe
804 C:\WINDOWS\system32\svchost.exe
872 svchost.exe
936 C:\WINDOWS\system32\svchost.exe
984 svchost.exe
1216 C:\WINDOWS\system32\spoolsv.exe
224 svchost.exe
532 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
820 C:\WINDOWS\system32\drivers\KodakCCS.exe
920 C:\WINDOWS\system32\libusbd-nt.exe
1068 C:\WINDOWS\system32\svchost.exe
1140 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
1396 C:\Program Files\Canon\CAL\CALMAIN.exe
932 C:\WINDOWS\explorer.exe
336 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
1256 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
400 C:\Program Files\iTunes\iTunesHelper.exe
416 C:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
452 C:\WINDOWS\system32\ctfmon.exe
236 C:\Program Files\iPod\bin\iPodService.exe
344 F:\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD1600JB-00REA0, Rev: 20.00K20

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

THANKS FOR STICKING WITH ME ON THIS!
Keith

[michaelg9]

Hello,

Delete the copy of Combofix you have

Download Combofix from any of the links below but rename it to explorer.exe before saving it to your Desktop.

Link 1
Link 2
Link 3


==================================

Double click on the renamed ComboFix.exe & follow the prompts.

• When finished, it will produce a report for you.
• Please post the C:\ComboFix.txt so we can continue cleaning the system.

Next:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Services
  1142386238
  
  :Files
  C:\WINDOWS\system32\drivers\1142386238.sys
  
  :Commands
  [purity]
  [emptytemp]
  [EMPTYFLASH]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again.Make sure all other windows are closed and to let it run uninterrupted.
• Click the None button. Do not change any settings unless otherwise told to do so.
• Under the Custom Scans/Fixes box at the bottom, paste in the following:
  

  /md5start
  afd.sys
  netbt.sys
  /md5stop

• Press Run Scan
• When the scan completes, it will open a notepad window. OTL.Txt.This is saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it in your topic

[KeithLawrence]

I tried combofix as explorer but it seems to hang up and not complete.
I get a bunch of "access is denied" lines and then nothing more even after wiating up to an hour.


OTL seemed to run fine:

OTL logfile created on: 7/13/2011 11:51:33 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = F:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.01 Mb Total Physical Memory | 762.74 Mb Available Physical Memory | 74.56% Memory free
1.39 Gb Paging File | 1.27 Gb Available in Paging File | 91.09% Paging File free
Paging file location(s): C:\pagefile.sys 500 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 128.00 Gb Total Space | 73.75 Gb Free Space | 57.62% Space Free | Partition Type: NTFS
Drive F: | 60.73 Mb Total Space | 43.72 Mb Free Space | 71.99% Space Free | Partition Type: FAT

Computer Name: KEITH-M9FXN5D74 | User Name: Keith Lawrence | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========



< MD5 for: AFD.SYS >
[2011/07/01 21:31:40 | 000,276,992 | ---- | M] () MD5=23D45EC189F20E70BD703F8887052D2A -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/13 15:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008/04/13 15:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2011/02/16 09:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\system32\dllcache\afd.sys
[2008/10/16 11:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/08/14 06:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2001/08/18 08:00:00 | 000,130,688 | ---- | M] (Microsoft Corporation) MD5=560DCE566000FED5BBFCBCA321DBB84B -- C:\Boot Files\C_\WINDOWS\SYSTEM32\DRIVERS\AFD.SYS
[2001/08/18 08:00:00 | 000,130,688 | ---- | M] (Microsoft Corporation) MD5=560DCE566000FED5BBFCBCA321DBB84B -- C:\I386\AFD.SYS
[2004/08/04 02:14:14 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys
[2008/10/16 10:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011/02/16 09:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008/06/20 06:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2008/06/20 07:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008/06/20 06:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008/06/20 07:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2008/06/20 07:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys

< MD5 for: NETBT.SYS >
[2004/08/04 02:14:37 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2001/08/18 08:00:00 | 000,150,272 | ---- | M] (Microsoft Corporation) MD5=58A5116194BC0AD86A6BBDBDFA5E1240 -- C:\Boot Files\C_\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS
[2001/08/18 08:00:00 | 000,150,272 | ---- | M] (Microsoft Corporation) MD5=58A5116194BC0AD86A6BBDBDFA5E1240 -- C:\I386\NETBT.SYS
[2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2011/07/12 19:39:36 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys

< End of report >


Thanks.
Keith

[michaelg9]

Hello

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :Files
  C:\WINDOWS\system32\drivers\afd.sys|C:\WINDOWS\ServicePackFiles\i386\afd.sys /replace
  
  :Commands
  [purity]
  [emptytemp]
  [EMPTYFLASH]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Next:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply


Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here

[KeithLawrence]

OTL logfile created on: 7/18/2011 8:31:22 PM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = F:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.01 Mb Total Physical Memory | 679.22 Mb Available Physical Memory | 66.39% Memory free
1.39 Gb Paging File | 1.17 Gb Available in Paging File | 84.12% Paging File free
Paging file location(s): C:\pagefile.sys 500 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 128.00 Gb Total Space | 73.71 Gb Free Space | 57.58% Space Free | Partition Type: NTFS
Drive F: | 60.73 Mb Total Space | 43.63 Mb Free Space | 71.85% Space Free | Partition Type: FAT

Computer Name: KEITH-M9FXN5D74 | User Name: Keith Lawrence | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/10 08:14:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/06/23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/05/26 09:35:14 | 000,730,600 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2009/03/16 14:54:50 | 000,362,096 | ---- | M] (Auslogics) -- C:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 15:55:42 | 000,098,304 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/03/09 21:50:18 | 000,020,992 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe
PRC - [2003/06/18 09:54:10 | 000,296,960 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe


========== Modules (SafeList) ==========

MOD - [2011/07/10 08:14:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (COMServer)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/09/01 15:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Start_Pending] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/05/26 09:35:18 | 000,493,032 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2007/01/31 15:55:42 | 000,098,304 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/03/09 21:50:18 | 000,020,992 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd)
SRV - [2003/06/18 09:54:10 | 000,296,960 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)


========== Driver Services (SafeList) ==========

DRV - [2011/07/02 00:02:51 | 000,295,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa)
DRV - [2010/05/26 09:35:10 | 000,026,352 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/09/29 18:47:18 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/05/05 22:30:40 | 000,104,704 | R--- | M] (Dynex ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2006/08/24 19:53:09 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/03/09 15:50:20 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2004/08/04 00:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/06/09 19:42:38 | 000,015,429 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sacm2A.sys -- (USBCM)
DRV - [2003/06/18 09:53:08 | 000,138,485 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2003/06/18 09:53:08 | 000,063,002 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2003/06/18 09:53:08 | 000,061,568 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2003/06/18 09:53:08 | 000,038,997 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2003/06/18 09:53:08 | 000,036,826 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2003/06/18 09:53:08 | 000,008,058 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2001/08/17 09:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/08/17 08:48:52 | 000,281,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mpaa.sys -- (ati2mpaa)
DRV - [2001/08/09 16:25:22 | 000,022,608 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wandrv.sys -- (wandrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/"
FF - prefs.js..extensions.enabledItems: {3A79CE83-F651-4E6B-866F-1C08B657CF13}:1.9.1
FF - prefs.js..extensions.enabledItems: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.ftp: ":0"
FF - prefs.js..network.proxy.gopher: ":0"
FF - prefs.js..network.proxy.http: ":0"
FF - prefs.js..network.proxy.no_proxies_on: "localhost"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: ":0"
FF - prefs.js..network.proxy.ssl: ":0"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=7: C:\Program Files\Google\Google Updater\1.4.681.27779\npCIDetect7.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3A79CE83-F651-4E6B-866F-1C08B657CF13}: C:\Documents and Settings\Keith Lawrence\Local Settings\Application Data\{3A79CE83-F651-4E6B-866F-1C08B657CF13} [2010/06/24 10:43:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/02/07 09:30:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/29 14:47:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/29 14:47:52 | 000,000,000 | ---D | M]

[2009/01/10 10:30:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Keith Lawrence\Application Data\Mozilla\Extensions
[2008/05/01 19:37:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Keith Lawrence\Application Data\Mozilla\Extensions\[email protected]
[2011/07/10 12:22:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Keith Lawrence\Application Data\Mozilla\Firefox\Profiles\i5aydvc4.default\extensions
[2010/05/25 09:34:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Keith Lawrence\Application Data\Mozilla\Firefox\Profiles\i5aydvc4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/13 10:25:03 | 000,000,000 | ---D | M] (ZoneAlarm Community Toolbar) -- C:\Documents and Settings\Keith Lawrence\Application Data\Mozilla\Firefox\Profiles\i5aydvc4.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
[2010/09/15 13:03:30 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Keith Lawrence\Application Data\Mozilla\Firefox\Profiles\i5aydvc4.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/07/10 12:22:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/16 23:42:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/06/24 10:43:45 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\KEITH LAWRENCE\LOCAL SETTINGS\APPLICATION DATA\{3A79CE83-F651-4E6B-866F-1C08B657CF13}
[2011/02/07 09:30:07 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
[2010/09/16 23:41:41 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/09/16 23:41:41 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/12/25 22:24:10 | 000,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\mozilla firefox\plugins\NPZoneSB.dll

