Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus


  • This topic is locked This topic is locked
35 replies to this topic

#1 esoterica81

esoterica81

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 01 April 2011 - 04:21 PM

Dear Support Staff,

A few days ago, I started having a problem where links in a search engine would redirect me to bogus websites like happili or various ad websites. I went to some tech forum (not this one) where I ran combofix off their website. The problem persisted, and I actually have lost things in the meantime like my volume tray icon since then. I ran Symantec full-scan which stalled at 2% complete, and the quick scan as well, which did not pick up on any virus. Sophos picked up on a trojan TDLMEM-3 but stated I had to manually remove it (as if I know how to do that!)
this is not my PC and I want very much to put it back in the condition I found it. By the way, my computer is also running realllly slowly which makes typing difficult.

Here is the DDS script:

DDS (Ver_11-03-05.01) - NTFSx86
Run by Carlos Bello at 13:09:05.18 on Fri 04/01/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.91 [GMT -7:00]
.
AV: Sophos Anti-Virus *Disabled/Outdated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
AV: McAfee VirusScan *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall Plus *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Zune\ZuneBusEnum.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Carlos Bello\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.usc.edu
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Road Runner High Speed Online
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Webroot Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Webroot Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [cdloader] "c:\documents and settings\carlos bello\application data\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [Apoint] "c:\program files\apoint\Apoint.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [dla] "c:\windows\system32\dla\tfswctrl.exe"
mRun: [ISUSPM Startup] "c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DiskeeperSystray] "c:\program files\executive software\diskeeper\DkIcon.exe"
mRun: [medicsp2] "c:\program files\twc\medicsp2\bin\sprtcmd.exe" /P medicsp2
mRun: [HPDJ Taskbar Utility] "c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [sealmon.exe] c:\program files\oracle\information rights management\desktop\sealmon.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [Sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [SWHelper] "c:\windows\system32\macromed\shockwave 8\PostUpdate.exe" 1014021
dRunOnce: [oCh06504nOnCj06504] c:\documents and settings\all users\application data\och06504noncj06504\oCh06504nOnCj06504.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\photof~1.lnk - c:\program files\common files\panasonic\photofunstudio autostart\AutoStartupService.exe
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html
IE: &Viewpoint Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim\aim.exe
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
LSP: c:\documents and settings\all users\application data\sophos web intelligence\swi_lsp.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - hxxp://www.trendmicro.com/spyware-scan/as4web.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
Notify: itlnfw32 - itlnfw32.dll
Notify: itlntfy - itlnfw32.dll
AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
mASetup: {4A86FB67-AB29-49A5-BD6B-D4170276BFFD} - rundll32.exe "c:\documents and settings\carlos bello\application data\sun\xwrvspjuk92.dll", UnregisterDll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\carlos~1\applic~1\mozilla\firefox\profiles\g98sufke.default\
.
============= SERVICES / DRIVERS ===============
.
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2007-10-27 153344]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2007-10-27 24064]
S3 ATIXPGAA;ATIXPGAA;c:\dell\drivers\r101351\ATIXPGAA.SYS [2009-1-28 12032]
S3 sdcfilter;sdcfilter;c:\windows\system32\drivers\sdcfilter.sys [2011-3-22 23928]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-11-2 280344]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2008-10-8 14976]
.
=============== Created Last 30 ================
.
2011-04-01 18:26:59 -------- d-----w- c:\windows\system32\zh-TW
2011-04-01 18:26:59 -------- d-----w- c:\windows\system32\zh-HK
2011-04-01 18:26:59 -------- d-----w- c:\windows\system32\tr-TR
2011-04-01 18:26:59 -------- d-----w- c:\windows\system32\sv-SE
2011-04-01 18:26:59 -------- d-----w- c:\windows\system32\nb-NO
2011-04-01 18:26:59 -------- d-----w- c:\windows\system32\ko-KR
2011-04-01 18:26:59 -------- d-----w- c:\windows\system32\he-IL
2011-04-01 18:26:59 -------- d-----w- c:\windows\system32\fi-FI
2011-04-01 18:26:58 -------- d-----w- c:\windows\system32\el-GR
2011-04-01 18:26:58 -------- d-----w- c:\windows\system32\da-DK
2011-04-01 18:26:58 -------- d-----w- c:\windows\system32\ar-SA
2011-04-01 17:04:29 -------- d-----w- c:\docume~1\alluse~1\applic~1\oCh06504nOnCj06504
2011-04-01 04:00:14 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-01 04:00:14 -------- d-----w- c:\windows\system32\wbem\Repository
2011-04-01 03:46:56 -------- d-----w- c:\program files\common files\Cisco Systems
2011-04-01 03:44:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\Sophos Web Intelligence
2011-04-01 03:42:43 -------- d-----w- c:\program files\Skype
2011-03-29 02:37:55 -------- d-----w- C:\pebuilder3110a
2011-03-29 02:37:19 3306678 ----a-w- C:\pebuilder3110a.exe
2011-03-29 01:23:32 331805736 ----a-w- C:\XPSP3.exe
2011-03-29 00:21:55 -------- d-----w- C:\XPSETUP
2011-03-28 23:36:10 5514668 ----a-w- C:\SetupImgBurn_2.5.5.0(2).exe
2011-03-28 23:32:55 2048 ------w- C:\w2ksect.bin
2011-03-28 23:14:04 5514668 ----a-w- C:\SetupImgBurn_2.5.5.0.exe
2011-03-28 02:30:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Panasonic
2011-03-28 02:29:58 -------- d-----w- c:\docume~1\carlos~1\locals~1\applic~1\Panasonic
2011-03-28 01:32:52 80024 ----a-w- c:\windows\system32\PICSDK.dll
2011-03-28 01:32:52 501912 ----a-w- c:\windows\system32\PICSDK2.dll
2011-03-28 01:32:52 108704 ----a-w- c:\windows\system32\PICEntry.dll
2011-03-28 01:32:51 71840 ----a-w- c:\windows\system32\EPPicMgr.dll
2011-03-28 01:32:51 120992 ----a-w- c:\windows\system32\EpPicPrt.dll
2011-03-28 01:27:11 33408 ----a-w- c:\windows\system32\drivers\cdrbsdrv.sys
2011-03-28 01:27:06 145504 ----a-w- c:\windows\system32\bgsvcgen.exe
2011-03-28 01:27:04 59488 ----a-w- c:\windows\system32\GenSvcInst.exe
2011-03-28 01:26:07 -------- d-----w- c:\program files\common files\Panasonic
2011-03-28 01:25:19 -------- d-----w- c:\program files\Microsoft Synchronization Services
2011-03-28 01:25:16 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2011-03-23 10:31:25 -------- d-----w- c:\windows\system32\Adobe
2011-03-23 02:47:05 34816 ----a-w- c:\windows\system32\itlnfw32.dll
2011-03-23 00:54:26 131824 ----a-w- c:\windows\system32\sdccoinstaller.dll
2011-03-23 00:52:30 28912 ----a-w- c:\windows\system32\SophosBootTasks.exe
2011-03-23 00:23:52 23928 ----a-w- c:\windows\system32\drivers\sdcfilter.sys
2011-03-16 01:03:10 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2011-03-16 01:02:49 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2011-03-16 01:02:37 -------- d-----w- c:\windows\Logs
.
==================== Find3M ====================
.
2011-03-02 19:59:50 72080 ----a-w- c:\documents and settings\carlos bello\g2mdlhlpx.exe
2011-01-13 03:05:54 25513072 ----a-w- C:\stamps.exe
2011-01-11 23:23:15 258511624 ----a-w- C:\ZunePackage47.exe
2011-01-11 23:10:34 125460744 ----a-w- C:\ZuneSetupPkg.exe
2011-01-11 21:25:53 337 ----a-w- c:\windows\system32\lsprst7.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: TOSHIBA_MK8026GAX rev.PA002D -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8733C439]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x873427d0]; MOV EAX, [0x8734284c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x873CAAB8]
3 CLASSPNP[0xF769BFD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x87296F18]
\Driver\atapi[0x8737D5E8] -> IRP_MJ_CREATE -> 0x8733C439
kernel: MBR read successfully
_asm { CLI ; MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; STI ; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62f; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskTOSHIBA_MK8026GAX_______________________PA002D__#5&17ce0675&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8733C27F
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 13:12:45.17 ===============


GMER LOG

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-01 14:18:58
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 TOSHIBA_MK8026GAX rev.PA002D
Running: gmer.exe; Driver: C:\DOCUME~1\CARLOS~1\LOCALS~1\Temp\uwtdqpob.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\CARLOS~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\spoolsv.exe[996] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00F16E80 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00F18E40 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00F15640 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!ReadFile 7C801812 5 Bytes JMP 00F16FF0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F19040 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 00F18A60 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 00F17B70 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!OpenFileMappingW 7C80BB7A 5 Bytes JMP 00F18D20 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!DuplicateHandle 7C80DE9E 5 Bytes JMP 00F1A750 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 00F186B0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!FindClose 7C80EE77 5 Bytes JMP 00F187C0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!FindFirstFileW 7C80EF81 5 Bytes JMP 00F185C0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!FindNextFileW 7C80EFDA 5 Bytes JMP 00F188A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F19560 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 00F17900 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!GetFileSize 7C810B17 5 Bytes JMP 00F17830 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!SetFilePointer 7C810C2E 5 Bytes JMP 00F175A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!WriteFile 7C810E27 5 Bytes JMP 00F17270 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!GetFileType 7C810EF1 5 Bytes JMP 00F17EE0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00F17BF0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!GetFileAttributesA 7C8115DC 5 Bytes JMP 00F17AF0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!FlushFileBuffers 7C8126E1 5 Bytes JMP 00F17520 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!FindFirstFileA 7C813879 5 Bytes JMP 00F184D0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 00F176F0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00F1A150 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00F19AA0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00F19CC0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!GetFileTime 7C831C4D 5 Bytes JMP 00F17CE0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!SetFileTime 7C831CC0 5 Bytes JMP 00F17DE0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00F18080 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00F181C0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 00F179D0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!UnlockFile 7C8322EC 1 Byte [E9]
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!UnlockFile 7C8322EC 5 Bytes JMP 00F17FF0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!LockFile 7C832391 5 Bytes JMP 00F17F60 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!FindNextFileA 7C834EE1 5 Bytes JMP 00F18830 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!_hread 7C8353FE 5 Bytes JMP 00F18300 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!_llseek 7C835436 5 Bytes JMP 00F18440 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00F1A3C0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!GetShortPathNameA 7C835BE0 5 Bytes JMP 00F18910 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00F19EE0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!ReplaceFile 7C836C6C 5 Bytes JMP 00F1A650 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] kernel32.dll!_hwrite 7C838B17 5 Bytes JMP 00F183A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00F16240 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00F15CC0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 00F16070 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00F15E70 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00F157A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00F15980 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] GDI32.dll!CopyEnhMetaFileW 77F270CC 5 Bytes JMP 00F16C70 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] GDI32.dll!CopyMetaFileW 77F2C3ED 5 Bytes JMP 00F16A60 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] GDI32.dll!CopyMetaFileA 77F2C52B 5 Bytes JMP 00F16630 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] GDI32.dll!GetMetaFileW 77F3853D 5 Bytes JMP 00F16840 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] GDI32.dll!GetEnhMetaFileW 77F397A3 5 Bytes JMP 00F16950 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] GDI32.dll!GetMetaFileA 77F44216 5 Bytes JMP 00F16410 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] GDI32.dll!StartDocW 77F45962 5 Bytes JMP 00F1D190 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] GDI32.dll!StartDocA 77F45E79 5 Bytes JMP 00F1C1E0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] GDI32.dll!GetEnhMetaFileA 77F4AE35 5 Bytes JMP 00F16520 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 00F161B0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 00F15B60 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 00F15C50 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] USER32.dll!PrintWindow 7E423810 5 Bytes JMP 00F16340 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] USER32.dll!GetDCEx 7E42C595 5 Bytes JMP 00F15BD0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\system32\spoolsv.exe[996] ole32.dll!DoDragDrop 775D0DBD 5 Bytes JMP 00F18F40 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.dll (Oracle IRM Library/Oracle Corporation)
.text C:\WINDOWS\System32\svchost.exe[1824] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0072000A
.text C:\WINDOWS\System32\svchost.exe[1824] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0073000A
.text C:\WINDOWS\System32\svchost.exe[1824] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0071000C
.text C:\WINDOWS\System32\svchost.exe[1824] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 006C000A
.text C:\WINDOWS\System32\svchost.exe[1824] USER32.dll!WindowFromPoint 7E429766 5 Bytes JMP 006D000A
.text C:\WINDOWS\System32\svchost.exe[1824] USER32.dll!GetForegroundWindow 7E429823 5 Bytes JMP 006E000A
.text C:\WINDOWS\System32\svchost.exe[1824] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00E9000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D7000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D8000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00A5000C
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] USER32.dll!TranslateMessage 7E418BF6 5 Bytes JMP 037D1DC2 C:\Documents and Settings\Carlos Bello\Application Data\Sun\xwrvspjuk92.dll (Browser Defender/ESET)
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] USER32.dll!GetClipboardData 7E430DBA 5 Bytes JMP 037D1C14 C:\Documents and Settings\Carlos Bello\Application Data\Sun\xwrvspjuk92.dll (Browser Defender/ESET)
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5027 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F59 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FC4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E2A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E508A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EEE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] SHELL32.dll!SHExtractIconsW 7CA05762 5 Bytes JMP 6FA15550 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] ole32.dll!CoUninitialize 7750133C 5 Bytes JMP 6FA0CA00 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] ole32.dll!CoInitializeEx 77501473 5 Bytes JMP 6FA0C9B0 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E538F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1868] ole32.dll!StgOpenStorageEx 7754EDA8 5 Bytes JMP 6FA0EE50 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\WINDOWS\Explorer.EXE[2808] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D1000A
.text C:\WINDOWS\Explorer.EXE[2808] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00D2000A
.text C:\WINDOWS\Explorer.EXE[2808] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C6000C
.text C:\WINDOWS\Explorer.EXE[2808] ole32.dll!CoCreateInstance 774FF1AC 8 Bytes JMP 003A7860 C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL (Sophos Buffer Overrun Protection/Sophos Plc)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00FE6E80 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00FE8E40 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] ntdll.dll!NtQueryDirectoryFile 7C90D76E 5 Bytes JMP 00FE5640 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!ReadFile 7C801812 5 Bytes JMP 00FE6FF0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FE9040 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 00FE8A60 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 00FE7B70 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!OpenFileMappingW 7C80BB7A 5 Bytes JMP 00FE8D20 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!DuplicateHandle 7C80DE9E 5 Bytes JMP 00FEA750 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 00FE86B0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!FindClose 7C80EE77 5 Bytes JMP 00FE87C0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!FindFirstFileW 7C80EF81 5 Bytes JMP 00FE85C0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!FindNextFileW 7C80EFDA 5 Bytes JMP 00FE88A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FE9560 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 00FE7900 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!GetFileSize 7C810B17 5 Bytes JMP 00FE7830 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!SetFilePointer 7C810C2E 5 Bytes JMP 00FE75A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!WriteFile 7C810E27 5 Bytes JMP 00FE7270 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!GetFileType 7C810EF1 5 Bytes JMP 00FE7EE0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00FE7BF0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!GetFileAttributesA 7C8115DC 5 Bytes JMP 00FE7AF0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!FlushFileBuffers 7C8126E1 5 Bytes JMP 00FE7520 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!FindFirstFileA 7C813879 5 Bytes JMP 00FE84D0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 00FE76F0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00FEA150 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00FE9AA0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00FE9CC0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!GetFileTime 7C831C4D 5 Bytes JMP 00FE7CE0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!SetFileTime 7C831CC0 5 Bytes JMP 00FE7DE0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00FE8080 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00FE81C0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 00FE79D0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!UnlockFile 7C8322EC 1 Byte [E9]
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!UnlockFile 7C8322EC 5 Bytes JMP 00FE7FF0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!LockFile 7C832391 5 Bytes JMP 00FE7F60 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!FindNextFileA 7C834EE1 5 Bytes JMP 00FE8830 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!_hread 7C8353FE 5 Bytes JMP 00FE8300 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!_llseek 7C835436 5 Bytes JMP 00FE8440 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00FEA3C0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!GetShortPathNameA 7C835BE0 5 Bytes JMP 00FE8910 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00FE9EE0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!ReplaceFile 7C836C6C 5 Bytes JMP 00FEA650 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] kernel32.dll!_hwrite 7C838B17 5 Bytes JMP 00FE83A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 00FE6240 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00FE5CC0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] GDI32.dll!StretchBlt 77F1B6D0 5 Bytes JMP 00FE6070 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 00FE5E70 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00FE57A0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 00FE5980 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] GDI32.dll!CopyEnhMetaFileW 77F270CC 5 Bytes JMP 00FE6C70 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] GDI32.dll!CopyMetaFileW 77F2C3ED 5 Bytes JMP 00FE6A60 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] GDI32.dll!CopyMetaFileA 77F2C52B 5 Bytes JMP 00FE6630 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] GDI32.dll!GetMetaFileW 77F3853D 5 Bytes JMP 00FE6840 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] GDI32.dll!GetEnhMetaFileW 77F397A3 5 Bytes JMP 00FE6950 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] GDI32.dll!GetMetaFileA 77F44216 5 Bytes JMP 00FE6410 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] GDI32.dll!StartDocW 77F45962 5 Bytes JMP 00FED190 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] GDI32.dll!StartDocA 77F45E79 5 Bytes JMP 00FEC1E0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] GDI32.dll!GetEnhMetaFileA 77F4AE35 5 Bytes JMP 00FE6520 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] USER32.dll!ReleaseDC 7E41869D 5 Bytes JMP 00FE61B0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] USER32.dll!GetDC 7E4186C7 5 Bytes JMP 00FE5B60 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] USER32.dll!GetWindowDC 7E419021 5 Bytes JMP 00FE5C50 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] USER32.dll!PrintWindow 7E423810 5 Bytes JMP 00FE6340 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] USER32.dll!GetDCEx 7E42C595 5 Bytes JMP 00FE5BD0 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)
.text C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe[3848] ole32.dll!DoDragDrop 775D0DBD 5 Bytes JMP 00FE8F40 C:\Program Files\Oracle\Information Rights Management\Desktop\SEALNT.DLL (Oracle IRM Library/Oracle Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8733C27F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8733C27F
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8733C27F
Device \FileSystem\Fastfat \Fat A9677D20

AttachedDevice \FileSystem\Fastfat \Fat savonaccessfilter.sys (SAV On-access and HIPS for Windows XP (x86)/Sophos Plc)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskTOSHIBA_MK8026GAX_______________________PA002D__#5&17ce0675&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:41 PM

Posted 01 April 2011 - 06:59 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________


Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.