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - File not found
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKCU\..\Toolbar\ShellBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKCU\..\Toolbar\WebBrowser: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Auslogics BoostSpeed 4] C:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe (Auslogics)
O4 - HKCU..\Run: [Microsoft Works Update Detection] File not found
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\Keith Lawrence\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1162857106687 (MUWebControl Class)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.w...ler/install.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} http://support.f-sec.../ols3/fscax.cab (F-Secure Online Scanner 3.0)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Keith Lawrence\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/06 19:25:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{581c3128-db29-11dc-9747-0016b521fd25}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/13 23:21:31 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/07/13 22:43:19 | 004,149,767 | R--- | C] (Swearware) -- C:\ComboFix.exe
[2011/07/02 00:28:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/02 00:28:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/02 00:28:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/02 00:28:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/02 00:27:55 | 000,000,000 | --SD | C] -- C:\ABCD
[2011/07/02 00:05:27 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/07/01 19:20:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Keith Lawrence\Recent
[2011/07/01 19:20:10 | 000,452,608 | ---- | C] (R-Tools Technology Inc.) -- C:\Documents and Settings\All Users\Application Data\VDPLtsHLVdsd.exe
[2011/04/07 13:18:29 | 000,548,864 | ---- | C] (GPA) -- C:\Documents and Settings\All Users\Application Data\wWrdTMJysnURH.exe
[2010/03/13 10:53:43 | 000,891,248 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_9_40_cnet.exe
[2010/03/10 23:59:16 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
[2010/03/09 19:42:48 | 003,012,768 | ---- | C] (Javacool Software LLC ) -- C:\Program Files\spywareblastersetup42.exe
[2010/03/07 20:49:52 | 034,868,752 | ---- | C] (PC Tools ) -- C:\Program Files\sdsetup_aff.exe
[2009/05/25 12:29:14 | 004,989,464 | ---- | C] (Auslogics Software Pty Ltd ) -- C:\Program Files\boost-speed-setup.exe
[2009/02/27 22:08:32 | 002,869,536 | ---- | C] (Javacool Software LLC ) -- C:\Program Files\spywareblastersetup41.exe
[2009/01/07 19:36:23 | 054,157,776 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_8_176a1399.exe
[2008/10/15 14:27:09 | 000,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2A.sys
[3 C:\Documents and Settings\Keith Lawrence\My Documents\*.tmp files -> C:\Documents and Settings\Keith Lawrence\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/18 20:33:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2011/07/18 20:10:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/13 08:37:48 | 004,149,767 | R--- | M] (Swearware) -- C:\ComboFix.exe
[2011/07/09 13:34:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/02 14:51:58 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/01 22:09:55 | 000,016,174 | -HS- | M] () -- C:\Documents and Settings\Keith Lawrence\Local Settings\Application Data\031g7vv05gcak80b
[2011/07/01 22:09:55 | 000,016,174 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\031g7vv05gcak80b
[2011/07/01 19:45:01 | 000,352,256 | ---- | M] () -- C:\Documents and Settings\Keith Lawrence\Local Settings\Application Data\rpa.exe
[2011/07/01 19:20:04 | 000,452,608 | ---- | M] (R-Tools Technology Inc.) -- C:\Documents and Settings\All Users\Application Data\VDPLtsHLVdsd.exe
[2011/06/29 10:38:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[3 C:\Documents and Settings\Keith Lawrence\My Documents\*.tmp files -> C:\Documents and Settings\Keith Lawrence\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/02 00:46:30 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/02 00:28:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/02 00:28:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/02 00:28:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/02 00:28:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/01 22:22:57 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Streets & Trips 2002.lnk
[2011/07/01 22:22:57 | 000,001,934 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Money 2002.lnk
[2011/07/01 22:22:57 | 000,001,853 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN Explorer.lnk
[2011/07/01 22:22:57 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/07/01 22:22:57 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk
[2011/07/01 22:22:57 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Solution Center.lnk
[2011/07/01 22:22:57 | 000,001,549 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works.lnk
[2011/07/01 22:22:57 | 000,001,535 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Picture It! Photo 2002.lnk
[2011/07/01 22:22:57 | 000,000,888 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Reader 5.0.lnk
[2011/07/01 22:22:57 | 000,000,453 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\DellTouch.lnk
[2011/07/01 20:35:59 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/07/01 19:45:05 | 000,016,174 | -HS- | C] () -- C:\Documents and Settings\Keith Lawrence\Local Settings\Application Data\031g7vv05gcak80b
[2011/07/01 19:45:05 | 000,016,174 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\031g7vv05gcak80b
[2011/07/01 19:45:01 | 000,352,256 | ---- | C] () -- C:\Documents and Settings\Keith Lawrence\Local Settings\Application Data\rpa.exe
[2011/03/01 13:42:44 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Keith Lawrence\Local Settings\Application Data\d3d9caps.dat
[2010/11/25 12:01:34 | 000,045,540 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/06/24 10:43:50 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Iwakuvifukifuriz.dat
[2010/06/24 10:43:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mxevuyozewahatew.bin
[2010/04/03 13:26:59 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/03/29 13:20:08 | 001,529,241 | ---- | C] () -- C:\Program Files\SDFix.exe
[2010/03/24 19:16:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Keith Lawrence\Local Settings\Application Data\prvlcl.dat
[2010/03/07 20:33:07 | 000,154,657 | ---- | C] () -- C:\Program Files\tdsskiller.zip
[2010/03/07 10:54:36 | 000,008,988 | -HS- | C] () -- C:\Documents and Settings\Keith Lawrence\Local Settings\Application Data\3b4272touB
[2009/05/08 20:40:57 | 000,063,730 | ---- | C] () -- C:\Program Files\viewsonicinstruct_xp.pdf
[2009/05/08 20:40:29 | 000,000,088 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2009/02/27 22:12:43 | 000,177,240 | ---- | C] () -- C:\Program Files\activescan2_en.exe
[2009/02/27 22:10:30 | 000,680,960 | ---- | C] () -- C:\WINDOWS\is-JO5E9.exe
[2009/02/22 21:19:10 | 000,000,000 | ---- | C] () -- C:\Program Files\Download_SD6.0.0.362h-sdregnow-sdsetup.exe
[2009/02/22 13:54:06 | 000,000,544 | ---- | C] () -- C:\Program Files\dwpfix.reg
[2009/02/22 10:22:32 | 000,267,152 | ---- | C] () -- C:\Program Files\zaSetup_en.exe
[2009/02/12 19:07:55 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/10/15 14:27:10 | 000,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys
[2008/10/15 14:27:09 | 000,135,168 | R--- | C] () -- C:\WINDOWS\UNDPX2A.exe
[2008/03/31 20:47:30 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\keydb.dll
[2008/03/31 20:47:29 | 000,302,592 | ---- | C] () -- C:\WINDOWS\System32\pgp.dll
[2008/03/31 20:47:29 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\simple.dll
[2008/03/31 20:47:29 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\bn.dll
[2007/12/30 17:01:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/03/22 19:53:18 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/24 19:59:49 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
[2006/11/05 10:12:40 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/11/04 10:03:46 | 000,001,168 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/11/01 10:59:47 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/11/01 10:37:32 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/11/01 10:30:59 | 000,021,312 | ---- | C] () -- C:\WINDOWS\choice.exe
[2006/11/01 01:15:38 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/10/31 08:37:14 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/10/31 08:09:12 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2006/10/24 18:34:53 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Keith Lawrence.ini
[2006/04/06 21:39:51 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/06 19:28:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/06 19:22:31 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/04/06 15:15:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/06 15:14:13 | 000,225,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/10/29 09:52:37 | 000,000,001 | ---- | C] () -- C:\WINDOWS\twainx.bin
[2005/10/02 15:00:48 | 001,138,643 | ---- | C] () -- C:\Program Files\CVS Camcorder Quickinstall v2.13.exe
[2005/08/09 12:53:27 | 000,000,001 | ---- | C] () -- C:\WINDOWS\imsins_.bin
[2005/03/19 14:04:55 | 000,000,002 | ---- | C] () -- C:\WINDOWS\twain.bin
[2005/02/12 15:02:36 | 000,001,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\papyjoy.sys
[2005/02/12 15:02:35 | 000,001,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\papycpu.sys
[2004/12/20 10:08:28 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 10:03:26 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/01/24 09:37:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/01/24 09:25:54 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5c.DLL
[2003/12/25 10:01:04 | 000,000,838 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2003/12/02 19:45:55 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/09/06 08:09:28 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2003/03/22 20:10:15 | 000,001,004 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2003/02/10 21:29:32 | 000,202,752 | ---- | C] () -- C:\WINDOWS\CDAC14BA.DLL
[2003/02/10 21:29:32 | 000,020,992 | ---- | C] () -- C:\WINDOWS\CDAC13BA.EXE
[2003/02/10 21:29:30 | 000,011,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\CdaC15BA.SYS
[2003/02/10 21:29:12 | 000,001,754 | ---- | C] () -- C:\WINDOWS\PERWIN02.INI
[2003/02/04 08:22:30 | 000,181,312 | ---- | C] () -- C:\WINDOWS\System32\ScsiAccess.EXE
[2002/05/16 16:44:21 | 000,000,372 | ---- | C] () -- C:\WINDOWS\KA.INI
[2002/04/21 09:15:32 | 000,065,536 | ---- | C] () -- C:\Documents and Settings\Keith Lawrence\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/04/08 16:26:39 | 000,000,856 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2002/04/08 16:25:33 | 000,000,510 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2002/03/20 18:40:00 | 000,000,920 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2002/02/18 19:07:21 | 000,001,599 | ---- | C] () -- C:\WINDOWS\PERWIN01.INI
[2002/01/09 19:37:51 | 000,000,035 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2001/12/28 03:36:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2001/12/28 03:31:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2001/12/28 03:28:47 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\saverrc.dll
[2001/12/28 03:27:35 | 000,000,312 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2001/12/28 03:27:35 | 000,000,269 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI
[2001/12/28 03:27:33 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2001/12/28 03:27:33 | 000,001,378 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2001/12/28 03:27:23 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2001/12/28 03:27:07 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2001/12/28 03:27:04 | 000,057,344 | ---- | C] () -- C:\WINDOWS\uninstBVRP.dll
[2001/12/28 03:25:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2001/12/28 03:23:51 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2001/12/28 02:51:40 | 000,000,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2001/08/18 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 08:00:00 | 000,432,778 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\System32\drivers\YWvinNfI.dll
[2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\System32\drivers\tVvuFKIG.exe
[2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\System32\RSpvYQc.exe
[2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\Rfvcua.exe
[2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\System32\drivers\qGdqKN.dll
[2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\System32\NOCmjH.exe
[2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\System32\drivers\NMvhKd.exe
[2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\LyrgHddPL.exe
[2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\System32\drivers\kltHFd.dll
[2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\System32\drivers\JbkgnWbQ.exe
[2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\System32\drivers\ivtNLBYuD.exe
[2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\System32\drivers\iagtj.dll
[2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\System32\drivers\hxaHeFXJ.dll
[2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\gNYYVAgre.exe
[2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\System32\drivers\FjjGa.dll
[2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\System32\drivers\cBgYH.exe
[2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\drivers\xDxALdsy.exe
[2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\tmcAbD.exe
[2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\drivers\TkyEJgbc.dll
[2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\tgatK.exe
[2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\drivers\stvySWgP.dll
[2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\ssTLEtQhy.exe
[2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\rLfAmtM.exe
[2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\drivers\rJrVlvqt.exe
[2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\REfgNhvH.exe
[2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\oTWWn.exe
[2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\NElodklu.exe
[2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\loXUYfRi.exe
[2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\drivers\lmACB.dll
[2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\kRWuT.exe
[2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\drivers\jvaDjuW.dll
[2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\JIKfetu.exe
[2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\iBkburqy.exe
[2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\fojPnE.exe
[2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\dEAyAPKev.exe
[2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\dcVhPoW.exe
[2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\BOkcLUhq.exe
[2001/08/18 08:00:00 | 000,067,734 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 08:00:00 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/08/10 14:14:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ImapiRoxPS.dll
[2001/08/06 14:41:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\Nhksrv.exe
[2000/09/08 16:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== LOP Check ==========

[2009/05/25 12:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2010/10/16 10:22:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/05/05 15:36:33 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\d4894a
[2008/12/28 21:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2009/01/07 19:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007/09/24 20:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2007/11/05 21:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/10/16 10:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/05/05 15:36:27 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\PSZMRG
[2006/04/06 19:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra Imaging
[2010/03/11 00:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/02/14 21:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/06/30 10:14:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/08/14 21:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Lawrence\Application Data\Auslogics
[2010/08/12 11:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Lawrence\Application Data\CheckPoint
[2008/12/28 21:08:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Lawrence\Application Data\GARMIN
[2006/04/06 19:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Lawrence\Application Data\InterTrust
[2007/09/24 20:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Lawrence\Application Data\iolo
[2009/05/08 20:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Lawrence\Application Data\Leadertech
[2006/11/07 20:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Lawrence\Application Data\OfficeUpdate12
[2008/02/14 21:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Lawrence\Application Data\TomTom
[2006/11/08 19:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Lawrence\Application Data\Uniblue
[2006/11/06 20:20:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Lawrence\Application Data\WinPatrol
[2010/06/24 12:17:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Keith Lawrence\Application Data\Xoxe

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 185 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >


aswMBR version 0.9.7.777 Copyright© 2011 AVAST Software
Run date: 2011-07-18 20:37:23
-----------------------------
20:37:23.375 OS Version: Windows 5.1.2600 Service Pack 3
20:37:23.375 Number of processors: 1 586 0x102
20:37:23.375 ComputerName: KEITH-M9FXN5D74 UserName: Keith Lawrence
20:37:23.828 Initialize success
20:37:47.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:37:47.812 Disk 0 Vendor: WDC_WD1600JB-00REA0 20.00K20 Size: 152627MB BusType: 3
20:37:47.828 Disk 0 MBR read successfully
20:37:47.828 Disk 0 MBR scan
20:37:47.828 Disk 0 Windows XP default MBR code
20:37:47.828 Disk 0 scanning sectors +268430085
20:37:47.875 Disk 0 scanning C:\WINDOWS\system32\drivers
20:38:01.781 File: C:\WINDOWS\system32\drivers\serial.sys **SUSPICIOUS**
20:38:05.656 Service scanning
20:38:06.984 Disk 0 trace - called modules:
20:38:06.984 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xf77e5890]<<
20:38:06.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x873dcab8]
20:38:06.984 3 CLASSPNP.SYS[f76affd7] -> nt!IofCallDriver -> [0x872c6f08]
20:38:06.984 \Driver\Disk[0x872c3578] -> IRP_MJ_CREATE -> 0xf77e5890
20:38:06.984 Scan finished successfully
20:38:41.843 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
20:38:41.937 The log file has been saved successfully to "F:\aswMBR 7-18-11.txt"


Thanks.
Keith

Attached Files

•  MBR.zip   499bytes   137 downloads

[michaelg9]

Hello,

It seems that you got a new nasty infection since your last visit here. Please try not to use your computer much for anything else apart from fixes until I tell you it's OK. Also it would be good to disconnect it from the internet when not using it.

Warning!!
You have an information stealing trojan installed on your computer.
Backdoor Trojans, IRCBots, keyloggers and Infostealers are very dangerous because they provide a way of accessing a computer system that bypasses security mechanisms and can steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, I suggest you do the following.

• All passwords should be changed to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed using a different computer and not the infected one. If you use the infected computer, an attacker may get the new passwords and transaction information.
  
• Banking and credit card institutions should be notified of the possible security breach.