NEXT:



Running OTL

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


NEXT:


Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 esoterica81

esoterica81
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 01 April 2011 - 09:45 PM

2011/04/01 19:23:40.0109 3908 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/01 19:23:40.0515 3908 ================================================================================
2011/04/01 19:23:40.0515 3908 SystemInfo:
2011/04/01 19:23:40.0515 3908
2011/04/01 19:23:40.0515 3908 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/01 19:23:40.0515 3908 Product type: Workstation
2011/04/01 19:23:40.0515 3908 ComputerName: CARLOS
2011/04/01 19:23:40.0515 3908 UserName: Carlos Bello
2011/04/01 19:23:40.0515 3908 Windows directory: C:\WINDOWS
2011/04/01 19:23:40.0515 3908 System windows directory: C:\WINDOWS
2011/04/01 19:23:40.0515 3908 Processor architecture: Intel x86
2011/04/01 19:23:40.0515 3908 Number of processors: 1
2011/04/01 19:23:40.0515 3908 Page size: 0x1000
2011/04/01 19:23:40.0515 3908 Boot type: Normal boot
2011/04/01 19:23:40.0515 3908 ================================================================================
2011/04/01 19:23:42.0656 3908 Initialize success
2011/04/01 19:23:49.0781 1760 ================================================================================
2011/04/01 19:23:49.0781 1760 Scan started
2011/04/01 19:23:49.0781 1760 Mode: Manual;
2011/04/01 19:23:49.0781 1760 ================================================================================
2011/04/01 19:23:54.0828 1760 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/04/01 19:23:54.0968 1760 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/01 19:23:55.0046 1760 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/01 19:23:55.0125 1760 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/04/01 19:23:55.0218 1760 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/04/01 19:23:55.0343 1760 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/04/01 19:23:55.0453 1760 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/04/01 19:23:55.0546 1760 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/04/01 19:23:55.0640 1760 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/04/01 19:23:55.0718 1760 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/04/01 19:23:55.0828 1760 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/04/01 19:23:55.0906 1760 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/04/01 19:23:56.0015 1760 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/04/01 19:23:56.0093 1760 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/04/01 19:23:56.0171 1760 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/04/01 19:23:56.0250 1760 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/04/01 19:23:56.0359 1760 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/04/01 19:23:56.0453 1760 ApfiltrService (aeb775a2bae0f392ba6adc0bb706233a) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
2011/04/01 19:23:56.0562 1760 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/04/01 19:23:56.0656 1760 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/04/01 19:23:56.0734 1760 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/04/01 19:23:56.0859 1760 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/04/01 19:23:56.0937 1760 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/04/01 19:23:57.0046 1760 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/04/01 19:23:57.0140 1760 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/01 19:23:57.0265 1760 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/01 19:23:57.0453 1760 ati2mtag (5b75176663f88e90f14a87e57b8562a4) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/04/01 19:23:57.0578 1760 ATIXPGAA (f21a181099887722a775d575e51ecf3d) C:\Dell\Drivers\R101351\ATIXPGAA.SYS
2011/04/01 19:23:57.0656 1760 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/01 19:23:57.0734 1760 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/01 19:23:57.0828 1760 bcm4sbxp (78123f44be9e4768852a3a017e02d637) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/04/01 19:23:57.0984 1760 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/01 19:23:58.0093 1760 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/04/01 19:23:58.0109 1760 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys
2011/04/01 19:23:58.0218 1760 BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
2011/04/01 19:23:58.0343 1760 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/04/01 19:23:58.0421 1760 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/01 19:23:58.0515 1760 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/01 19:23:58.0578 1760 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/04/01 19:23:58.0656 1760 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/01 19:23:58.0750 1760 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/01 19:23:58.0828 1760 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/01 19:23:59.0031 1760 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/04/01 19:23:59.0109 1760 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/04/01 19:23:59.0203 1760 CoachUsb (7a0b457eefef8cbaa0cc44c8819113bd) C:\WINDOWS\system32\DRIVERS\CoachUsb.sys
2011/04/01 19:23:59.0312 1760 CoachVc (614ca0bfa09861e42ad8d14b83540758) C:\WINDOWS\system32\DRIVERS\CoachVc.sys
2011/04/01 19:23:59.0421 1760 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/04/01 19:23:59.0531 1760 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/04/01 19:23:59.0625 1760 CVirtA (5c706c06c1279952d2cc1a609ca948bf) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2011/04/01 19:23:59.0718 1760 CVPNDRVA (5ba042bcab6246c6bba51606afd7b488) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2011/04/01 19:23:59.0812 1760 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/04/01 19:23:59.0906 1760 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/04/01 19:24:00.0203 1760 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/01 19:24:00.0312 1760 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/01 19:24:00.0390 1760 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/01 19:24:00.0468 1760 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/01 19:24:00.0562 1760 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/01 19:24:00.0687 1760 DNE (2eddbb3ef1dd5a28cb07c149d36e7286) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2011/04/01 19:24:00.0796 1760 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/04/01 19:24:00.0875 1760 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/01 19:24:00.0968 1760 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys
2011/04/01 19:24:01.0250 1760 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys
2011/04/01 19:24:01.0484 1760 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/04/01 19:24:01.0671 1760 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/04/01 19:24:01.0828 1760 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/04/01 19:24:02.0328 1760 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/01 19:24:02.0453 1760 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/01 19:24:02.0578 1760 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/01 19:24:02.0687 1760 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/01 19:24:02.0781 1760 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/04/01 19:24:02.0875 1760 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/01 19:24:02.0968 1760 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/01 19:24:03.0265 1760 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/01 19:24:03.0390 1760 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/01 19:24:03.0515 1760 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/04/01 19:24:03.0640 1760 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/04/01 19:24:03.0765 1760 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/04/01 19:24:03.0828 1760 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/04/01 19:24:03.0968 1760 HSFHWICH (140ba850417896b6b3322048de280368) C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
2011/04/01 19:24:04.0187 1760 HSF_DP (b2dfc168d6f7512faea085253c5a37ad) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/04/01 19:24:04.0390 1760 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/01 19:24:04.0562 1760 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/04/01 19:24:04.0640 1760 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/04/01 19:24:04.0765 1760 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/01 19:24:04.0843 1760 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/01 19:24:04.0968 1760 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/04/01 19:24:05.0343 1760 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/01 19:24:05.0796 1760 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/01 19:24:06.0578 1760 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/04/01 19:24:06.0718 1760 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/01 19:24:06.0890 1760 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/01 19:24:07.0125 1760 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/01 19:24:07.0203 1760 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/01 19:24:07.0328 1760 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/01 19:24:07.0453 1760 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/01 19:24:07.0546 1760 IWCA (872d090ca5c306f62d1982bce6302376) C:\WINDOWS\system32\DRIVERS\iwca.sys
2011/04/01 19:24:07.0734 1760 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/01 19:24:07.0937 1760 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/01 19:24:08.0218 1760 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/01 19:24:08.0421 1760 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/04/01 19:24:08.0531 1760 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/01 19:24:08.0656 1760 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/01 19:24:08.0796 1760 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/01 19:24:08.0937 1760 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/01 19:24:09.0093 1760 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/01 19:24:09.0203 1760 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/04/01 19:24:09.0296 1760 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/01 19:24:09.0500 1760 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/01 19:24:09.0640 1760 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/01 19:24:09.0750 1760 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/01 19:24:09.0843 1760 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/01 19:24:09.0984 1760 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/01 19:24:10.0203 1760 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/01 19:24:10.0296 1760 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/01 19:24:10.0375 1760 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/01 19:24:10.0500 1760 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/01 19:24:10.0687 1760 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/01 19:24:10.0796 1760 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/01 19:24:10.0875 1760 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/01 19:24:10.0953 1760 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/01 19:24:11.0171 1760 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/01 19:24:11.0265 1760 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/01 19:24:11.0390 1760 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/01 19:24:11.0468 1760 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/01 19:24:11.0593 1760 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/04/01 19:24:11.0703 1760 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/01 19:24:11.0843 1760 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/01 19:24:11.0984 1760 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/01 19:24:12.0312 1760 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/04/01 19:24:12.0453 1760 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/01 19:24:12.0515 1760 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/01 19:24:12.0609 1760 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/04/01 19:24:12.0734 1760 omci (b17228142cec9b3c222239fd935a37ca) C:\WINDOWS\system32\DRIVERS\omci.sys
2011/04/01 19:24:12.0812 1760 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/01 19:24:13.0000 1760 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/01 19:24:13.0187 1760 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/01 19:24:13.0281 1760 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/01 19:24:13.0515 1760 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/01 19:24:13.0609 1760 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/04/01 19:24:14.0453 1760 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/04/01 19:24:14.0546 1760 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/04/01 19:24:14.0703 1760 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/01 19:24:14.0828 1760 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/01 19:24:14.0921 1760 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/01 19:24:15.0187 1760 PxHelp20 (7c81ae3c9b82ba2da437ed4d31bc56cf) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/01 19:24:15.0359 1760 QCDonner (fddd1aeb9f81ef1e6e48ae1edc2a97d6) C:\WINDOWS\system32\DRIVERS\OVCD.sys
2011/04/01 19:24:15.0437 1760 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/04/01 19:24:15.0562 1760 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/04/01 19:24:15.0640 1760 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/04/01 19:24:15.0750 1760 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/04/01 19:24:15.0843 1760 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/04/01 19:24:15.0921 1760 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/01 19:24:16.0171 1760 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/01 19:24:16.0281 1760 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/01 19:24:16.0375 1760 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/01 19:24:16.0453 1760 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/01 19:24:16.0531 1760 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/01 19:24:16.0671 1760 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/04/01 19:24:16.0812 1760 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/01 19:24:16.0953 1760 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/01 19:24:17.0140 1760 RT73 (bf4709c002d632170dc15a282813d6b3) C:\WINDOWS\system32\DRIVERS\rt73.sys
2011/04/01 19:24:17.0281 1760 s24trans (81aa6f0d6a2be1c550f814b036215888) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/04/01 19:24:17.0406 1760 SAVOnAccessControl (d9df915972694b5274facc8d00492acd) C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
2011/04/01 19:24:17.0515 1760 SAVOnAccessFilter (31b35cca652a3553fa4fb99ea79c35bf) C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
2011/04/01 19:24:17.0625 1760 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/04/01 19:24:17.0703 1760 sdcfilter (a957fd57a6ae1597943e4590de10669b) C:\WINDOWS\system32\DRIVERS\sdcfilter.sys
2011/04/01 19:24:17.0812 1760 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/01 19:24:17.0921 1760 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/01 19:24:18.0218 1760 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/01 19:24:18.0328 1760 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/04/01 19:24:18.0421 1760 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/04/01 19:24:18.0546 1760 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/01 19:24:18.0765 1760 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/04/01 19:24:18.0859 1760 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/01 19:24:18.0968 1760 SophosBootDriver (3bdf94e0827d13e44249a646f6c0eb7c) C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys
2011/04/01 19:24:19.0171 1760 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/04/01 19:24:19.0250 1760 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/01 19:24:19.0359 1760 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/01 19:24:19.0468 1760 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/01 19:24:19.0609 1760 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys
2011/04/01 19:24:19.0718 1760 SSKBFD (8564bc9598be1705477b7fa61d657c2b) C:\WINDOWS\system32\Drivers\sskbfd.sys
2011/04/01 19:24:19.0812 1760 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys
2011/04/01 19:24:19.0906 1760 STAC97 (305cc42945a713347f978d78566113f3) C:\WINDOWS\system32\drivers\STAC97.sys
2011/04/01 19:24:20.0156 1760 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/01 19:24:20.0265 1760 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/01 19:24:20.0406 1760 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/01 19:24:20.0515 1760 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/04/01 19:24:20.0625 1760 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/04/01 19:24:20.0750 1760 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/04/01 19:24:20.0828 1760 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/04/01 19:24:20.0968 1760 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/01 19:24:21.0234 1760 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/01 19:24:21.0359 1760 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/01 19:24:21.0421 1760 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/01 19:24:21.0500 1760 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/01 19:24:22.0000 1760 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys
2011/04/01 19:24:22.0296 1760 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys
2011/04/01 19:24:22.0406 1760 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys
2011/04/01 19:24:22.0484 1760 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys
2011/04/01 19:24:22.0593 1760 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys
2011/04/01 19:24:22.0671 1760 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys
2011/04/01 19:24:22.0890 1760 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys
2011/04/01 19:24:23.0640 1760 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys
2011/04/01 19:24:24.0250 1760 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys
2011/04/01 19:24:24.0859 1760 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/04/01 19:24:24.0968 1760 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/01 19:24:25.0125 1760 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/04/01 19:24:25.0234 1760 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/01 19:24:25.0375 1760 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/01 19:24:25.0562 1760 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/01 19:24:25.0640 1760 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/01 19:24:25.0718 1760 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/01 19:24:25.0812 1760 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/01 19:24:25.0906 1760 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/01 19:24:26.0000 1760 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/01 19:24:26.0125 1760 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/01 19:24:26.0203 1760 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/04/01 19:24:26.0296 1760 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/04/01 19:24:26.0390 1760 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/04/01 19:24:26.0531 1760 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/01 19:24:26.0625 1760 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
2011/04/01 19:24:26.0875 1760 w29n51 (f0f902220910c4fbe42a51964bd33599) C:\WINDOWS\system32\DRIVERS\w29n51.sys
2011/04/01 19:24:27.0234 1760 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/01 19:24:27.0437 1760 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
2011/04/01 19:24:27.0640 1760 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/01 19:24:27.0796 1760 winachsf (2dc7c0b6175a0a8ed84a4f70199c93b5) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/04/01 19:24:28.0015 1760 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
2011/04/01 19:24:28.0187 1760 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/04/01 19:24:28.0281 1760 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/01 19:24:28.0437 1760 WudfPf (eaa6324f51214d2f6718977ec9ce0def) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/01 19:24:28.0593 1760 WudfRd (f91ff1e51fca30b3c3981db7d5924252) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/01 19:24:28.0750 1760 zumbus (337b9607f041b77824411750069aff2d) C:\WINDOWS\system32\DRIVERS\zumbus.sys
2011/04/01 19:24:28.0890 1760 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/01 19:24:28.0921 1760 ================================================================================
2011/04/01 19:24:28.0921 1760 Scan finished
2011/04/01 19:24:28.0921 1760 ================================================================================
2011/04/01 19:24:28.0953 2388 Detected object count: 1
2011/04/01 19:25:01.0359 2388 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/01 19:25:01.0359 2388 \HardDisk0 - ok
2011/04/01 19:25:01.0359 2388 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/01 19:25:19.0453 1984 Deinitialize success



OTL REPORT

OTL logfile created on: 4/1/2011 7:35:03 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Carlos Bello\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 515.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.28 Gb Total Space | 44.00 Gb Free Space | 62.60% Space Free | Partition Type: NTFS

Computer Name: CARLOS | User Name: Carlos Bello | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/01 19:34:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carlos Bello\Desktop\OTL.exe
PRC - [2011/03/22 17:35:24 | 001,541,360 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2011/03/22 16:32:22 | 000,163,056 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2011/03/22 16:05:21 | 000,230,640 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2011/03/22 11:03:49 | 000,439,536 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2010/11/11 14:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneBusEnum.exe
PRC - [2010/10/07 11:48:20 | 000,371,072 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe
PRC - [2010/01/20 16:07:54 | 000,172,544 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
PRC - [2008/12/08 16:50:04 | 000,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
PRC - [2008/09/08 08:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2007/03/07 11:54:06 | 000,202,280 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
PRC - [2007/03/07 11:53:58 | 000,198,184 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\twc\medicsp2\bin\sprtcmd.exe
PRC - [2007/01/04 14:38:18 | 000,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2006/04/20 09:34:26 | 001,520,688 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2004/12/21 21:28:58 | 000,602,220 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe
PRC - [2004/10/30 12:59:54 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004/09/13 14:33:20 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/09/07 14:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2004/09/07 14:08:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/08/19 12:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe


========== Modules (SafeList) ==========

MOD - [2011/04/01 19:34:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carlos Bello\Desktop\OTL.exe
MOD - [2011/03/22 17:43:39 | 000,234,408 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/03/07 11:54:02 | 000,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\twc\medicsp2\bin\sprthook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/03/22 17:35:24 | 001,541,360 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2011/03/22 17:18:47 | 000,097,520 | ---- | M] (Sophos Plc) [Unknown | Stopped] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011/03/22 16:32:22 | 000,163,056 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2011/03/22 16:05:21 | 000,230,640 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2010/11/11 14:57:04 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2010/11/11 14:57:02 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/11/11 14:55:56 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2010/11/11 14:55:56 | 000,057,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Zune\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2008/09/08 08:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/03/07 11:54:06 | 000,202,280 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\twc\medicsp2\bin\sprtsvc.exe -- (sprtsvc_medicsp2) SupportSoft Sprocket Service (medicsp2)
SRV - [2006/11/03 10:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/04/20 09:34:26 | 001,520,688 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2006/01/13 17:28:18 | 000,077,824 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpbpro.exe -- (HP Port Resolver)
SRV - [2006/01/13 17:28:18 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpboid.exe -- (HP Status Server)
SRV - [2004/12/21 21:28:58 | 000,602,220 | ---- | M] (Executive Software International, Inc.) [Auto | Running] -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2004/09/07 14:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)


========== Driver Services (SafeList) ==========

DRV - [2011/03/22 17:30:38 | 000,024,064 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter)
DRV - [2011/03/22 17:23:52 | 000,023,928 | ---- | M] (Sophos Plc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sdcfilter.sys -- (sdcfilter)
DRV - [2011/03/22 17:18:47 | 000,153,344 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl)
DRV - [2011/03/11 23:10:39 | 000,014,976 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2008/06/18 08:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/01/04 21:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/04/20 09:33:40 | 000,303,740 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2005/09/12 12:01:20 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/08/02 15:00:36 | 000,232,192 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005/06/29 20:50:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2005/05/17 05:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/03/10 20:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/01/26 07:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/12/04 01:34:26 | 000,800,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/16 14:03:52 | 000,108,791 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/10/21 18:56:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/31 06:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/08/18 12:53:54 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2004/08/12 06:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/06/17 18:57:02 | 000,200,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/06/17 18:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 18:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/26 18:18:18 | 000,044,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/02/20 13:31:30 | 000,012,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\dell\Drivers\R101351\ATIXPGAA.SYS -- (ATIXPGAA)
DRV - [2004/02/13 14:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-498438405-1919081966-2996862342-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-21-498438405-1919081966-2996862342-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-498438405-1919081966-2996862342-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-498438405-1919081966-2996862342-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-498438405-1919081966-2996862342-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.usc.edu
IE - HKU\S-1-5-21-498438405-1919081966-2996862342-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-498438405-1919081966-2996862342-1005\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-498438405-1919081966-2996862342-1005\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
IE - HKU\S-1-5-21-498438405-1919081966-2996862342-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-498438405-1919081966-2996862342-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-498438405-1919081966-2996862342-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/31 20:53:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/31 20:53:22 | 000,000,000 | ---D | M]