Next:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  FF - prefs.js..extensions.enabledItems: {3A79CE83-F651-4E6B-866F-1C08B657CF13}:1.9.1
  FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3A79CE83-F651-4E6B-866F-1C08B657CF13}: C:\Documents and Settings\Keith Lawrence\Local Settings\Application Data\{3A79CE83-F651-4E6B-866F-1C08B657CF13} [2010/06/24 10:43:45 | 000,000,000 | ---D | M]
  [2011/05/13 10:25:03 | 000,000,000 | ---D | M] (ZoneAlarm Community Toolbar) -- C:\Documents and Settings\Keith Lawrence\Application Data\Mozilla\Firefox\Profiles\i5aydvc4.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
  [2010/06/24 10:43:45 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\KEITH LAWRENCE\LOCAL SETTINGS\APPLICATION DATA\{3A79CE83-F651-4E6B-866F-1C08B657CF13}
  O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
  O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)
  O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
  O3 - HKCU\..\Toolbar\ShellBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
  O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)
  O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
  O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
  O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
  O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
  O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
  O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
  O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
  O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
  O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
  [2011/07/01 19:20:10 | 000,452,608 | ---- | C] (R-Tools Technology Inc.) -- C:\Documents and Settings\All Users\Application Data\VDPLtsHLVdsd.exe
  [2011/04/07 13:18:29 | 000,548,864 | ---- | C] (GPA) -- C:\Documents and Settings\All Users\Application Data\wWrdTMJysnURH.exe
  [2010/03/13 10:53:43 | 000,891,248 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stb_all_9_40_cnet.exe
  [2010/03/10 23:59:16 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe
  [2010/03/09 19:42:48 | 003,012,768 | ---- | C] (Javacool Software LLC ) -- C:\Program Files\spywareblastersetup42.exe
  [2010/03/07 20:49:52 | 034,868,752 | ---- | C] (PC Tools ) -- C:\Program Files\sdsetup_aff.exe
  [2009/05/25 12:29:14 | 004,989,464 | ---- | C] (Auslogics Software Pty Ltd ) -- C:\Program Files\boost-speed-setup.exe
  [2009/02/27 22:08:32 | 002,869,536 | ---- | C] (Javacool Software LLC ) -- C:\Program Files\spywareblastersetup41.exe
  [2009/01/07 19:36:23 | 054,157,776 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_8_176a1399.exe
  [3 C:\Documents and Settings\Keith Lawrence\My Documents\*.tmp files -> C:\Documents and Settings\Keith Lawrence\My Documents\*.tmp -> ]
  [2011/07/01 22:09:55 | 000,016,174 | -HS- | M] () -- C:\Documents and Settings\Keith Lawrence\Local Settings\Application Data\031g7vv05gcak80b
  [2011/07/01 22:09:55 | 000,016,174 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\031g7vv05gcak80b
  [2011/07/01 19:45:01 | 000,352,256 | ---- | M] () -- C:\Documents and Settings\Keith Lawrence\Local Settings\Application Data\rpa.exe
  [2011/07/01 19:20:04 | 000,452,608 | ---- | M] (R-Tools Technology Inc.) -- C:\Documents and Settings\All Users\Application Data\VDPLtsHLVdsd.exe
  [3 C:\Documents and Settings\Keith Lawrence\My Documents\*.tmp files -> C:\Documents and Settings\Keith Lawrence\My Documents\*.tmp -> ]
  [2011/07/01 19:45:05 | 000,016,174 | -HS- | C] () -- C:\Documents and Settings\Keith Lawrence\Local Settings\Application Data\031g7vv05gcak80b
  [2011/07/01 19:45:05 | 000,016,174 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\031g7vv05gcak80b
  [2011/07/01 19:45:01 | 000,352,256 | ---- | C] () -- C:\Documents and Settings\Keith Lawrence\Local Settings\Application Data\rpa.exe
  [2010/06/24 10:43:50 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Iwakuvifukifuriz.dat
  [2010/06/24 10:43:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Mxevuyozewahatew.bin
  [2010/03/29 13:20:08 | 001,529,241 | ---- | C] () -- C:\Program Files\SDFix.exe
  [2010/03/07 20:33:07 | 000,154,657 | ---- | C] () -- C:\Program Files\tdsskiller.zip
  [2010/03/07 10:54:36 | 000,008,988 | -HS- | C] () -- C:\Documents and Settings\Keith Lawrence\Local Settings\Application Data\3b4272touB
  [2009/02/27 22:12:43 | 000,177,240 | ---- | C] () -- C:\Program Files\activescan2_en.exe
  [2009/02/27 22:10:30 | 000,680,960 | ---- | C] () -- C:\WINDOWS\is-JO5E9.exe
  [2009/02/22 21:19:10 | 000,000,000 | ---- | C] () -- C:\Program Files\Download_SD6.0.0.362h-sdregnow-sdsetup.exe
  [2009/02/22 13:54:06 | 000,000,544 | ---- | C] () -- C:\Program Files\dwpfix.reg
  [2009/02/22 10:22:32 | 000,267,152 | ---- | C] () -- C:\Program Files\zaSetup_en.exe
  [2006/10/31 08:09:12 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
  [2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\System32\drivers\YWvinNfI.dll
  [2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\System32\drivers\tVvuFKIG.exe
  [2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\System32\RSpvYQc.exe
  [2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\Rfvcua.exe
  [2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\System32\drivers\qGdqKN.dll
  [2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\System32\NOCmjH.exe
  [2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\System32\drivers\NMvhKd.exe
  [2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\LyrgHddPL.exe
  [2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\System32\drivers\kltHFd.dll
  [2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\System32\drivers\JbkgnWbQ.exe
  [2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\System32\drivers\ivtNLBYuD.exe
  [2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\System32\drivers\iagtj.dll
  [2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\System32\drivers\hxaHeFXJ.dll
  [2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\gNYYVAgre.exe
  [2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\System32\drivers\FjjGa.dll
  [2001/08/18 08:00:00 | 000,071,902 | ---- | C] () -- C:\WINDOWS\System32\drivers\cBgYH.exe
  [2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\drivers\xDxALdsy.exe
  [2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\tmcAbD.exe
  [2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\drivers\TkyEJgbc.dll
  [2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\tgatK.exe
  [2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\drivers\stvySWgP.dll
  [2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\ssTLEtQhy.exe
  [2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\rLfAmtM.exe
  [2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\drivers\rJrVlvqt.exe
  [2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\REfgNhvH.exe
  [2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\oTWWn.exe
  [2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\NElodklu.exe
  [2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\loXUYfRi.exe
  [2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\drivers\lmACB.dll
  [2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\kRWuT.exe
  [2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\drivers\jvaDjuW.dll
  [2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\JIKfetu.exe
  [2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\iBkburqy.exe
  [2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\System32\fojPnE.exe
  [2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\dEAyAPKev.exe
  [2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\dcVhPoW.exe
  [2001/08/18 08:00:00 | 000,071,279 | ---- | C] () -- C:\WINDOWS\BOkcLUhq.exe
  [2011/05/05 15:36:33 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\d4894a
  [2011/05/05 15:36:27 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\PSZMRG
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYFLASH]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again.
• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  /md5start
  serial.sys
  Sacm2A.sys
  libusb0.sys
  /md5stop
  C:\ABCD\*.* /s
  C:\WINDOWS\System32\drivers\*.dll
  C:\WINDOWS\System32\drivers\*.exe
  

• Click the Run Scan button. Post the two logs it produces in your next reply.

[KeithLawrence]

Michael,

I have only used the PC for these fixes and since it is unable to connect to the internet, I have been running these programs off of a thumbdrive. I will unplug the cable comnnection to make sure it is not connected "behind the scenes".

I'll jump on the new help when I get home from work tonight.

Thanks for the continued help!!!
Keith

[KeithLawrence]

All processes killed
========== OTL ==========
Prefs.js: {3A79CE83-F651-4E6B-866F-1C08B657CF13}:1.9.1 removed from extensions.enabledItems
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3A79CE83-F651-4E6B-866F-1C08B657CF13}: C:\Documents and Settings\Keith Lawrence\Local Settings\Application Data\{3A79CE83-F651-4E6B-866F-1C08B657CF13} not found.
C:\Documents and Settings\Keith Lawrence\Application Data\Mozilla\Firefox\Profiles\i5aydvc4.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\searchplugin folder moved successfully.
C:\Documents and Settings\Keith Lawrence\Application Data\Mozilla\Firefox\Profiles\i5aydvc4.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\META-INF folder moved successfully.
C:\Documents and Settings\Keith Lawrence\Application Data\Mozilla\Firefox\Profiles\i5aydvc4.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\lib folder moved successfully.
C:\Documents and Settings\Keith Lawrence\Application Data\Mozilla\Firefox\Profiles\i5aydvc4.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\defaults folder moved successfully.
C:\Documents and Settings\Keith Lawrence\Application Data\Mozilla\Firefox\Profiles\i5aydvc4.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components folder moved successfully.
C:\Documents and Settings\Keith Lawrence\Application Data\Mozilla\Firefox\Profiles\i5aydvc4.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\chrome folder moved successfully.
C:\Documents and Settings\Keith Lawrence\Application Data\Mozilla\Firefox\Profiles\i5aydvc4.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} folder moved successfully.
C:\DOCUMENTS AND SETTINGS\KEITH LAWRENCE\LOCAL SETTINGS\APPLICATION DATA\{3A79CE83-F651-4E6B-866F-1C08B657CF13}\chrome\content folder moved successfully.
C:\DOCUMENTS AND SETTINGS\KEITH LAWRENCE\LOCAL SETTINGS\APPLICATION DATA\{3A79CE83-F651-4E6B-866F-1C08B657CF13}\chrome folder moved successfully.
C:\DOCUMENTS AND SETTINGS\KEITH LAWRENCE\LOCAL SETTINGS\APPLICATION DATA\{3A79CE83-F651-4E6B-866F-1C08B657CF13} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}\ deleted successfully.
C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\ deleted successfully.
C:\Program Files\ZoneAlarm\tbZone.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA}\ deleted successfully.
File C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}\ not found.
File C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}\ not found.
File C:\Program Files\ZoneAlarm\tbZone.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}\ not found.
File C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDesktop deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\All Users\Application Data\VDPLtsHLVdsd.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\wWrdTMJysnURH.exe moved successfully.
C:\Program Files\avg_free_stb_all_9_40_cnet.exe moved successfully.
C:\Program Files\mbam-setup.exe moved successfully.
C:\Program Files\spywareblastersetup42.exe moved successfully.
File move failed. C:\Program Files\sdsetup_aff.exe scheduled to be moved on reboot.
C:\Program Files\boost-speed-setup.exe moved successfully.
C:\Program Files\spywareblastersetup41.exe moved successfully.
File move failed. C:\Program Files\avg_free_stf_en_8_176a1399.exe scheduled to be moved on reboot.
C:\Documents and Settings\Keith Lawrence\My Documents\~WRL1943.tmp deleted successfully.
C:\Documents and Settings\Keith Lawrence\My Documents\~WRL2832.tmp deleted successfully.
C:\Documents and Settings\Keith Lawrence\My Documents\~WRL3148.tmp deleted successfully.
C:\Documents and Settings\Keith Lawrence\Local Settings\Application Data\031g7vv05gcak80b moved successfully.
C:\Documents and Settings\All Users\Application Data\031g7vv05gcak80b moved successfully.
C:\Documents and Settings\Keith Lawrence\Local Settings\Application Data\rpa.exe moved successfully.
File C:\Documents and Settings\All Users\Application Data\VDPLtsHLVdsd.exe not found.
File C:\Documents and Settings\Keith Lawrence\Local Settings\Application Data\031g7vv05gcak80b not found.
File C:\Documents and Settings\All Users\Application Data\031g7vv05gcak80b not found.
File C:\Documents and Settings\Keith Lawrence\Local Settings\Application Data\rpa.exe not found.
C:\WINDOWS\Iwakuvifukifuriz.dat moved successfully.
C:\WINDOWS\Mxevuyozewahatew.bin moved successfully.
C:\Program Files\SDFix.exe moved successfully.
C:\Program Files\tdsskiller.zip moved successfully.
C:\Documents and Settings\Keith Lawrence\Local Settings\Application Data\3b4272touB moved successfully.
C:\Program Files\activescan2_en.exe moved successfully.
C:\WINDOWS\is-JO5E9.exe moved successfully.
C:\Program Files\Download_SD6.0.0.362h-sdregnow-sdsetup.exe moved successfully.
C:\Program Files\dwpfix.reg moved successfully.
C:\Program Files\zaSetup_en.exe moved successfully.
C:\WINDOWS\jautoexp.dat moved successfully.
C:\WINDOWS\system32\drivers\YWvinNfI.dll moved successfully.
C:\WINDOWS\system32\drivers\tVvuFKIG.exe moved successfully.
C:\WINDOWS\system32\RSpvYQc.exe moved successfully.
C:\WINDOWS\Rfvcua.exe moved successfully.
C:\WINDOWS\system32\drivers\qGdqKN.dll moved successfully.
C:\WINDOWS\system32\NOCmjH.exe moved successfully.
C:\WINDOWS\system32\drivers\NMvhKd.exe moved successfully.
C:\WINDOWS\LyrgHddPL.exe moved successfully.
C:\WINDOWS\system32\drivers\kltHFd.dll moved successfully.
C:\WINDOWS\system32\drivers\JbkgnWbQ.exe moved successfully.
C:\WINDOWS\system32\drivers\ivtNLBYuD.exe moved successfully.
C:\WINDOWS\system32\drivers\iagtj.dll moved successfully.
C:\WINDOWS\system32\drivers\hxaHeFXJ.dll moved successfully.
C:\WINDOWS\gNYYVAgre.exe moved successfully.
C:\WINDOWS\system32\drivers\FjjGa.dll moved successfully.
C:\WINDOWS\system32\drivers\cBgYH.exe moved successfully.
C:\WINDOWS\system32\drivers\xDxALdsy.exe moved successfully.
C:\WINDOWS\tmcAbD.exe moved successfully.
C:\WINDOWS\system32\drivers\TkyEJgbc.dll moved successfully.
C:\WINDOWS\system32\tgatK.exe moved successfully.
C:\WINDOWS\system32\drivers\stvySWgP.dll moved successfully.
C:\WINDOWS\system32\ssTLEtQhy.exe moved successfully.
C:\WINDOWS\rLfAmtM.exe moved successfully.
C:\WINDOWS\system32\drivers\rJrVlvqt.exe moved successfully.
C:\WINDOWS\system32\REfgNhvH.exe moved successfully.
C:\WINDOWS\oTWWn.exe moved successfully.
C:\WINDOWS\system32\NElodklu.exe moved successfully.
C:\WINDOWS\system32\loXUYfRi.exe moved successfully.
C:\WINDOWS\system32\drivers\lmACB.dll moved successfully.
C:\WINDOWS\system32\kRWuT.exe moved successfully.
C:\WINDOWS\system32\drivers\jvaDjuW.dll moved successfully.
C:\WINDOWS\system32\JIKfetu.exe moved successfully.
C:\WINDOWS\iBkburqy.exe moved successfully.
C:\WINDOWS\system32\fojPnE.exe moved successfully.
C:\WINDOWS\dEAyAPKev.exe moved successfully.
C:\WINDOWS\dcVhPoW.exe moved successfully.
C:\WINDOWS\BOkcLUhq.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\d4894a\Quarantine Items folder moved successfully.
C:\Documents and Settings\All Users\Application Data\d4894a\PSGSys folder moved successfully.
C:\Documents and Settings\All Users\Application Data\d4894a folder moved successfully.
C:\Documents and Settings\All Users\Application Data\PSZMRG folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Denise Lawrence
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Keith Lawrence
->Temp folder emptied: 1064322 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Mike
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mike Lawrence
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Owner
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Sean
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Sean Lawrence
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Denise Lawrence

User: Keith Lawrence
->Flash cache emptied: 0 bytes

User: LocalService

User: Mike
->Flash cache emptied: 0 bytes

User: Mike Lawrence

User: NetworkService

User: Owner

User: Sean
->Flash cache emptied: 0 bytes

User: Sean Lawrence

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 07192011_222748

Files\Folders moved on Reboot...
File move failed. C:\Program Files\sdsetup_aff.exe scheduled to be moved on reboot.
File move failed. C:\Program Files\avg_free_stf_en_8_176a1399.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...