[2011/03/31 20:53:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carlos Bello\Application Data\Mozilla\Extensions
[2011/03/31 20:53:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carlos Bello\Application Data\Mozilla\Firefox\Profiles\g98sufke.default\extensions
[2011/03/31 20:53:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carlos Bello\Application Data\Mozilla\Firefox\Profiles\g98sufke.default\extensions\{69D30031-F4A8-452a-A5B3-5D6787C3C5CF}
[2011/03/31 20:53:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carlos Bello\Application Data\Mozilla\Firefox\Profiles\g98sufke.default\extensions\toolbar@ask.com
[2011/03/31 20:54:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/27 17:37:08 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\CARLOS BELLO\APPLICATION DATA\MOVE NETWORKS
[2009/02/11 10:27:47 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/11 12:48:52 | 000,171,320 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2009/06/15 13:07:03 | 000,002,236 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\askcom.xml

O1 HOSTS File: ([2009/10/04 20:33:40 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Webroot Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Webroot Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-498438405-1919081966-2996862342-1005\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-21-498438405-1919081966-2996862342-1005\..\Toolbar\WebBrowser: (Webroot Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-498438405-1919081966-2996862342-1005\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-498438405-1919081966-2996862342-1005\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Executive Software\Diskeeper\DkIcon.exe (Executive Software International, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb12.exe (HP)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [medicsp2] C:\Program Files\twc\medicsp2\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [sealmon.exe] C:\Program Files\Oracle\Information Rights Management\Desktop\sealmon.exe (Oracle Corporation)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-498438405-1919081966-2996862342-1005..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\.DEFAULT..\RunOnce: [oCh06504nOnCj06504] C:\Documents and Settings\All Users\Application Data\oCh06504nOnCj06504\oCh06504nOnCj06504.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [SWHelper] C:\WINDOWS\System32\Macromed\Shockwave 8\PostUpdate.exe ()
O4 - HKU\S-1-5-18..\RunOnce: [oCh06504nOnCj06504] C:\Documents and Settings\All Users\Application Data\oCh06504nOnCj06504\oCh06504nOnCj06504.exe ()
O4 - HKU\S-1-5-18..\RunOnce: [SWHelper] C:\WINDOWS\System32\Macromed\Shockwave 8\PostUpdate.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.1 HD Edition.lnk = C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-498438405-1919081966-2996862342-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 5.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www.costcophotocenter.com/CostcoActivia.cab (Snapfish Activia)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} http://www.trendmicro.com/spyware-scan/as4web.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} http://pccheckup.dellfix.com/rel/41/install/gtdownde.cab (Dell PC Checkup Installer Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\itlnfw32: DllName - itlnfw32.dll - C:\WINDOWS\System32\itlnfw32.dll ()
O20 - Winlogon\Notify\itlntfy: DllName - itlnfw32.dll - C:\WINDOWS\System32\itlnfw32.dll ()
O24 - Desktop Components:1 (Warning homepage) - C:\WINDOWS\warnhp.html
O24 - Desktop WallPaper: C:\Documents and Settings\Carlos Bello\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Carlos Bello\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 15:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: doskclip - (C:\WINDOWS\system32\bootdosx.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/01 19:34:44 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Carlos Bello\Desktop\OTL.exe
[2011/04/01 11:26:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-TW
[2011/04/01 11:26:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\zh-HK
[2011/04/01 11:26:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\tr-TR
[2011/04/01 11:26:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\sv-SE
[2011/04/01 11:26:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\nb-NO
[2011/04/01 11:26:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ko-KR
[2011/04/01 11:26:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\he-IL
[2011/04/01 11:26:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fi-FI
[2011/04/01 11:26:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\el-GR
[2011/04/01 11:26:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\da-DK
[2011/04/01 11:26:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ar-SA
[2011/04/01 10:04:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\oCh06504nOnCj06504
[2011/04/01 02:59:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/03/31 22:38:40 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2011/03/31 21:43:01 | 012,580,112 | ---- | C] (Mozilla) -- C:\Documents and Settings\Carlos Bello\Desktop\Firefox Setup 4.0.exe
[2011/03/31 20:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/03/31 20:53:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2011/03/31 20:46:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
[2011/03/31 20:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2011/03/31 20:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence
[2011/03/31 20:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\Skype
[2011/03/31 20:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/03/31 20:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/03/31 20:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carlos Bello\Application Data\Skype
[2011/03/30 15:52:08 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/03/29 22:44:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/03/29 12:30:16 | 022,318,768 | ---- | C] (Hewlett-Packard Company ) -- C:\Documents and Settings\Carlos Bello\Desktop\6800_enu_win2k_xp.exe
[2011/03/28 19:37:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PE Builder
[2011/03/28 19:37:55 | 000,000,000 | ---D | C] -- C:\pebuilder3110a
[2011/03/28 19:37:19 | 003,306,678 | ---- | C] (Bart Lagerweij ) -- C:\pebuilder3110a.exe
[2011/03/28 18:23:32 | 331,805,736 | ---- | C] (Microsoft Corporation) -- C:\XPSP3.exe
[2011/03/28 17:21:55 | 000,000,000 | ---D | C] -- C:\XPSETUP
[2011/03/28 16:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carlos Bello\Application Data\ImgBurn
[2011/03/28 16:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2011/03/28 16:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/03/28 16:36:10 | 005,514,668 | ---- | C] (LIGHTNING UK!) -- C:\SetupImgBurn_2.5.5.0(2).exe
[2011/03/28 16:14:04 | 005,514,668 | ---- | C] (LIGHTNING UK!) -- C:\SetupImgBurn_2.5.5.0.exe
[2011/03/27 19:30:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2011/03/27 19:29:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carlos Bello\Local Settings\Application Data\Panasonic
[2011/03/27 18:32:52 | 000,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICSDK2.dll
[2011/03/27 18:32:52 | 000,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICEntry.dll
[2011/03/27 18:32:52 | 000,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICSDK.dll
[2011/03/27 18:32:51 | 000,120,992 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EpPicPrt.dll
[2011/03/27 18:32:51 | 000,071,840 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EPPicMgr.dll
[2011/03/27 18:32:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Carlos Bello\Application Data\InstallShield
[2011/03/27 18:27:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panasonic
[2011/03/27 18:27:11 | 000,033,408 | ---- | C] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\cdrbsdrv.sys
[2011/03/27 18:27:06 | 000,145,504 | ---- | C] (B.H.A Corporation) -- C:\WINDOWS\System32\bgsvcgen.exe
[2011/03/27 18:27:04 | 000,059,488 | ---- | C] (B.H.A Corporation) -- C:\WINDOWS\System32\GenSvcInst.exe
[2011/03/27 18:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Panasonic
[2011/03/27 18:25:47 | 000,000,000 | ---D | C] -- C:\Program Files\Panasonic
[2011/03/27 18:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/03/27 18:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/03/24 09:01:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2011/03/24 09:01:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011/03/24 08:35:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/03/23 23:56:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/03/23 10:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/03/23 03:31:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/03/22 17:54:26 | 000,131,824 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\sdccoinstaller.dll
[2011/03/22 17:52:30 | 000,028,912 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SophosBootTasks.exe
[2011/03/22 17:23:52 | 000,023,928 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\drivers\sdcfilter.sys
[2011/03/22 17:22:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/03/22 17:06:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/22 17:06:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/03/15 18:03:10 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2011/03/15 18:02:49 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2011/03/15 18:02:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011/03/15 17:53:04 | 078,997,936 | ---- | C] (Nero AG) -- C:\Documents and Settings\Carlos Bello\Desktop\Nero_BurningROM-10.5.10300_trial.exe
[2011/03/15 17:24:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2011/03/11 23:46:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Carlos Bello\My Documents\*.tmp files -> C:\Documents and Settings\Carlos Bello\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Carlos Bello\Desktop\*.tmp files -> C:\Documents and Settings\Carlos Bello\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/01 19:34:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carlos Bello\Desktop\OTL.exe
[2011/04/01 19:34:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/01 19:30:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/01 19:28:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/04/01 19:27:56 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/01 19:27:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/01 19:17:42 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Carlos Bello\Desktop\tdsskiller.zip
[2011/04/01 14:01:01 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/04/01 13:08:56 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Carlos Bello\Desktop\dds.scr
[2011/04/01 13:07:03 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Carlos Bello\defogger_reenable
[2011/04/01 13:06:26 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Carlos Bello\Desktop\Defogger.exe
[2011/04/01 10:49:55 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/04/01 08:41:52 | 000,356,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/01 01:41:20 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/03/31 21:43:04 | 012,580,112 | ---- | M] (Mozilla) -- C:\Documents and Settings\Carlos Bello\Desktop\Firefox Setup 4.0.exe
[2011/03/31 20:32:25 | 000,016,022 | -HS- | M] () -- C:\Documents and Settings\Carlos Bello\Local Settings\Application Data\85c41t1n5cbla04i6352uvj1206w3hx3tpr218awhu85420
[2011/03/31 20:32:25 | 000,016,022 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\85c41t1n5cbla04i6352uvj1206w3hx3tpr218awhu85420
[2011/03/31 16:25:12 | 000,002,881 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2011/03/29 13:11:24 | 000,024,119 | ---- | M] () -- C:\WINDOWS\hpf6800m.his
[2011/03/29 12:59:11 | 000,245,989 | ---- | M] () -- C:\WINDOWS\hpdj6800.his
[2011/03/29 12:51:28 | 000,005,832 | ---- | M] () -- C:\WINDOWS\hpdj6800.ini
[2011/03/29 12:45:48 | 000,001,427 | ---- | M] () -- C:\WINDOWS\hpf6800m.ini
[2011/03/29 12:34:40 | 000,004,764 | ---- | M] () -- C:\WINDOWS\hpf6800m.hi1
[2011/03/29 12:34:40 | 000,002,228 | ---- | M] () -- C:\WINDOWS\hpf6800m.bu1
[2011/03/29 12:34:24 | 000,042,092 | ---- | M] () -- C:\WINDOWS\hpdj6800.hi1
[2011/03/29 12:34:24 | 000,004,646 | ---- | M] () -- C:\WINDOWS\hpdj6800.bu1
[2011/03/29 12:30:53 | 022,318,768 | ---- | M] (Hewlett-Packard Company ) -- C:\Documents and Settings\Carlos Bello\Desktop\6800_enu_win2k_xp.exe
[2011/03/28 19:38:32 | 000,493,547 | ---- | M] () -- C:\xpe-1.0.7.cab
[2011/03/28 19:37:24 | 003,306,678 | ---- | M] (Bart Lagerweij ) -- C:\pebuilder3110a.exe
[2011/03/28 18:31:42 | 331,805,736 | ---- | M] (Microsoft Corporation) -- C:\XPSP3.exe
[2011/03/28 17:29:57 | 000,001,233 | ---- | M] () -- C:\XPSETUP.ibb
[2011/03/28 16:40:44 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Carlos Bello\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/03/28 16:40:44 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/03/28 16:36:13 | 005,514,668 | ---- | M] (LIGHTNING UK!) -- C:\SetupImgBurn_2.5.5.0(2).exe
[2011/03/28 16:27:11 | 000,004,145 | ---- | M] () -- C:\wxp10.zip
[2011/03/28 16:14:41 | 005,514,668 | ---- | M] (LIGHTNING UK!) -- C:\SetupImgBurn_2.5.5.0.exe
[2011/03/27 18:54:21 | 000,001,043 | ---- | M] () -- C:\Documents and Settings\Carlos Bello\Desktop\magicJack.lnk
[2011/03/27 18:32:25 | 000,002,089 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.1 HD Edition.lnk
[2011/03/24 22:11:06 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/22 19:47:05 | 000,034,816 | ---- | M] () -- C:\WINDOWS\System32\itlnfw32.dll
[2011/03/22 17:43:34 | 000,131,824 | ---- | M] (Sophos Plc) -- C:\WINDOWS\System32\sdccoinstaller.dll
[2011/03/22 17:30:38 | 000,024,064 | ---- | M] (Sophos Plc) -- C:\WINDOWS\System32\drivers\savonaccessfilter.sys
[2011/03/22 17:23:52 | 000,023,928 | ---- | M] (Sophos Plc) -- C:\WINDOWS\System32\drivers\sdcfilter.sys
[2011/03/22 17:18:48 | 000,028,912 | ---- | M] (Sophos Plc) -- C:\WINDOWS\System32\SophosBootTasks.exe
[2011/03/22 17:18:47 | 000,153,344 | ---- | M] (Sophos Plc) -- C:\WINDOWS\System32\drivers\savonaccesscontrol.sys
[2011/03/20 17:07:00 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Carlos Bello\Desktop\gmer.exe
[2011/03/19 09:47:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/15 17:54:14 | 078,997,936 | ---- | M] (Nero AG) -- C:\Documents and Settings\Carlos Bello\Desktop\Nero_BurningROM-10.5.10300_trial.exe
[2011/03/15 17:25:17 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Carlos Bello\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/13 17:57:56 | 000,405,878 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 17:57:56 | 000,064,262 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/12 01:15:19 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/11 23:10:39 | 000,014,976 | ---- | M] (Sophos Plc) -- C:\WINDOWS\System32\drivers\SophosBootDriver.sys
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Carlos Bello\My Documents\*.tmp files -> C:\Documents and Settings\Carlos Bello\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Carlos Bello\Desktop\*.tmp files -> C:\Documents and Settings\Carlos Bello\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/01 19:17:31 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Carlos Bello\Desktop\tdsskiller.zip
[2011/04/01 13:29:39 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Carlos Bello\Desktop\gmer.exe
[2011/04/01 13:08:28 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Carlos Bello\Desktop\dds.scr
[2011/04/01 13:07:03 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Carlos Bello\defogger_reenable
[2011/04/01 13:06:18 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Carlos Bello\Desktop\Defogger.exe
[2011/04/01 11:27:00 | 000,000,236 | ---- | C] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/04/01 10:49:54 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/03/31 20:02:04 | 000,016,022 | -HS- | C] () -- C:\Documents and Settings\Carlos Bello\Local Settings\Application Data\85c41t1n5cbla04i6352uvj1206w3hx3tpr218awhu85420
[2011/03/31 20:02:04 | 000,016,022 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\85c41t1n5cbla04i6352uvj1206w3hx3tpr218awhu85420
[2011/03/31 16:24:51 | 000,002,881 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2011/03/28 19:38:30 | 000,493,547 | ---- | C] () -- C:\xpe-1.0.7.cab
[2011/03/28 16:45:03 | 000,001,233 | ---- | C] () -- C:\XPSETUP.ibb
[2011/03/28 16:40:44 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\Carlos Bello\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2011/03/28 16:40:44 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2011/03/28 16:32:55 | 000,002,048 | ---- | C] () -- C:\w2ksect.bin
[2011/03/28 16:23:02 | 000,004,145 | ---- | C] () -- C:\wxp10.zip
[2011/03/27 18:32:52 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011/03/27 18:32:51 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011/03/27 18:32:51 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/03/27 18:32:51 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/03/27 18:32:51 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011/03/27 18:32:51 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011/03/27 18:32:51 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011/03/27 18:32:51 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011/03/27 18:32:51 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011/03/27 18:32:51 | 000,005,436 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_SC.cfg
[2011/03/27 18:32:51 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011/03/27 18:32:51 | 000,002,426 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_TC.cfg
[2011/03/27 18:32:51 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2011/03/27 18:32:51 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011/03/27 18:32:51 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011/03/27 18:32:51 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011/03/27 18:32:51 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011/03/27 18:32:51 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011/03/27 18:32:51 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2011/03/27 18:32:51 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2011/03/27 18:32:51 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011/03/27 18:32:50 | 000,013,732 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_EN.cfg
[2011/03/27 18:32:50 | 000,006,442 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_IT.cfg
[2011/03/27 18:32:50 | 000,006,347 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_PT.cfg
[2011/03/27 18:32:50 | 000,006,347 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_BP.cfg
[2011/03/27 18:32:50 | 000,006,335 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_GE.cfg
[2011/03/27 18:32:50 | 000,006,195 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_FR.cfg
[2011/03/27 18:32:50 | 000,006,195 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_CF.cfg
[2011/03/27 18:32:50 | 000,006,122 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_DU.cfg
[2011/03/27 18:32:50 | 000,006,103 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_ES.cfg
[2011/03/27 18:32:50 | 000,005,817 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_KO.cfg
[2011/03/27 18:32:50 | 000,002,889 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_RU.cfg
[2011/03/27 18:32:25 | 000,002,089 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 5.1 HD Edition.lnk
[2011/03/22 19:47:05 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\itlnfw32.dll
[2011/02/12 20:12:54 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2011/01/12 20:07:31 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2009/12/20 18:42:18 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/03/08 10:45:53 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/02/24 00:33:07 | 000,000,134 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2009/02/24 00:33:06 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2009/02/23 23:05:12 | 000,005,832 | ---- | C] () -- C:\WINDOWS\hpdj6800.ini
[2009/02/23 23:05:03 | 000,001,427 | ---- | C] () -- C:\WINDOWS\hpf6800m.ini
[2009/01/27 07:28:49 | 000,000,409 | ---- | C] () -- C:\WINDOWS\ArcView9x.INI
[2008/11/02 16:14:23 | 000,197,680 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/04/22 12:14:51 | 000,001,721 | -H-- | C] () -- C:\Program Files\hpothb07.tif
[2008/04/22 12:14:51 | 000,001,006 | -H-- | C] () -- C:\Program Files\hpothb07.dat
[2007/12/03 23:58:12 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2007/10/20 20:32:26 | 000,221,252 | ---- | C] () -- C:\WINDOWS\System32\maskDll.dll
[2007/10/20 20:32:26 | 000,200,776 | ---- | C] () -- C:\WINDOWS\System32\unMaskDLL.dll
[2007/08/13 07:15:19 | 000,221,184 | ---- | C] () -- C:\WINDOWS\MultiUninstall.exe
[2007/01/29 14:35:06 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/01/29 10:03:35 | 000,020,724 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2007/01/29 10:03:35 | 000,016,618 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2007/01/02 10:53:02 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Carlos Bello\Local Settings\Application Data\fusioncache.dat
[2007/01/02 10:51:51 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007/01/02 10:51:51 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007/01/02 10:51:51 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2007/01/02 10:51:04 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007/01/02 10:51:04 | 000,000,337 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2006/12/20 23:52:28 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/05 10:27:10 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/10/05 10:27:10 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/04/12 17:24:40 | 000,000,058 | ---- | C] () -- C:\WINDOWS\OSA.INI
[2006/01/13 17:28:28 | 000,001,385 | ---- | C] () -- C:\WINDOWS\hpfmdl6800.dat
[2006/01/13 17:28:28 | 000,000,242 | ---- | C] () -- C:\WINDOWS\hpfins6800.dat
[2005/11/16 01:04:52 | 000,037,027 | ---- | C] () -- C:\WINDOWS\atmoUn.exe
[2005/10/19 19:54:35 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2005/09/26 20:13:18 | 000,000,004 | ---- | C] () -- C:\WINDOWS\RM_RESULT.DAT
[2005/09/26 20:12:23 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/09/24 01:10:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005/09/23 00:21:03 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/09/22 20:19:16 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/09/22 10:43:50 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\USBDiskUtility.exe
[2005/09/22 10:43:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\diskicon.exe
[2005/09/20 02:30:40 | 000,026,900 | ---- | C] () -- C:\Documents and Settings\Carlos Bello\Application Data\wklnhst.dat
[2005/09/20 01:59:01 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Carlos Bello\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/09/19 21:15:51 | 000,099,965 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe
[2005/09/19 21:15:32 | 000,003,288 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005/09/19 20:18:08 | 000,000,483 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/09/12 12:10:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/09/12 12:04:50 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/09/12 12:00:05 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/09/12 11:58:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/09/12 11:50:48 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/09/12 11:25:30 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/09/12 11:25:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/09/12 11:24:32 | 000,000,372 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 15:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/12 06:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/08/11 15:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 15:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 15:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 15:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 15:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 15:06:43 | 000,356,160 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 15:00:45 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/11 15:00:45 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/11 15:00:45 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/11 15:00:45 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/11 15:00:45 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2004/08/11 15:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 15:00:28 | 000,405,878 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 15:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 15:00:28 | 000,064,262 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 15:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 15:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 15:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 15:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 15:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 15:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 15:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 15:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/07/22 15:22:24 | 000,193,584 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2003/01/07 13:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1997/06/25 16:24:16 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\RegObj.dll