OTL logfile created on: 7/19/2011 10:39:55 PM - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = F:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.01 Mb Total Physical Memory | 652.91 Mb Available Physical Memory | 63.82% Memory free
1.39 Gb Paging File | 1.14 Gb Available in Paging File | 81.44% Paging File free
Paging file location(s): C:\pagefile.sys 500 1000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 128.00 Gb Total Space | 73.74 Gb Free Space | 57.61% Space Free | Partition Type: NTFS
Drive F: | 60.73 Mb Total Space | 12.90 Mb Free Space | 21.25% Space Free | Partition Type: FAT

Computer Name: KEITH-M9FXN5D74 | User Name: Keith Lawrence | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/10 08:14:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/08/24 05:38:16 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/06/23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/05/26 09:35:14 | 000,730,600 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2009/03/16 14:54:50 | 000,362,096 | ---- | M] (Auslogics) -- C:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/31 15:55:42 | 000,098,304 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/03/09 21:50:18 | 000,020,992 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe
PRC - [2003/08/29 20:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 12:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
PRC - [2003/06/18 09:54:10 | 000,296,960 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe


========== Modules (SafeList) ==========

MOD - [2011/07/10 08:14:48 | 000,579,584 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (COMServer)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/09/01 15:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Start_Pending] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/05/26 09:35:18 | 000,493,032 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2007/01/31 15:55:42 | 000,098,304 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/03/09 21:50:18 | 000,020,992 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd)
SRV - [2003/06/18 09:54:10 | 000,296,960 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)


========== Driver Services (SafeList) ==========

DRV - [2011/07/02 00:02:51 | 000,295,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa)
DRV - [2010/05/26 09:35:10 | 000,026,352 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/09/29 18:47:18 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/05/05 22:30:40 | 000,104,704 | R--- | M] (Dynex ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2006/08/24 19:53:09 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/03/09 15:50:20 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2004/08/04 00:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/06/09 19:42:38 | 000,015,429 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sacm2A.sys -- (USBCM)
DRV - [2003/06/18 09:53:08 | 000,138,485 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2003/06/18 09:53:08 | 000,063,002 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2003/06/18 09:53:08 | 000,061,568 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2003/06/18 09:53:08 | 000,038,997 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2003/06/18 09:53:08 | 000,036,826 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2003/06/18 09:53:08 | 000,008,058 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2001/08/17 09:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/08/17 08:48:52 | 000,281,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mpaa.sys -- (ati2mpaa)
DRV - [2001/08/09 16:25:22 | 000,022,608 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wandrv.sys -- (wandrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/"
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.ftp: ":0"
FF - prefs.js..network.proxy.gopher: ":0"
FF - prefs.js..network.proxy.http: ":0"
FF - prefs.js..network.proxy.no_proxies_on: "localhost"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: ":0"
FF - prefs.js..network.proxy.ssl: ":0"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=7: C:\Program Files\Google\Google Updater\1.4.681.27779\npCIDetect7.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3A79CE83-F651-4E6B-866F-1C08B657CF13}: C:\Documents and Settings\Keith Lawrence\Local Settings\Application Data\{3A79CE83-F651-4E6B-866F-1C08B657CF13}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/02/07 09:30:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/29 14:47:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/29 14:47:52 | 000,000,000 | ---D | M]

[2009/01/10 10:30:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Keith Lawrence\Application Data\Mozilla\Extensions
[2008/05/01 19:37:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Keith Lawrence\Application Data\Mozilla\Extensions\[email protected]
[2011/07/10 12:22:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Keith Lawrence\Application Data\Mozilla\Firefox\Profiles\i5aydvc4.default\extensions
[2010/05/25 09:34:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Keith Lawrence\Application Data\Mozilla\Firefox\Profiles\i5aydvc4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/15 13:03:30 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Keith Lawrence\Application Data\Mozilla\Firefox\Profiles\i5aydvc4.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/07/10 12:22:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/16 23:42:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KEITH LAWRENCE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\I5AYDVC4.DEFAULT\EXTENSIONS\{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\KEITH LAWRENCE\LOCAL SETTINGS\APPLICATION DATA\{3A79CE83-F651-4E6B-866F-1C08B657CF13}
[2011/02/07 09:30:07 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
[2010/09/16 23:41:41 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/09/16 23:41:41 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/12/25 22:24:10 | 000,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\mozilla firefox\plugins\NPZoneSB.dll

O1 HOSTS File: ([2011/07/19 22:29:35 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - File not found
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - File not found
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - File not found
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Auslogics BoostSpeed 4] C:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe (Auslogics)
O4 - HKCU..\Run: [Microsoft Works Update Detection] File not found
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\Keith Lawrence\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://www.kaspersky...can_unicode.cab (CKAVWebScan Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1162857106687 (MUWebControl Class)
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} http://mediaplayer.w...ler/install.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} http://support.f-sec.../ols3/fscax.cab (F-Secure Online Scanner 3.0)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,26/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Keith Lawrence\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/06 19:25:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{581c3128-db29-11dc-9747-0016b521fd25}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/13 23:21:31 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/07/13 22:43:19 | 004,149,767 | R--- | C] (Swearware) -- C:\ComboFix.exe
[2011/07/02 00:28:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/07/02 00:28:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/07/02 00:28:05 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/07/02 00:28:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/07/02 00:27:55 | 000,000,000 | --SD | C] -- C:\ABCD
[2011/07/02 00:05:27 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/07/01 19:20:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Keith Lawrence\Recent
[2010/03/07 20:49:52 | 034,868,752 | ---- | C] (PC Tools ) -- C:\Program Files\sdsetup_aff.exe
[2009/01/07 19:36:23 | 054,157,776 | ---- | C] (AVG Technologies) -- C:\Program Files\avg_free_stf_en_8_176a1399.exe
[2008/10/15 14:27:09 | 000,015,429 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\Sacm2A.sys

========== Files - Modified Within 30 Days ==========

[2011/07/19 22:43:00 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job
[2011/07/19 22:33:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/19 22:29:35 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/19 22:21:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/13 08:37:48 | 004,149,767 | R--- | M] (Swearware) -- C:\ComboFix.exe
[2011/07/02 14:51:58 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/02 00:02:51 | 000,295,168 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2011/06/29 10:38:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/26 15:37:58 | 000,000,441 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics

========== Files Created - No Company Name ==========

[2011/07/02 00:46:30 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/02 00:28:05 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/07/02 00:28:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/07/02 00:28:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/07/02 00:28:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/07/01 22:22:57 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Streets & Trips 2002.lnk
[2011/07/01 22:22:57 | 000,001,934 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Money 2002.lnk
[2011/07/01 22:22:57 | 000,001,853 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN Explorer.lnk
[2011/07/01 22:22:57 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/07/01 22:22:57 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk
[2011/07/01 22:22:57 | 000,001,687 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Solution Center.lnk
[2011/07/01 22:22:57 | 000,001,549 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works.lnk
[2011/07/01 22:22:57 | 000,001,535 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Picture It! Photo 2002.lnk
[2011/07/01 22:22:57 | 000,000,888 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat Reader 5.0.lnk
[2011/07/01 22:22:57 | 000,000,453 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\DellTouch.lnk
[2011/07/01 20:35:59 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/03/01 13:42:44 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Keith Lawrence\Local Settings\Application Data\d3d9caps.dat
[2010/11/25 12:01:34 | 000,045,540 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/03 13:26:59 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/03/24 19:16:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Keith Lawrence\Local Settings\Application Data\prvlcl.dat
[2009/05/08 20:40:57 | 000,063,730 | ---- | C] () -- C:\Program Files\viewsonicinstruct_xp.pdf
[2009/05/08 20:40:29 | 000,000,088 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2009/02/12 19:07:55 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/10/15 14:27:10 | 000,053,693 | R--- | C] () -- C:\WINDOWS\UNDPX2A.sys
[2008/10/15 14:27:09 | 000,135,168 | R--- | C] () -- C:\WINDOWS\UNDPX2A.exe
[2008/03/31 20:47:30 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\keydb.dll
[2008/03/31 20:47:29 | 000,302,592 | ---- | C] () -- C:\WINDOWS\System32\pgp.dll
[2008/03/31 20:47:29 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\simple.dll
[2008/03/31 20:47:29 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\bn.dll
[2007/12/30 17:01:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/03/22 19:53:18 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/24 19:59:49 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
[2006/11/05 10:12:40 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/11/04 10:03:46 | 000,001,168 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/11/01 10:59:47 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/11/01 10:37:32 | 000,004,212 | ---- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/11/01 10:30:59 | 000,021,312 | ---- | C] () -- C:\WINDOWS\choice.exe
[2006/11/01 01:15:38 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/10/31 08:37:14 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/10/24 18:34:53 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Keith Lawrence.ini
[2006/04/06 21:39:51 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/06 19:28:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/04/06 19:22:31 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/04/06 15:15:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/04/06 15:14:13 | 000,225,616 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/10/29 09:52:37 | 000,000,001 | ---- | C] () -- C:\WINDOWS\twainx.bin
[2005/10/02 15:00:48 | 001,138,643 | ---- | C] () -- C:\Program Files\CVS Camcorder Quickinstall v2.13.exe
[2005/08/09 12:53:27 | 000,000,001 | ---- | C] () -- C:\WINDOWS\imsins_.bin
[2005/03/19 14:04:55 | 000,000,002 | ---- | C] () -- C:\WINDOWS\twain.bin
[2005/02/12 15:02:36 | 000,001,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\papyjoy.sys
[2005/02/12 15:02:35 | 000,001,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\papycpu.sys
[2004/12/20 10:08:28 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 10:03:26 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/01/24 09:37:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2004/01/24 09:25:54 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5c.DLL
[2003/12/25 10:01:04 | 000,000,838 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2003/12/02 19:45:55 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/09/06 08:09:28 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2003/03/22 20:10:15 | 000,001,004 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2003/02/10 21:29:32 | 000,202,752 | ---- | C] () -- C:\WINDOWS\CDAC14BA.DLL
[2003/02/10 21:29:32 | 000,020,992 | ---- | C] () -- C:\WINDOWS\CDAC13BA.EXE
[2003/02/10 21:29:30 | 000,011,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\CdaC15BA.SYS
[2003/02/10 21:29:12 | 000,001,754 | ---- | C] () -- C:\WINDOWS\PERWIN02.INI
[2003/02/04 08:22:30 | 000,181,312 | ---- | C] () -- C:\WINDOWS\System32\ScsiAccess.EXE
[2002/05/16 16:44:21 | 000,000,372 | ---- | C] () -- C:\WINDOWS\KA.INI
[2002/04/21 09:15:32 | 000,065,536 | ---- | C] () -- C:\Documents and Settings\Keith Lawrence\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/04/08 16:26:39 | 000,000,856 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2002/04/08 16:25:33 | 000,000,510 | ---- | C] () -- C:\WINDOWS\EReg515.dat
[2002/03/20 18:40:00 | 000,000,920 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2002/02/18 19:07:21 | 000,001,599 | ---- | C] () -- C:\WINDOWS\PERWIN01.INI
[2002/01/09 19:37:51 | 000,000,035 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2001/12/28 03:36:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2001/12/28 03:31:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2001/12/28 03:28:47 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\saverrc.dll
[2001/12/28 03:27:35 | 000,000,312 | ---- | C] () -- C:\WINDOWS\MMKEYBD.INI
[2001/12/28 03:27:35 | 000,000,269 | ---- | C] () -- C:\WINDOWS\MSIOSD.INI
[2001/12/28 03:27:33 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\msiosd32.dll
[2001/12/28 03:27:33 | 000,001,378 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2001/12/28 03:27:23 | 000,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2001/12/28 03:27:07 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2001/12/28 03:27:04 | 000,057,344 | ---- | C] () -- C:\WINDOWS\uninstBVRP.dll
[2001/12/28 03:25:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2001/12/28 03:23:51 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2001/12/28 02:51:40 | 000,000,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2001/08/18 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 08:00:00 | 000,432,778 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 08:00:00 | 000,067,734 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 08:00:00 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/08/10 14:14:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ImapiRoxPS.dll
[2001/08/06 14:41:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\Nhksrv.exe
[2000/09/08 16:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1997/11/17 17:13:16 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

========== Custom Scans ==========



< MD5 for: LIBUSB0.SYS >
[2005/03/09 15:50:20 | 000,033,792 | ---- | M] () MD5=E2F1DCF4A68CC6CF694FBFBA1842F4CD -- C:\Program Files\CamcorderKit020\Drivers\libusb-win32-device-bin-0.1.10.1\bin\libusb0.sys
[2005/03/09 15:50:20 | 000,033,792 | ---- | M] () MD5=E2F1DCF4A68CC6CF694FBFBA1842F4CD -- C:\Program Files\CVS Camcorder Quickinstall 2.13\libusb-win32-device-bin-0.1.10.1\bin\libusb0.sys
[2005/03/09 16:50:20 | 000,033,792 | ---- | M] () MD5=E2F1DCF4A68CC6CF694FBFBA1842F4CD -- C:\Program Files\LibUSB-Win32-0.1.10.1\libusb-win32-device-bin-0.1.10.1\libusb-win32-device-bin-0.1.10.1\bin\libusb0.sys
[2005/03/09 15:50:20 | 000,033,792 | ---- | M] () MD5=E2F1DCF4A68CC6CF694FBFBA1842F4CD -- C:\WINDOWS\system32\drivers\libusb0.sys