< End of report >

Extras Report

OTL Extras logfile created on: 4/1/2011 7:35:03 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Carlos Bello\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 515.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.28 Gb Total Space | 44.00 Gb Free Space | 62.60% Space Free | Partition Type: NTFS

Computer Name: CARLOS | User Name: Carlos Bello | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-498438405-1919081966-2996862342-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:America Online 9.0
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe" = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe:*:Enabled:VPN Client -- (Cisco Systems, Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
"C:\Documents and Settings\Carlos Bello\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Carlos Bello\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{05410044-64A6-4248-A026-9745C1E9E159}" = Microsoft Encarta Encyclopedia Standard 2005
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14374619-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Simple Start Special Edition
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B722D25-2D0F-4D2A-A4B1-20DA962CCD47}" = Oracle IRM Desktop 5.5.20 10gR3 PR5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F34839E-4826-4B64-B1B3-42E5AE8DEC5A}" = ArcGIS Desktop
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A71E27C-07D2-4CB8-ACA9-165242416758}" = Digital Video
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{534C6D59-D6E3-48A6-AD0B-747799019960}" = XVID Codec Installation
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.9
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{93FB47FB-4FDF-4131-B5FD-7A37883868E7}" = hp psc 2170 series
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.1 HD Edition
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{9B2ADD3A-AFAF-4622-AC6F-C86FF36CC245}" = USB FLASH DISK UTILITY
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A0E8792C-11E1-42EF-844C-EB87E3AADD19}" = Larousse Multilingue
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0.8
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B18CEC65-463D-49CA-9D5F-19B63E48015D}" = Diskeeper Professional Edition
"{B1F69DF2-8C69-437E-A288-663326C4404A}" = USB Storage Driver
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7559288-223B-453C-9F06-340E3BE21E39}" = MyWay Search Assistant
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"ActiveTouchMeetingClient" = WebEx
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Toolbar" = AOL Toolbar 5.0
"AOL Toolbar 5.0" =
"ATI Display Driver" = ATI Display Driver
"Bibliorom 2" = Bibliorom Larousse 2.0
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem
"DVD Shrink_is1" = DVD Shrink 3.2
"ESPN RunTime" = ESPN RunTime
"GRE POWERPREP" = GRE POWERPREP
"HP PSC 2170 Series" = HP Photo and Imaging 2.0 - hp psc 2170 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Management Programs 2
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PE Builder_is1" = PE Builder 3.1.10a
"Picasa 3" = Picasa 3
"PictureItPrem_v10" = Microsoft Picture It! Premium 10
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"ProInst" = Intel® PROSet/Wireless Software
"Python 2.4.1" = Python 2.4.1
"Rainbow Client Activator 2.2 English" = Client Activator 2.2 - English (2)
"Rainbow Client Activator 2.2 English All" = Client Activator 2.2 - English (All)
"RealPlayer 6.0" = RealPlayer Basic
"Road Runner Install_is1" = Road Runner Install
"RoadRunnerMedic6.1_is1" = Road Runner Medic 6.1
"Shockwave" = Shockwave
"StreetPlugin" = Learn2 Player (Uninstall Only)
"UBCD4Win_is1" = UBCD4Win 3.60
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"Viewpoint Toolbar" = Viewpoint Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2005Setup" = Microsoft Works 2005 Setup Launcher
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Extras
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-498438405-1919081966-2996862342-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457
"magicJack" = magicJack
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/1/2011 2:36:12 PM | Computer Name = CARLOS | Source = MsiInstaller | ID = 10005
Description = Product: Sophos AutoUpdate -- Internal Error 2761.

Error - 4/1/2011 3:48:42 PM | Computer Name = CARLOS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 4/1/2011 3:48:43 PM | Computer Name = CARLOS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 4/1/2011 10:14:01 PM | Computer Name = CARLOS | Source = MsiInstaller | ID = 11308
Description = Product: Sophos AutoUpdate -- Error 1308.Source file not found: C:\Program
Files\Sophos\AutoUpdate\cache\sau\program files\Sophos\AutoUpdate\zh_cn\alhelp.chm.
Verify that the file exists and that you can access it.

Error - 4/1/2011 10:27:47 PM | Computer Name = CARLOS | Source = SophosAntiVirus | ID = 327693
Description = Bootstrap configuration file 'C:\Documents and Settings\All Users\Application
Data\Sophos\Sophos Anti-Virus\Config\bootstrap.xml' is missing.

Error - 4/1/2011 10:27:47 PM | Computer Name = CARLOS | Source = Sophos Anti-Virus | ID = 131086
Description = Error configuring ConfigurationManager.

Error - 4/1/2011 10:27:47 PM | Computer Name = CARLOS | Source = Sophos Anti-Virus | ID = 196631
Description = Error requesting component ConfigurationManager from ComponentManager.

Error - 4/1/2011 10:27:48 PM | Computer Name = CARLOS | Source = Sophos Anti-Virus | ID = 196608
Description = Exception caught in CInfrastructureModule::PreMessageLoop.

Error - 4/1/2011 10:29:27 PM | Computer Name = CARLOS | Source = MsiInstaller | ID = 1041
Description = Failed to begin a Windows Installer transaction {15C418EB-7675-42BE-B2B3-281952DA014D}.
Error 1618 occurred while beginning the transaction.

Error - 4/1/2011 10:30:05 PM | Computer Name = CARLOS | Source = MsiInstaller | ID = 11308
Description = Product: Sophos AutoUpdate -- Error 1308.Source file not found: C:\Program
Files\Sophos\AutoUpdate\cache\sau\program files\Sophos\AutoUpdate\zh_cn\alhelp.chm.
Verify that the file exists and that you can access it.

[ System Events ]
Error - 4/1/2011 2:18:58 PM | Computer Name = CARLOS | Source = DCOM | ID = 10010
Description = The server {FF20AFAB-E530-4277-A2EB-A9051D7E3435} did not register
with DCOM within the required timeout.

Error - 4/1/2011 2:19:36 PM | Computer Name = CARLOS | Source = DCOM | ID = 10010
Description = The server {BF515489-25C1-472D-8F02-378E6CC06B3C} did not register
with DCOM within the required timeout.

Error - 4/1/2011 2:20:43 PM | Computer Name = CARLOS | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 4/1/2011 2:34:04 PM | Computer Name = CARLOS | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 4/1/2011 2:34:10 PM | Computer Name = CARLOS | Source = Service Control Manager | ID = 7023
Description = The Sophos Anti-Virus service terminated with the following error:
%%2147500037

Error - 4/1/2011 2:35:34 PM | Computer Name = CARLOS | Source = Service Control Manager | ID = 7022
Description = The Sophos AutoUpdate Service service hung on starting.

Error - 4/1/2011 4:45:01 PM | Computer Name = CARLOS | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 4/1/2011 10:27:47 PM | Computer Name = CARLOS | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 4/1/2011 10:27:56 PM | Computer Name = CARLOS | Source = Service Control Manager | ID = 7023
Description = The Sophos Anti-Virus service terminated with the following error:
%%2147500037

Error - 4/1/2011 10:29:26 PM | Computer Name = CARLOS | Source = Service Control Manager | ID = 7022
Description = The Sophos AutoUpdate Service service hung on starting.