< MD5 for: SACM2A.SYS >
[2004/06/09 19:42:38 | 000,015,429 | R--- | M] ( ) MD5=D21CDE1C635BCC5053463579EEE453CF -- C:\WINDOWS\system32\drivers\Sacm2A.sys

< MD5 for: SERIAL.SYS >
[2006/11/01 01:19:30 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:serial.sys
[2006/11/06 23:05:58 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:serial.sys
[2008/09/22 08:17:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:serial.sys
[2006/11/01 01:19:30 | 012,091,533 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:serial.sys
[2006/11/06 23:05:58 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:serial.sys
[2008/09/22 08:17:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:serial.sys
[2001/08/18 08:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=1A315877D2EFCC2D0FF892D6BDB845B5 -- C:\Boot Files\C_\WINDOWS\SYSTEM32\DRIVERS\SERIAL.SYS
[2001/08/18 08:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=1A315877D2EFCC2D0FF892D6BDB845B5 -- C:\I386\SERIAL.SYS
[2008/04/13 15:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) MD5=CCA207A8896D4C6A0C9CE29A4AE411A7 -- C:\WINDOWS\ServicePackFiles\i386\serial.sys
[2011/07/01 23:58:13 | 000,064,512 | ---- | M] (Microsoft Corporation) MD5=CCA207A8896D4C6A0C9CE29A4AE411A7 -- C:\WINDOWS\system32\drivers\serial.sys
[2004/08/04 02:15:52 | 000,064,896 | ---- | M] (Microsoft Corporation) MD5=CD9404D115A00D249F70A371B46D5A26 -- C:\WINDOWS\$NtServicePackUninstall$\serial.sys

< C:\ABCD\*.* /s >
[2011/07/02 00:28:04 | 000,052,784 | ---- | M] () -- C:\ABCD\023.dat
[2010/11/26 15:07:20 | 000,002,181 | ---- | M] () -- C:\ABCD\023v.dat
[2010/02/12 13:55:28 | 000,000,660 | ---- | M] () -- C:\ABCD\023w7.dat
[2011/07/02 00:28:22 | 000,000,237 | ---- | M] () -- C:\ABCD\AppData.folder.dat
[2000/08/30 20:00:00 | 000,006,760 | ---- | M] () -- C:\ABCD\appinit.bad
[2009/07/13 11:09:30 | 000,000,602 | ---- | M] () -- C:\ABCD\asp.str
[2010/04/15 10:11:36 | 000,004,144 | ---- | M] () -- C:\ABCD\Assoc.cmd
[2011/07/02 00:28:28 | 000,039,748 | ---- | M] () -- C:\ABCD\attr.dat
[2008/04/13 20:12:12 | 000,012,288 | R--- | M] () -- C:\ABCD\ATTRIB.cfxxe
[2011/07/02 00:28:39 | 000,016,534 | ---- | M] () -- C:\ABCD\autorun_inf.dat
[2011/07/02 00:28:39 | 000,003,257 | ---- | M] () -- C:\ABCD\autorun_infB.dat
[2011/06/27 22:39:32 | 000,004,476 | ---- | M] () -- C:\ABCD\av.cmd
[2010/12/15 11:02:04 | 000,002,933 | ---- | M] () -- C:\ABCD\av.vbs
[2011/06/26 11:15:58 | 000,000,666 | ---- | M] () -- C:\ABCD\AWF.cmd
[2011/07/02 00:28:05 | 000,000,000 | ---- | M] () -- C:\ABCD\badclsid
[2011/06/10 12:01:50 | 000,005,024 | ---- | M] () -- C:\ABCD\Boot-Rk.cmd
[2011/05/30 12:39:20 | 000,008,412 | ---- | M] () -- C:\ABCD\Boot.bat
[2010/07/27 04:55:16 | 000,000,875 | ---- | M] () -- C:\ABCD\BootDrv.vbs
[2011/07/02 00:28:39 | 000,000,752 | ---- | M] () -- C:\ABCD\borlander_file.dat
[2011/07/02 00:28:39 | 000,000,242 | ---- | M] () -- C:\ABCD\borlander_folder.dat
[2011/06/28 19:08:50 | 000,062,820 | ---- | M] () -- C:\ABCD\c.bat
[2011/07/02 00:27:57 | 000,000,000 | ---- | M] () -- C:\ABCD\c.mrk
[2011/07/02 00:28:22 | 000,000,332 | ---- | M] () -- C:\ABCD\Cache.folder.dat
[2010/10/21 04:45:48 | 000,001,080 | ---- | M] () -- C:\ABCD\Catch-sub.cmd
[2009/04/17 05:37:10 | 000,147,456 | R--- | M] () -- C:\ABCD\catchme.cfxxe
[2011/07/02 00:27:57 | 000,000,094 | ---- | M] () -- C:\ABCD\CCS.bat
[2011/06/26 11:17:16 | 000,030,027 | ---- | M] () -- C:\ABCD\CF-Script.cmd
[2011/07/02 00:27:44 | 000,389,120 | R--- | M] () -- C:\ABCD\CF21197.cfxxe
[2011/07/02 00:28:46 | 000,008,192 | ---- | M] () -- C:\ABCD\cfdummy
[2011/07/02 00:28:39 | 004,476,317 | ---- | M] () -- C:\ABCD\Cfiles.dat
[2011/07/02 00:28:38 | 000,877,288 | ---- | M] () -- C:\ABCD\Cfolders.dat
[2011/07/02 00:27:49 | 000,000,019 | ---- | M] () -- C:\ABCD\CHCP.bat
[2011/07/02 00:28:40 | 000,861,514 | ---- | M] () -- C:\ABCD\ClistB.dat
[2011/07/01 15:26:24 | 000,268,592 | ---- | M] () -- C:\ABCD\clsid.c
[2011/07/02 00:28:05 | 000,000,000 | ---- | M] () -- C:\ABCD\clsid.dat
[2011/07/02 00:28:07 | 005,017,600 | ---- | M] () -- C:\ABCD\clsid.hiv
[2011/07/02 00:27:44 | 000,389,120 | ---- | M] () -- C:\ABCD\cmd.cfxxe
[2010/08/19 11:16:34 | 000,001,024 | ---- | M] () -- C:\ABCD\Combo-Fix.sys
[2011/06/03 05:38:18 | 000,007,725 | ---- | M] () -- C:\ABCD\Combobatch.bat
[2000/08/30 20:00:00 | 000,236,032 | R--- | M] () -- C:\ABCD\ComboFix-Download.cfxxe
[2011/07/02 00:28:24 | 000,003,692 | ---- | M] () -- C:\ABCD\ConEnv.sed
[2011/07/02 00:28:22 | 000,000,154 | ---- | M] () -- C:\ABCD\Cookies.folder.dat
[2011/06/26 11:26:26 | 000,018,983 | ---- | M] () -- C:\ABCD\Create.cmd
[2011/07/01 07:49:28 | 000,557,865 | ---- | M] () -- C:\ABCD\Creg.dat
[2011/05/07 07:01:04 | 000,003,697 | ---- | M] () -- C:\ABCD\CregC.cmd
[2010/04/17 05:21:48 | 000,000,472 | ---- | M] () -- C:\ABCD\CregC.dat
[2011/07/02 00:28:11 | 000,000,971 | ---- | M] () -- C:\ABCD\CregC_.dat
[2008/05/07 05:07:23 | 000,135,168 | R--- | M] () -- C:\ABCD\CSCRIPT.cfxxe
[2011/06/03 05:43:34 | 000,001,723 | ---- | M] () -- C:\ABCD\CSet.cmd
[2011/07/02 00:28:02 | 000,000,000 | ---- | M] () -- C:\ABCD\d-delA.dat
[2011/07/02 00:28:46 | 000,000,000 | ---- | M] () -- C:\ABCD\d-del_A.dat
[2011/06/06 05:52:50 | 000,101,376 | R--- | M] () -- C:\ABCD\dd.cfxxe
[2009/05/24 21:59:50 | 000,007,983 | ---- | M] () -- C:\ABCD\ddsDo.sed
[2011/05/07 07:25:14 | 000,001,948 | ---- | M] () -- C:\ABCD\DelClsid.bat
[2011/07/02 00:28:22 | 000,000,099 | ---- | M] () -- C:\ABCD\Desktop.folder.dat
[2011/07/02 00:27:57 | 000,000,113 | ---- | M] () -- C:\ABCD\desktop.ini
[2011/07/02 00:27:47 | 000,000,006 | ---- | M] () -- C:\ABCD\DisclaimED.dat
[2011/07/02 00:28:27 | 000,003,193 | ---- | M] () -- C:\ABCD\dll_whitelist.dat
[2011/07/02 00:28:27 | 000,020,472 | ---- | M] () -- C:\ABCD\dnd.dat
[2000/08/30 20:00:00 | 000,000,746 | ---- | M] () -- C:\ABCD\DPF.str
[2011/07/02 00:28:46 | 000,000,000 | ---- | M] () -- C:\ABCD\Drive.folder.dat
[2011/07/02 00:28:39 | 000,000,054 | ---- | M] () -- C:\ABCD\DriveFile.dat
[2011/07/02 00:28:46 | 000,000,000 | ---- | M] () -- C:\ABCD\Drives.dat
[2010/04/18 14:44:24 | 000,000,650 | ---- | M] () -- C:\ABCD\DrvRun.vbs
[2000/08/30 20:00:00 | 000,051,200 | R--- | M] () -- C:\ABCD\dumphive.cfxxe
[2000/08/30 20:00:00 | 000,000,303 | ---- | M] () -- C:\ABCD\embedded.sed
[2011/07/02 00:28:28 | 000,000,611 | ---- | M] () -- C:\ABCD\Env.sed
[2005/10/20 08:02:28 | 000,163,328 | ---- | M] () -- C:\ABCD\ERDNT.e_e
[2000/08/30 20:00:00 | 000,002,815 | ---- | M] () -- C:\ABCD\ERDNTDOS.LOC
[2000/08/30 20:00:00 | 000,003,275 | ---- | M] () -- C:\ABCD\ERDNTWIN.LOC
[2005/10/20 08:00:28 | 000,394,752 | R--- | M] () -- C:\ABCD\ERUNT.cfxxe
[2011/07/02 00:27:57 | 000,000,010 | ---- | M] () -- C:\ABCD\erunt.dat
[2000/08/30 20:00:00 | 000,004,090 | ---- | M] () -- C:\ABCD\ERUNT.LOC
[2011/05/13 14:56:48 | 000,015,016 | ---- | M] () -- C:\ABCD\Exe.reg
[2000/08/30 20:00:00 | 000,052,736 | R--- | M] () -- C:\ABCD\extract.cfxxe
[2011/07/02 00:28:22 | 000,000,155 | ---- | M] () -- C:\ABCD\Favorites.folder.dat
[2011/06/26 11:27:04 | 000,009,074 | ---- | M] () -- C:\ABCD\FD-SV.cmd
[2010/08/29 16:45:48 | 000,038,901 | ---- | M] () -- C:\ABCD\ffdefstr.dll
[2000/08/30 20:00:00 | 000,145,920 | R--- | M] () -- C:\ABCD\FileKill.cfxxe
[2011/07/01 15:26:24 | 000,003,186 | ---- | M] () -- C:\ABCD\files.pif
[2010/08/09 16:32:44 | 000,000,677 | ---- | M] () -- C:\ABCD\Fin.dat
[2011/06/26 11:29:46 | 000,034,183 | ---- | M] () -- C:\ABCD\FIND3M.bat
[2011/06/09 14:54:56 | 000,005,926 | ---- | M] () -- C:\ABCD\FIXLSP.bat
[2011/06/26 11:29:58 | 000,001,088 | ---- | M] () -- C:\ABCD\FKMGen.cmd
[2011/07/02 00:28:00 | 000,000,880 | ---- | M] () -- C:\ABCD\ForeignWht
[2011/07/02 00:28:19 | 000,000,000 | ---- | M] () -- C:\ABCD\f_system
[2011/07/02 00:28:25 | 000,000,000 | ---- | M] () -- C:\ABCD\Gateway
[2011/06/03 05:43:34 | 000,006,090 | ---- | M] () -- C:\ABCD\GetHive.cmd
[2011/07/02 00:28:39 | 000,016,089 | ---- | M] () -- C:\ABCD\GOLDUN.DAT
[2000/08/30 20:00:00 | 000,080,412 | R--- | M] () -- C:\ABCD\grep.cfxxe
[2000/08/30 20:00:00 | 000,015,360 | R--- | M] () -- C:\ABCD\gsar.cfxxe
[2008/11/18 01:15:14 | 000,417,136 | R--- | M] () -- C:\ABCD\handle.cfxxe
[2008/12/11 08:11:44 | 000,015,872 | R--- | M] () -- C:\ABCD\HDPEInfo.cfxxe
[2005/08/15 13:54:58 | 000,001,536 | R--- | M] () -- C:\ABCD\hidec.cfxxe
[2009/10/20 05:25:36 | 000,000,954 | ---- | M] () -- C:\ABCD\history.bat
[2011/07/02 00:28:22 | 000,000,199 | ---- | M] () -- C:\ABCD\History.folder.dat
[2009/04/20 00:56:28 | 000,060,416 | ---- | M] () -- C:\ABCD\iexplore.exe
[2000/08/30 20:00:00 | 000,001,057 | ---- | M] () -- C:\ABCD\image001.gif
[2010/09/04 19:07:30 | 000,000,224 | ---- | M] () -- C:\ABCD\Imefile.dat
[2011/03/08 21:49:06 | 000,001,374 | ---- | M] () -- C:\ABCD\katch.cmd
[2011/07/02 00:28:52 | 000,000,248 | ---- | M] () -- C:\ABCD\katchNT-OS
[2011/07/02 00:28:08 | 000,000,000 | ---- | M] () -- C:\ABCD\Keith Lawrence.user.cf
[2011/06/03 05:43:34 | 000,001,896 | ---- | M] () -- C:\ABCD\Kill-All.cmd
[2011/07/02 00:27:57 | 000,000,015 | ---- | M] () -- C:\ABCD\kmd.dat
[2011/06/29 14:38:30 | 000,250,104 | ---- | M] () -- C:\ABCD\Lang.bat
[2011/06/28 13:49:36 | 000,020,848 | ---- | M] () -- C:\ABCD\List-B.bat
[2011/06/30 10:47:50 | 000,251,375 | ---- | M] () -- C:\ABCD\List-C.bat
[2010/12/15 13:49:00 | 000,003,246 | ---- | M] () -- C:\ABCD\lnkread.vbs
[2011/07/02 00:28:22 | 000,000,226 | ---- | M] () -- C:\ABCD\LocalAppData.folder.dat
[2000/08/30 20:00:00 | 000,000,225 | ---- | M] () -- C:\ABCD\LocalService.dat
[2000/08/30 20:00:00 | 000,000,091 | ---- | M] () -- C:\ABCD\LocalServiceNetworkRestricted.dat
[2011/07/02 00:28:22 | 000,000,234 | ---- | M] () -- C:\ABCD\LocalSettings.folder.dat
[2000/08/30 20:00:00 | 000,000,198 | ---- | M] () -- C:\ABCD\LocalSystemNetworkRestricted.dat
[2009/10/24 18:11:34 | 000,184,320 | R--- | M] () -- C:\ABCD\mbr.cfxxe
[2010/08/28 23:30:24 | 000,002,141 | ---- | M] () -- C:\ABCD\mbr.chk
[2011/07/01 15:26:24 | 000,006,630 | ---- | M] () -- C:\ABCD\md5sum.pif
[2011/05/06 16:57:06 | 000,002,856 | ---- | M] () -- C:\ABCD\MoveIt.bat
[2000/08/30 20:00:00 | 000,011,264 | R--- | M] () -- C:\ABCD\mtee.cfxxe
[2011/07/02 00:27:47 | 000,000,164 | ---- | M] () -- C:\ABCD\MtPt00
[2011/07/02 00:28:22 | 000,000,124 | ---- | M] () -- C:\ABCD\Music.folder.dat
[2011/07/02 00:28:04 | 000,000,467 | ---- | M] () -- C:\ABCD\MWindows.dat
[2000/08/30 20:00:00 | 000,000,000 | ---- | M] () -- C:\ABCD\mynul.dat
[2011/07/02 00:28:46 | 000,008,523 | R--- | M] () -- C:\ABCD\ncmd.com
[2009/12/24 04:12:40 | 000,000,283 | ---- | M] () -- C:\ABCD\ndis_combofix.dat
[2011/06/26 11:33:26 | 000,065,283 | ---- | M] () -- C:\ABCD\ND_.bat
[2011/06/23 14:52:38 | 000,017,757 | ---- | M] () -- C:\ABCD\ND_64.bat
[2011/07/02 00:28:22 | 000,000,052 | ---- | M] () -- C:\ABCD\NetHood.folder.dat
[2010/04/14 06:21:30 | 000,000,520 | ---- | M] () -- C:\ABCD\netsvc.bad.dat
[2000/08/30 20:00:00 | 000,000,525 | ---- | M] () -- C:\ABCD\netsvc.dat
[2000/08/30 20:00:00 | 000,000,088 | ---- | M] () -- C:\ABCD\NetworkService.dat
[2009/04/20 00:56:28 | 000,060,416 | R--- | M] () -- C:\ABCD\NirCmd.cfxxe
[2009/04/20 00:56:28 | 000,060,416 | ---- | M] () -- C:\ABCD\NircmdB.exe
[2009/04/20 00:56:26 | 000,058,880 | R--- | M] () -- C:\ABCD\NirCmdC.cfxxe
[2009/04/20 00:56:28 | 000,060,416 | R--- | M] () -- C:\ABCD\NIRKMD.cfxxe
[2011/07/02 00:27:49 | 000,000,006 | ---- | M] () -- C:\ABCD\NlsLanguageDefault
[2011/07/02 00:28:27 | 000,000,176 | ---- | M] () -- C:\ABCD\notifykeys.dat
[2011/07/02 00:28:27 | 000,000,210 | ---- | M] () -- C:\ABCD\notifykeysB.dat
[2011/06/26 11:33:42 | 000,042,693 | ---- | M] () -- C:\ABCD\NT-OS.cmd
[2011/07/02 00:28:49 | 000,000,000 | ---- | M] () -- C:\ABCD\nt-osSvcDump00
[2011/07/02 00:28:49 | 000,000,003 | ---- | M] () -- C:\ABCD\NULL
[2011/07/02 00:28:13 | 000,000,083 | ---- | M] () -- C:\ABCD\OsId.txt
[2000/08/30 20:00:00 | 000,000,977 | ---- | M] () -- C:\ABCD\OSid.vbs
[2002/09/29 01:01:16 | 000,180,224 | R--- | M] () -- C:\ABCD\pausep.cfxxe
[2011/07/02 00:28:26 | 000,000,802 | ---- | M] () -- C:\ABCD\pend.txt
[2011/07/02 00:28:22 | 000,000,106 | ---- | M] () -- C:\ABCD\Personal.folder.dat
[2011/06/26 02:45:56 | 000,256,000 | R--- | M] () -- C:\ABCD\pev.cfxxe
[2011/01/27 21:28:38 | 000,102,400 | R--- | M] () -- C:\ABCD\pevb.cfxxe
[2011/07/02 00:28:22 | 000,000,130 | ---- | M] () -- C:\ABCD\Pictures.folder.dat
[2008/04/13 20:12:31 | 000,017,920 | R--- | M] () -- C:\ABCD\PING.cfxxe
[2009/07/05 15:51:10 | 000,002,992 | ---- | M] () -- C:\ABCD\Policies.dat
[2010/05/13 04:57:52 | 000,000,064 | ---- | M] () -- C:\ABCD\powp.dat
[2011/07/02 00:28:25 | 000,000,036 | ---- | M] () -- C:\ABCD\PreDIR
[2011/05/13 15:09:08 | 000,003,006 | ---- | M] () -- C:\ABCD\Prep.inf
[2011/07/02 00:28:22 | 000,000,108 | ---- | M] () -- C:\ABCD\PrintHood.folder.dat
[2011/07/02 00:28:22 | 000,000,271 | ---- | M] () -- C:\ABCD\Profiles.Folder.dat
[2011/07/02 00:28:22 | 000,000,327 | ---- | M] () -- C:\ABCD\Profiles.Folder.folder.dat
[2011/07/02 00:28:22 | 000,000,185 | ---- | M] () -- C:\ABCD\Programs.folder.dat
[2000/08/30 20:00:00 | 000,000,404 | ---- | M] () -- C:\ABCD\Purity.dat
[2006/03/02 23:42:40 | 000,073,728 | R--- | M] () -- C:\ABCD\PV.cfxxe
[2006/03/02 11:42:40 | 000,073,728 | ---- | M] () -- C:\ABCD\pv.com
[2011/07/02 00:27:44 | 000,000,056 | ---- | M] () -- C:\ABCD\rar_sfx.cmd
[2000/08/30 20:00:00 | 000,007,478 | ---- | M] () -- C:\ABCD\RCLink.dat
[2011/07/02 00:28:25 | 000,000,000 | ---- | M] () -- C:\ABCD\RcRdy
[2011/07/02 00:28:14 | 000,000,007 | ---- | M] () -- C:\ABCD\RcVer00
[2011/07/02 00:28:22 | 000,000,102 | ---- | M] () -- C:\ABCD\Recent.folder.dat
[2000/08/30 20:00:00 | 000,003,558 | ---- | M] () -- C:\ABCD\REGDACL.sed
[2000/08/30 20:00:00 | 000,009,203 | ---- | M] () -- C:\ABCD\RegDo.sed
[2010/09/16 16:03:32 | 000,001,153 | ---- | M] () -- C:\ABCD\region.dat
[2011/06/26 11:35:12 | 000,053,833 | ---- | M] () -- C:\ABCD\RegScan.cmd
[2011/07/02 00:28:05 | 000,146,432 | ---- | M] () -- C:\ABCD\REGT.cfxxe
[2011/07/02 00:27:54 | 000,000,073 | ---- | M] () -- C:\ABCD\Resident.txt
[2011/07/02 00:28:11 | 000,000,000 | ---- | M] () -- C:\ABCD\restore_pt.dat
[2009/05/01 10:26:10 | 000,000,587 | ---- | M] () -- C:\ABCD\restore_pt.vbs
[2009/11/14 17:35:16 | 000,000,442 | ---- | M] () -- C:\ABCD\Rkey.cmd
[2010/11/07 13:20:24 | 000,208,896 | R--- | M] () -- C:\ABCD\rmbr.cfxxe
[2000/08/30 20:00:00 | 000,000,820 | ---- | M] () -- C:\ABCD\rogues.dat
[2001/08/18 08:00:00 | 000,019,968 | R--- | M] () -- C:\ABCD\ROUTE.cfxxe
[2011/07/02 00:28:28 | 000,001,970 | ---- | M] () -- C:\ABCD\run.sed
[2000/08/30 20:00:00 | 000,000,287 | ---- | M] () -- C:\ABCD\run2.sed
[2009/06/09 23:38:44 | 000,000,030 | ---- | M] () -- C:\ABCD\Rust.str
[1999/11/10 12:00:00 | 000,038,400 | R--- | M] () -- C:\ABCD\s0rt.cfxxe
[2000/08/30 20:00:00 | 000,000,329 | ---- | M] () -- C:\ABCD\safeboot.dat
[2009/06/09 14:25:08 | 000,001,464 | ---- | M] () -- C:\ABCD\safeboot.def.dat
[2000/08/30 20:00:00 | 000,098,816 | R--- | M] () -- C:\ABCD\sed.cfxxe
[2011/07/02 00:28:22 | 000,000,102 | ---- | M] () -- C:\ABCD\SendTo.folder.dat
[2011/06/26 11:35:12 | 000,017,077 | ---- | M] () -- C:\ABCD\SetEnvmt.bat
[2011/07/02 00:28:21 | 000,007,302 | ---- | M] () -- C:\ABCD\SetPath.bat
[2000/08/30 20:00:00 | 000,066,172 | R--- | M] () -- C:\ABCD\setpath.cfxxe
[2011/07/02 00:27:47 | 000,002,845 | ---- | M] () -- C:\ABCD\setpath_N.cmd
[2006/06/10 14:42:26 | 000,049,152 | ---- | M] () -- C:\ABCD\SF.exe
[2011/07/02 00:27:52 | 000,000,014 | ---- | M] () -- C:\ABCD\sfx.cmd
[2011/06/23 14:52:38 | 000,004,634 | ---- | M] () -- C:\ABCD\SnapShot.cmd
[2011/06/23 14:52:38 | 000,002,147 | ---- | M] () -- C:\ABCD\SRestore.cmd
[2011/07/01 07:47:12 | 000,304,822 | ---- | M] () -- C:\ABCD\srizbi.md5
[2011/07/02 00:28:22 | 000,000,105 | ---- | M] () -- C:\ABCD\StartMenu.folder.dat
[2011/07/02 00:28:22 | 000,000,209 | ---- | M] () -- C:\ABCD\StartUp.folder.dat
[2011/07/02 00:27:55 | 000,000,002 | ---- | M] () -- C:\ABCD\Start_dat
[2011/06/26 11:35:12 | 000,020,667 | ---- | M] () -- C:\ABCD\SuppScan.cmd
[2000/08/30 20:00:00 | 000,002,176 | ---- | M] () -- C:\ABCD\SvcDrv.vbs
[2000/08/30 20:00:00 | 000,000,555 | ---- | M] () -- C:\ABCD\svchost.dat
[2010/11/27 01:12:00 | 000,000,749 | ---- | M] () -- C:\ABCD\svchost.vista.x64.dat
[2009/11/28 18:42:26 | 000,011,987 | ---- | M] () -- C:\ABCD\svc_wht.dat
[2000/08/30 20:00:00 | 000,518,144 | R--- | M] () -- C:\ABCD\swreg.cfxxe
[2000/08/30 20:00:00 | 000,406,528 | R--- | M] () -- C:\ABCD\swsc.cfxxe
[2000/08/30 20:00:00 | 000,212,480 | R--- | M] () -- C:\ABCD\swxcacls.cfxxe
[2011/07/02 00:28:20 | 000,002,187 | ---- | M] () -- C:\ABCD\SysPath.dat
[2000/08/30 20:00:00 | 000,000,276 | ---- | M] () -- C:\ABCD\system_ini.dat
[1999/11/09 20:00:00 | 000,035,328 | R--- | M] () -- C:\ABCD\tail.cfxxe
[2011/07/02 00:28:46 | 000,002,654 | ---- | M] () -- C:\ABCD\Temp.dat
[2011/07/02 00:28:22 | 000,000,103 | ---- | M] () -- C:\ABCD\Templates.folder.dat
[2009/10/30 01:26:54 | 000,000,633 | ---- | M] () -- C:\ABCD\toolbar.sed
[2011/07/02 00:28:27 | 000,000,606 | ---- | M] () -- C:\ABCD\unhand.dat
[2011/06/23 14:52:36 | 000,003,945 | ---- | M] () -- C:\ABCD\Update-CF.cmd
[2011/07/02 00:27:55 | 000,000,273 | ---- | M] () -- C:\ABCD\VerCF.bat
[2011/07/02 00:28:36 | 000,262,911 | ---- | M] () -- C:\ABCD\VikPev00
[2011/07/02 00:28:46 | 000,000,000 | ---- | M] () -- C:\ABCD\Vikpev01
[2011/06/22 04:40:30 | 000,003,819 | ---- | M] () -- C:\ABCD\VInfo
[2011/07/01 07:47:04 | 000,015,500 | ---- | M] () -- C:\ABCD\VInfo2
[2011/06/22 04:40:34 | 000,000,557 | ---- | M] () -- C:\ABCD\VINFO3
[2010/05/10 11:30:04 | 000,000,308 | ---- | M] () -- C:\ABCD\Vipev.dat
[2011/07/02 00:28:46 | 000,006,048 | ---- | M] () -- C:\ABCD\ViPev00
[2011/07/02 00:28:46 | 000,005,982 | ---- | M] () -- C:\ABCD\ViPev01
[2010/07/26 15:17:22 | 000,000,440 | ---- | M] () -- C:\ABCD\vistaMcode.dat
[2011/07/02 00:28:28 | 000,004,073 | ---- | M] () -- C:\ABCD\vRun_DLL
[2010/06/20 16:05:36 | 000,007,584 | ---- | M] () -- C:\ABCD\vun.dat
[2011/07/02 00:28:39 | 000,000,035 | ---- | M] () -- C:\ABCD\vundonames.dat
[2011/07/02 00:28:28 | 000,039,854 | ---- | M] () -- C:\ABCD\v_wht.dat
[2010/07/23 16:20:44 | 000,000,440 | ---- | M] () -- C:\ABCD\w7Mcode.dat
[2011/07/02 00:28:28 | 000,073,681 | ---- | M] () -- C:\ABCD\whiteAll.dat
[2011/07/02 00:28:27 | 000,017,933 | ---- | M] () -- C:\ABCD\whitedir.dat
[2011/07/02 00:28:27 | 000,001,137 | ---- | M] () -- C:\ABCD\whitedirCreated.dat
[2010/12/11 15:38:00 | 000,001,127 | ---- | M] () -- C:\ABCD\Wmi_rem.vbs
[2009/06/21 02:45:40 | 000,098,948 | ---- | M] () -- C:\ABCD\w_sock.dll
[2011/07/02 00:27:32 | 000,000,006 | ---- | M] () -- C:\ABCD\XP.mac
[2010/07/22 10:14:44 | 000,000,440 | ---- | M] () -- C:\ABCD\xpmcode.dat
[2011/05/23 10:36:40 | 000,061,815 | ---- | M] () -- C:\ABCD\xpreg.dat
[2010/02/02 06:41:38 | 000,013,090 | ---- | M] () -- C:\ABCD\XPSBoot.reg
[2000/08/30 20:00:00 | 000,023,773 | ---- | M] () -- C:\ABCD\zDomain.dat
[2011/07/02 00:28:04 | 000,049,886 | ---- | M] () -- C:\ABCD\zhsvc.dat
[2000/08/30 20:00:00 | 000,068,096 | R--- | M] () -- C:\ABCD\zip.cfxxe
[2011/07/02 00:28:47 | 000,000,000 | ---- | M] () -- C:\ABCD\Zlob01
[1 C:\ABCD\*.tmp files -> C:\ABCD\*.tmp -> ]
[2011/07/02 00:28:47 | 000,000,044 | ---- | M] () -- C:\ABCD\N_\10170
[2011/07/02 00:28:28 | 000,000,034 | ---- | M] () -- C:\ABCD\N_\12030
[2011/07/02 00:28:39 | 000,000,000 | ---- | M] () -- C:\ABCD\N_\13026
[2011/07/02 00:28:47 | 000,000,000 | ---- | M] () -- C:\ABCD\N_\13115
[2011/07/02 00:28:50 | 000,000,000 | ---- | M] () -- C:\ABCD\N_\15690
[2011/07/02 00:28:46 | 000,000,000 | ---- | M] () -- C:\ABCD\N_\16653
[2011/07/02 00:28:52 | 000,000,083 | ---- | M] () -- C:\ABCD\N_\16839
[2011/07/02 00:28:47 | 000,000,000 | ---- | M] () -- C:\ABCD\N_\18499
[2011/07/02 00:28:26 | 000,000,295 | ---- | M] () -- C:\ABCD\N_\18563
[2011/07/02 00:28:47 | 000,000,000 | ---- | M] () -- C:\ABCD\N_\19180
[2011/07/02 00:28:47 | 000,000,000 | ---- | M] () -- C:\ABCD\N_\19251
[2011/07/02 00:28:48 | 000,000,000 | ---- | M] () -- C:\ABCD\N_\19367
[2011/07/02 00:28:28 | 000,000,033 | ---- | M] () -- C:\ABCD\N_\20568
[2011/07/02 00:28:46 | 000,000,027 | ---- | M] () -- C:\ABCD\N_\22522
[2011/07/02 00:28:51 | 000,000,248 | ---- | M] () -- C:\ABCD\N_\23783
[2011/07/02 00:28:49 | 000,000,387 | ---- | M] () -- C:\ABCD\N_\24409
[2011/07/02 00:28:47 | 000,000,000 | ---- | M] () -- C:\ABCD\N_\24690
[2011/07/02 00:28:46 | 000,000,000 | ---- | M] () -- C:\ABCD\N_\25521
[2011/07/02 00:28:46 | 000,000,000 | ---- | M] () -- C:\ABCD\N_\27505
[2011/07/02 00:28:26 | 000,000,099 | ---- | M] () -- C:\ABCD\N_\28652
[2011/07/02 00:28:47 | 000,000,337 | ---- | M] () -- C:\ABCD\N_\29808
[2011/07/02 00:28:50 | 000,000,000 | ---- | M] () -- C:\ABCD\N_\2988
[2011/07/02 00:28:27 | 000,000,000 | ---- | M] () -- C:\ABCD\N_\30543
[2011/07/02 00:28:28 | 000,000,024 | ---- | M] () -- C:\ABCD\N_\31075
[2011/07/02 00:28:49 | 000,000,000 | ---- | M] () -- C:\ABCD\N_\31606
[2011/07/02 00:28:27 | 000,000,044 | ---- | M] () -- C:\ABCD\N_\8105
[2011/07/02 00:28:49 | 000,000,101 | ---- | M] () -- C:\ABCD\N_\8904
[2011/07/02 00:28:47 | 000,000,044 | ---- | M] () -- C:\ABCD\N_\899
[2011/07/02 00:28:46 | 000,000,000 | ---- | M] () -- C:\ABCD\N_\cfdummy00
[2011/07/02 00:28:26 | 000,000,057 | ---- | M] () -- C:\ABCD\N_\CmdLine00

< C:\WINDOWS\System32\drivers\*.dll >
[2008/04/13 20:11:48 | 000,004,255 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2008/04/13 20:11:48 | 000,003,967 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2008/04/13 20:11:48 | 000,003,615 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2008/04/13 20:11:48 | 000,003,647 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2008/04/13 20:11:48 | 000,003,135 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2008/04/13 20:11:48 | 000,003,711 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2008/04/13 20:11:48 | 000,003,775 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2006/10/18 22:47:08 | 000,007,791 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aepYKNFms.dll
[2001/08/18 08:00:00 | 000,103,535 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ArQaqXi.dll
[2008/04/13 20:11:50 | 000,021,183 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2008/04/13 20:11:50 | 000,011,359 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2008/04/13 20:11:50 | 000,025,471 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2008/04/13 20:11:50 | 000,014,143 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2008/04/13 20:11:50 | 000,017,279 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2008/04/13 20:11:49 | 000,126,575 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aXCORJlYa.dll
[2008/04/13 20:11:48 | 000,194,159 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aXDJxdmGU.dll
[2009/03/08 05:32:56 | 000,073,327 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bDSvqf.dll
[2001/08/18 08:00:00 | 000,065,135 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bhYMvwrv.dll
[2008/04/13 20:11:48 | 000,176,239 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\BRdPjR.dll
[2008/04/13 20:11:48 | 000,068,719 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\BumRDu.dll
[2001/08/18 08:00:00 | 000,026,735 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\BwlhAVH.dll
[2006/10/18 22:47:08 | 000,007,791 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bwqtNo.dll
[2009/03/08 05:32:56 | 000,073,327 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\BysfxJl.dll
[2001/08/18 08:00:00 | 000,026,735 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cchucW.dll
[2008/04/13 20:11:50 | 000,015,423 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2008/04/13 20:11:49 | 000,126,575 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\CPhgW.dll
[2001/08/18 08:00:00 | 000,130,159 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cRdrTjgj.dll
[2008/04/13 20:11:48 | 000,136,815 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\CTqECAIjL.dll
[2009/02/09 08:10:48 | 000,618,095 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dGQvp.dll
[2008/04/13 20:11:49 | 000,065,647 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dPqtPpayu.dll
[2008/04/13 20:11:48 | 000,194,159 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\DrFtprmF.dll
[2001/08/18 08:00:00 | 000,065,135 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dvMnTsn.dll
[2006/10/18 22:47:08 | 000,007,791 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dYWAQEiHt.dll
[2008/04/13 20:11:49 | 000,018,031 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\EvFDmwAev.dll
[2009/02/09 08:10:48 | 000,618,095 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\eVWHqMXDO.dll
[2008/04/13 20:11:48 | 000,116,335 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\EwKDU.dll
[2008/04/13 20:11:48 | 000,100,975 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fBCfpfR.dll
[2008/04/13 20:11:48 | 000,116,335 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fnAMC.dll
[2001/08/18 08:00:00 | 000,103,535 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\FPjARxyF.dll
[2001/08/18 08:00:00 | 000,065,135 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fSPrWTDk.dll
[2008/04/13 20:11:48 | 000,143,983 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fWcNVgGgm.dll
[2008/04/13 20:11:48 | 000,100,975 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\GJMfS.dll
[2008/04/13 20:11:48 | 000,194,159 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hAvBnrrb.dll
[2008/04/13 20:11:49 | 000,018,031 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\HdwItP.dll
[2004/01/29 10:08:23 | 000,033,391 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\HwKqrTmmR.dll
[2008/04/13 20:11:48 | 000,100,975 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\HwNtDCxO.dll
[2001/08/18 08:00:00 | 000,130,159 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\IAOKlGNA.dll
[2001/08/18 08:00:00 | 000,130,159 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\icnaR.dll
[2006/10/18 22:47:08 | 000,007,791 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\IKJFX.dll
[2009/03/08 05:32:48 | 000,129,135 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\itidBRwY.dll
[2008/04/13 20:11:49 | 000,065,647 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jBOboVA.dll
[2006/10/18 22:47:08 | 000,007,791 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jfruCN.dll
[2001/08/18 08:00:00 | 000,026,735 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\jYuCx.dll
[2006/10/18 22:47:08 | 000,007,791 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\KaSQYy.dll
[2001/08/18 08:00:00 | 000,065,135 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\KFeElLsAl.dll
[2009/03/08 05:32:48 | 000,129,135 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\klxkSOB.dll
[2008/04/13 20:11:48 | 000,098,927 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\LfwueAAh.dll
[2008/04/13 20:11:48 | 000,143,983 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lKBdlS.dll
[2008/04/13 20:11:48 | 000,176,239 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\LnxkEbK.dll
[2001/08/18 08:00:00 | 000,065,758 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\LoIBfTpE.dll
[2008/04/13 20:11:48 | 000,068,719 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lrcHhIxQs.dll
[2001/08/18 08:00:00 | 000,065,758 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lRLkJl.dll
[2008/04/13 20:11:49 | 000,065,647 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mAbPV.dll
[2008/04/13 20:11:48 | 000,098,927 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mBPSU.dll
[2009/02/09 08:10:48 | 000,618,095 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MOcfeOiv.dll
[2008/04/13 20:11:48 | 000,143,983 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\NOjvgaN.dll
[2008/04/13 20:11:48 | 000,068,719 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\npMGmvraB.dll
[2008/04/13 20:11:49 | 000,065,647 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\OfxAh.dll
[2008/04/13 20:11:49 | 000,018,031 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\oRlAMBA.dll
[2009/02/09 08:10:48 | 000,618,095 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\PcuAsLYJ.dll
[2008/04/13 20:11:49 | 000,065,647 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\PfeLuj.dll
[2008/04/13 20:11:48 | 000,116,335 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\QwjooEu.dll
[2001/08/18 08:00:00 | 000,026,223 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\QxnyJvUvG.dll
[2009/03/08 05:32:56 | 000,073,327 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rbrydtCV.dll
[2008/04/13 20:11:48 | 000,176,239 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rcHjjV.dll
[2009/03/08 05:32:56 | 000,073,327 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rcixu.dll
[2001/08/18 08:00:00 | 000,103,535 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\RGRnMjQUU.dll
[2009/03/08 05:32:56 | 000,073,327 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sgjcflBo.dll
[2008/04/13 20:12:05 | 000,003,901 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2009/02/09 08:10:48 | 000,618,095 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sKTQPNh.dll
[2008/04/13 20:11:48 | 000,264,303 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\SKxCeM.dll
[2008/04/13 20:11:48 | 000,100,975 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sNdtDN.dll
[2008/04/13 20:11:48 | 000,194,159 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\srwQe.dll
[2008/04/13 20:11:48 | 000,068,719 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tcDCcyIdI.dll
[2008/04/13 20:11:48 | 000,264,303 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tgVWmJj.dll
[2009/03/08 05:32:48 | 000,129,135 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\TIXjusfKT.dll
[2008/04/13 20:11:48 | 000,100,975 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tJbdfIJ.dll
[2008/04/13 20:11:48 | 000,143,983 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tRAsFLvs.dll
[2008/04/13 20:11:48 | 000,136,815 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tSEXhaxq.dll
[2008/04/13 20:12:08 | 000,011,325 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2009/03/08 05:32:48 | 000,129,135 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WmppU.dll
[2008/04/13 20:11:49 | 000,126,575 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wnLYE.dll
[2008/04/13 20:11:48 | 000,116,335 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\woIgOG.dll
[2009/03/08 05:32:56 | 000,073,327 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WrhIo.dll
[2008/04/13 20:11:48 | 000,116,335 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WwDKqNE.dll
[2008/04/13 20:11:49 | 000,018,031 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\XFEHMNB.dll
[2008/04/13 20:11:48 | 000,264,303 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xiMsbud.dll
[2008/04/13 20:11:48 | 000,143,983 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\XjreLOYI.dll
[2008/04/13 20:11:48 | 000,098,927 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xlBlRc.dll
[2008/04/13 20:11:48 | 000,098,927 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\XLLHPKDHA.dll
[2006/10/18 22:47:08 | 000,007,791 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\XQBujxEMC.dll
[2008/04/13 20:11:49 | 000,018,031 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\XQEGhvF.dll
[2008/04/13 20:11:48 | 000,143,983 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\XttfyjQ.dll
[2008/04/13 20:11:48 | 000,194,159 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\YiaoXtd.dll
[2008/04/13 20:11:49 | 000,066,270 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\YIhEvRN.dll
[2008/04/13 20:11:48 | 000,098,927 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\yiYdWOAhO.dll
[2008/04/13 20:11:48 | 000,100,975 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\yKGjSLnq.dll
[2001/08/18 08:00:00 | 000,065,758 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ykXcONVH.dll
[2009/03/08 05:32:48 | 000,129,135 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\YldHrPg.dll
[2008/04/13 20:11:48 | 000,116,335 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\yPQvotn.dll
[2009/03/08 05:32:56 | 000,073,327 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\yvOakFRD.dll

< C:\WINDOWS\System32\drivers\*.exe >
[2001/08/18 08:00:00 | 000,026,223 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aJBWxC.exe
[2008/04/13 20:11:49 | 000,018,031 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aniuOXA.exe
[2009/03/08 05:32:48 | 000,129,135 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ApUqNoG.exe
[2008/04/13 20:11:48 | 000,176,239 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\axcjkRq.exe
[2008/04/13 20:11:48 | 000,176,239 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aySlGSAv.exe
[2009/03/08 05:32:48 | 000,129,135 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\BjiBM.exe
[2008/04/13 20:11:49 | 000,126,575 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cAbgpliIe.exe
[2003/02/10 21:29:31 | 000,052,736 | ---- | M] (Macrovision) -- C:\WINDOWS\System32\drivers\CDAC11BA.EXE
[2008/04/13 20:11:49 | 000,018,031 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cFPaOQVD.exe
[2009/03/08 05:32:56 | 000,073,327 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\CPfcTC.exe
[2001/08/18 08:00:00 | 000,065,758 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\cwgQJTJtf.exe
[2008/04/13 20:11:49 | 000,126,575 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\DJkuhpFm.exe
[2001/08/18 08:00:00 | 000,026,735 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\DRIFeOTjW.exe
[2001/08/18 08:00:00 | 000,026,223 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\eNyCsj.exe
[2008/04/13 20:11:48 | 000,264,303 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\faTXv.exe
[2009/03/08 05:32:48 | 000,129,135 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fibAiHAh.exe
[2009/03/08 05:32:56 | 000,073,327 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Foelhal.exe
[2004/01/29 10:08:23 | 000,033,391 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\FRQurbl.exe
[2009/02/09 08:10:48 | 000,618,095 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fYIEK.exe
[2008/04/13 20:11:49 | 000,066,270 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fYiqiE.exe
[2004/01/29 10:08:23 | 000,033,391 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gAWWT.exe
[2001/08/18 08:00:00 | 000,130,159 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\GgAlrRllS.exe
[2008/04/13 20:11:48 | 000,098,927 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gGjEC.exe
[2001/08/18 08:00:00 | 000,065,135 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gKLakkGL.exe
[2008/04/13 20:11:48 | 000,098,927 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gMqrn.exe
[2001/08/18 08:00:00 | 000,103,535 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\GQqSMh.exe
[2008/04/13 20:11:48 | 000,100,975 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gyyVFD.exe
[2001/08/18 08:00:00 | 000,103,535 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\HbWAG.exe
[2008/04/13 20:11:48 | 000,194,159 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\HffCEEaD.exe
[2008/04/13 20:11:48 | 000,143,983 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hfrvGg.exe
[2001/08/18 08:00:00 | 000,103,535 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\HhvMYhYQh.exe
[2009/03/08 05:32:48 | 000,129,135 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\HIVpWHSfp.exe
[2008/04/13 20:11:49 | 000,066,270 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\HPJUDIpg.exe
[2008/04/13 20:11:48 | 000,098,927 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\HVOgfeb.exe
[2001/08/18 08:00:00 | 000,026,735 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hyaVSTT.exe
[2008/04/13 20:11:48 | 000,100,975 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ifcua.exe
[2008/04/13 20:11:49 | 000,065,647 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\IFHGpKcDh.exe
[2008/04/13 20:11:48 | 000,176,239 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\iOTAcbDo.exe
[2008/04/13 20:11:48 | 000,068,719 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\iPXnSK.exe
[2001/08/18 08:00:00 | 000,026,735 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\isOpIDa.exe
[2001/08/18 08:00:00 | 000,103,535 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ITniBxcFF.exe
[2001/08/18 08:00:00 | 000,065,758 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\IWTMvwtB.exe
[2008/04/13 20:11:49 | 000,018,031 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\JpYGTb.exe
[2008/04/13 20:11:48 | 000,264,303 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\KEwLR.exe
[2001/08/18 08:00:00 | 000,026,223 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\KGPXUT.exe
[2001/08/18 08:00:00 | 000,065,135 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kkJpH.exe
[2006/10/18 22:47:08 | 000,007,791 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\KluuoVATv.exe
[2003/06/18 09:54:10 | 000,296,960 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\System32\drivers\KodakCCS.exe
[2008/04/13 20:11:49 | 000,018,031 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\KovUGo.exe
[2001/08/18 08:00:00 | 000,130,159 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\LBMlj.exe
[2008/04/13 20:11:48 | 000,143,983 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\LJjbARfB.exe
[2001/08/18 08:00:00 | 000,065,135 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\llUOfwU.exe
[2008/04/13 20:11:49 | 000,018,031 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\lsOcJOP.exe
[2001/08/18 08:00:00 | 000,026,735 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\LyObqLkJH.exe
[2008/04/13 20:11:48 | 000,136,815 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mcDTnvbn.exe
[2001/08/18 08:00:00 | 000,065,135 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MfYLxM.exe
[2001/08/18 08:00:00 | 000,026,223 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mGubQCJa.exe
[2001/08/18 08:00:00 | 000,026,223 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mIydP.exe
[2008/04/13 20:11:49 | 000,126,575 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mRKiK.exe
[2008/04/13 20:11:48 | 000,143,983 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\Mskic.exe
[2001/08/18 08:00:00 | 000,026,223 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mwJkqA.exe
[2008/04/13 20:11:48 | 000,100,975 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mxbCLP.exe
[2009/03/08 05:32:48 | 000,129,135 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\NaChU.exe
[2008/04/13 20:11:48 | 000,194,159 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nlCYIFH.exe
[2008/04/13 20:11:48 | 000,176,239 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nOiBs.exe
[2001/08/18 08:00:00 | 000,026,223 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nRulTX.exe
[2008/04/13 20:11:48 | 000,116,335 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\nydkaqIm.exe
[2008/04/13 20:11:48 | 000,136,815 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\oIhuA.exe
[2009/03/08 05:32:56 | 000,073,327 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\OnqQnTkCQ.exe
[2001/08/18 08:00:00 | 000,130,159 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\opsSoqgf.exe
[2004/01/29 10:08:23 | 000,033,391 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\oULLRvYPH.exe
[2001/08/18 08:00:00 | 000,130,159 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\PsxrnrXN.exe
[2009/03/08 05:32:48 | 000,129,135 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\qbPAel.exe
[2008/04/13 20:11:48 | 000,100,975 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\QcQSKS.exe
[2008/04/13 20:11:48 | 000,116,335 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\qMOcUAhr.exe
[2009/03/08 05:32:56 | 000,073,327 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\RbrcSJYR.exe
[2008/04/13 20:11:48 | 000,194,159 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\RjvHSw.exe
[2001/08/18 08:00:00 | 000,065,135 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\RmkuDEVP.exe
[2008/04/13 20:11:48 | 000,068,719 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rpriw.exe
[2008/04/13 20:11:48 | 000,143,983 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\RRKcR.exe
[2008/04/13 20:11:48 | 000,143,983 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rsUmnPaJo.exe
[2008/04/13 20:11:48 | 000,143,983 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rTFYp.exe
[2008/04/13 20:11:48 | 000,136,815 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rUaEuwfuK.exe
[2009/02/09 08:10:48 | 000,618,095 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rYpBq.exe
[2008/04/13 20:11:49 | 000,018,031 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\saurspEkO.exe
[2008/04/13 20:11:49 | 000,229,999 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ScJRU.exe
[2009/02/09 08:10:48 | 000,618,095 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tJTHHOTr.exe
[2001/08/18 08:00:00 | 000,026,735 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\trGmgabF.exe
[2001/08/18 08:00:00 | 000,103,535 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\uHAnaxcxq.exe
[2001/08/18 08:00:00 | 000,130,159 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\vErbYEOD.exe
[2001/08/18 08:00:00 | 000,026,735 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\VNcQXVkFu.exe
[2008/04/13 20:11:48 | 000,264,303 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\VoFvO.exe
[2008/04/13 20:11:48 | 000,068,719 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\VQxmr.exe
[2001/08/18 08:00:00 | 000,103,535 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wBeqPQkn.exe
[2008/04/13 20:11:49 | 000,065,647 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wlgJS.exe
[2008/04/13 20:11:48 | 000,100,975 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WybdIeH.exe
[2008/04/13 20:11:48 | 000,068,719 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xdjTfMJXm.exe
[2006/10/18 22:47:08 | 000,007,791 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xggsbToOf.exe
[2008/04/13 20:11:48 | 000,100,975 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xJUsvfY.exe
[2008/04/13 20:11:48 | 000,176,239 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xLuHKphs.exe
[2009/03/08 05:32:48 | 000,129,135 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\XWyki.exe
[2008/04/13 20:11:48 | 000,100,975 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\xXSVUHaAI.exe
[2001/08/18 08:00:00 | 000,130,159 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\YaDBbu.exe
[2009/02/09 08:10:48 | 000,618,095 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\yCeMCd.exe
[2001/08/18 08:00:00 | 000,026,735 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\yDqNSH.exe
[2008/04/13 20:11:49 | 000,065,647 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\YfUnq.exe
[2008/04/13 20:11:48 | 000,143,983 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ytmKWp.exe
[2008/04/13 20:11:48 | 000,116,335 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\yUcfMObj.exe
[2001/08/18 08:00:00 | 000,026,223 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\YVRDFnHbb.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 3 bytes -> C:\ABCD\f_system:test
@Alternate Data Stream - 185 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >


Michael,

I unplugged my internet cable - hope this stops the "evolution"...

This last actions seems to have brought the desktop back to a more normal looking state, so I think somehting is finally happengin.

I do keep getting a pop up box that says: Validation failed for C:\windows\system32/Zonelabs\vsmon.exe
Not sure what that is but thought I would mention it.

Thanks!!!!!!
Keith

[michaelg9]

Hello,

As you don't have internet connection anymore, download the tools to a USB from a clean and internet connected computer, and then transfer them to your infected computer.

Please delete the old copy of aswMBR you have, as it's outdated.

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan


On completion of the scan click save log, save it to your desktop and post in your next reply


Also in Desktop there should be a file called MBR.dat after that, zip it and then attach it here


Next:

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

• Ensure all Firefox windows are closed.
• To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
• When prompted to run the scan, click Yes.
• GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Next:

• Open notepad from your clean computer and paste the following:
  

  @echo off
  mkdir C:\samples
  copy C:\WINDOWS\system32\drivers\serial.sys C:\samples\serial.sys
  attrib -h -s C:\samples\serial.sys
  copy C:\WINDOWS\System32\drivers\tgVWmJj.dll C:\samples\sampledll
  copy C:\WINDOWS\System32\drivers\YVRDFnHbb.exe C:\samples\sampleexe
  attrib -h -s C:\samples\sampledll
  attrib -h -s C:\samplessampleexe
  end

• Go to File > Save as...
• In Filename bar type collect.bat
• In Save as type bar select All Files
• Save it in your USB.
• It shall look like this:
  
• Transfer it to your infected computer and run it.
• A folder in C:\ named samples is created with 3 files in it
• Transfer this folder to your USB and move them to your clean computer. Don't worry, these files aren't dangerous now
  
  File Scanner
  Now I want you to scan these files
  
• Make sure to use Internet Explorer for this
• Please go to VirSCAN.org FREE on-line scan service
• At "Suspicious files to scan" box on the top of the page select one at a time
• Click on the Upload button
• If a pop-up appears saying the file has been scanned already, please select the ReScan button.
• Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
• Paste the contents of the Clipboard in your next reply.
• Do this for all the 3 files.

Note:If your antivirus moans during this process, disable it and when you finish re-enable it.