< End of report >


[b]THANK YOU. The problem appears to be resolved. Unfortunately, my computer is still running sloooowly.b]

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:41 PM

Posted 02 April 2011 - 07:49 AM

Hi!

We can work on the slowness issue.

The main infection that you were infected with is called TDL4.

See the snippet of text below:

2011/04/01 19:24:28.0953 2388 Detected object count: 1
2011/04/01 19:25:01.0359 2388 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/01 19:25:01.0359 2388 \HardDisk0 - ok
2011/04/01 19:25:01.0359 2388 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/04/01 19:25:19.0453 1984 Deinitialize success


You can read more about this infection here:

Special thanks to quietman7 for providing the above links.



NEXT:



OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
    :OTL
    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    O3 - HKU\S-1-5-21-498438405-1919081966-2996862342-1005\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O4 - HKU\.DEFAULT..\RunOnce: [oCh06504nOnCj06504] C:\Documents and Settings\All Users\Application Data\oCh06504nOnCj06504\oCh06504nOnCj06504.exe ()
    O4 - HKU\S-1-5-18..\RunOnce: [oCh06504nOnCj06504] C:\Documents and Settings\All Users\Application Data\oCh06504nOnCj06504\oCh06504nOnCj06504.exe ()
    O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} http://www.trendmicro.com/spyware-scan/as4web.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
    O36 - AppCertDlls: doskclip - (C:\WINDOWS\system32\bootdosx.dll) - File not found
    [2011/04/01 10:04:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\oCh06504nOnCj06504
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\Documents and Settings\Carlos Bello\My Documents\*.tmp files -> C:\Documents and Settings\Carlos Bello\My Documents\*.tmp -> ]
    [1 C:\Documents and Settings\Carlos Bello\Desktop\*.tmp files -> C:\Documents and Settings\Carlos Bello\Desktop\*.tmp -> ]
    [2011/04/01 10:49:55 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
    [2011/03/31 20:32:25 | 000,016,022 | -HS- | M] () -- C:\Documents and Settings\Carlos Bello\Local Settings\Application Data\85c41t1n5cbla04i6352uvj1206w3hx3tpr218awhu85420
    [2011/03/31 20:32:25 | 000,016,022 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\85c41t1n5cbla04i6352uvj1206w3hx3tpr218awhu85420
    [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\Documents and Settings\Carlos Bello\My Documents\*.tmp files -> C:\Documents and Settings\Carlos Bello\My Documents\*.tmp -> ]
    [1 C:\Documents and Settings\Carlos Bello\Desktop\*.tmp files -> C:\Documents and Settings\Carlos Bello\Desktop\*.tmp -> ]
    [2011/04/01 10:49:54 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
    [2011/03/31 20:02:04 | 000,016,022 | -HS- | C] () -- C:\Documents and Settings\Carlos Bello\Local Settings\Application Data\85c41t1n5cbla04i6352uvj1206w3hx3tpr218awhu85420
    [2011/03/31 20:02:04 | 000,016,022 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\85c41t1n5cbla04i6352uvj1206w3hx3tpr218awhu85420
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Scanning with MalwareBytes' Anti-Malware

Please download Malwarebytes' Anti-Malware (v1.50) and save it to your desktop.
Download Link 1
Download Link 2Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes' when done.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 esoterica81

esoterica81
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 02 April 2011 - 02:17 PM

Hi There, ST,

Here are my logs...


All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Service HidServ stopped successfully!
Service HidServ deleted successfully!
Registry value HKEY_USERS\S-1-5-21-498438405-1919081966-2996862342-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\oCh06504nOnCj06504 deleted successfully.
C:\Documents and Settings\All Users\Application Data\oCh06504nOnCj06504\oCh06504nOnCj06504.exe moved successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\oCh06504nOnCj06504 not found.
File C:\Documents and Settings\All Users\Application Data\oCh06504nOnCj06504\oCh06504nOnCj06504.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d81ca86b-ef63-42af-bee3-4502d9a03c2d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d81ca86b-ef63-42af-bee3-4502d9a03c2d}\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {B1826A9F-4AA0-4510-BA77-9013E74E4B9B}
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\SpyMD.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B1826A9F-4AA0-4510-BA77-9013E74E4B9B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1826A9F-4AA0-4510-BA77-9013E74E4B9B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{B1826A9F-4AA0-4510-BA77-9013E74E4B9B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1826A9F-4AA0-4510-BA77-9013E74E4B9B}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\doskclip deleted successfully.
Folder C:\Documents and Settings\All Users\Application Data\oCh06504nOnCj06504\ not found.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET1B4.tmp deleted successfully.
C:\WINDOWS\System32\setb5.tmp deleted successfully.
C:\WINDOWS\002867_.tmp deleted successfully.
C:\Documents and Settings\Carlos Bello\My Documents\~WRL0001.tmp deleted successfully.
C:\Documents and Settings\Carlos Bello\Desktop\~WRL0581.tmp deleted successfully.
C:\fsqwr.bmp moved successfully.
C:\Documents and Settings\Carlos Bello\Local Settings\Application Data\85c41t1n5cbla04i6352uvj1206w3hx3tpr218awhu85420 moved successfully.
C:\Documents and Settings\All Users\Application Data\85c41t1n5cbla04i6352uvj1206w3hx3tpr218awhu85420 moved successfully.
File C:\fsqwr.bmp not found.
File C:\Documents and Settings\Carlos Bello\Local Settings\Application Data\85c41t1n5cbla04i6352uvj1206w3hx3tpr218awhu85420 not found.
File C:\Documents and Settings\All Users\Application Data\85c41t1n5cbla04i6352uvj1206w3hx3tpr218awhu85420 not found.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Carlos Bello\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Carlos Bello\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Carlos Bello
->Temp folder emptied: 182278978 bytes
->Temporary Internet Files folder emptied: 226511471 bytes
->Java cache emptied: 108644745 bytes
->FireFox cache emptied: 3601644 bytes
->Flash cache emptied: 650 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Guest
->Temp folder emptied: 2661076 bytes
->Temporary Internet Files folder emptied: 144448555 bytes
->Flash cache emptied: 646 bytes

User: LocalService
->Temp folder emptied: 70938 bytes
->Temporary Internet Files folder emptied: 130738944 bytes
->Flash cache emptied: 29296 bytes

User: NetworkService
->Temp folder emptied: 932592 bytes
->Temporary Internet Files folder emptied: 337902275 bytes
->Flash cache emptied: 27015 bytes

User: TEMP(2)

User: TEMP(2).CARLOS

User: TEMP.CARLOS

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 94649272 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 4380620 bytes

Total Files Cleaned = 1,180.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Carlos Bello
->Flash cache emptied: 0 bytes

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: TEMP(2)

User: TEMP(2).CARLOS

User: TEMP.CARLOS

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04022011_103833

Files\Folders moved on Reboot...
C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\DQVWRAX2\Index[3].htm moved successfully.
File\Folder C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\DQVWRAX2\page__pid__2191487[1].htm not found!
C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\A117LF72\openhand[1].cur moved successfully.
C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\742ITUH1\mail[2].htm moved successfully.
C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\742ITUH1\museosans_500-webfont[1].eot moved successfully.
C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\742ITUH1\museosans_700-webfont[1].eot moved successfully.
C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\742ITUH1\MuseoSlab-300[1].eot moved successfully.
C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\742ITUH1\MuseoSlab-500[1].eot moved successfully.
C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\742ITUH1\MuseoSlab-700[1].eot moved successfully.
C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\742ITUH1\Vegur-Bold[1].eot moved successfully.
C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\742ITUH1\Vegur-Medium[1].eot moved successfully.
C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\3V8PPDH1\mail[3].htm moved successfully.
File\Folder C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\196061V0\mail[1].htm not found!

Registry entries deleted on Reboot...


MALWARE LOG

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6248

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/2/2011 12:09:18 PM
mbam-log-2011-04-02 (12-09-18).txt

Scan type: Quick scan
Objects scanned: 193296
Time elapsed: 6 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\itlnfw32.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\itlnfw32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E596DF5F-4239-4D40-8367-EBADF0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4A86FB67-AB29-49A5-BD6B-D4170276BFFD} (Trojan.Ambler) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\itlnfw32.dll (Trojan.Agent) -> Delete on reboot.
c:\documents and settings\carlos bello\application data\Sun\xwrvspjuk92.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\carlos bello\application data\Sun\cetw.txt (Malware.Trace) -> Quarantined and deleted successfully.


I successfully ran Malware but it advised that some files were not able to be removed...

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:41 PM

Posted 02 April 2011 - 06:40 PM

Please run a new updated scan with MBAM to see if it's able to detect and remove those threats that were not able to be removed the first time:


Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT:



ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
    • Enable Anti-Stealth technology
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
    scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as
    ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image


NEXT:


Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 esoterica81

esoterica81
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 02 April 2011 - 07:20 PM

Hi ST,

I completed Step 1 and Anti-Malware detected 0 infected files. Do you still think I need to proceed with the ESET scan?

Thanks!

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:41 PM

Posted 03 April 2011 - 07:31 AM

Yes, proceed with the rest of the steps.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 esoterica81

esoterica81
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 03 April 2011 - 11:33 AM

I really appreciate all your help. My computer is running much faster and with more energy. No more keyboad drag I don't have the problem anymore with the Google redirects. Thank you so much!! With that said, I would need a good reason why I should continue downloading more apps and sending the logs. Please do not consider this an affront, I just do not know what I'm doing with these applications and I do not want to get into the habit of not questioning what I am doing.

thanks, again!

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:41 PM

Posted 03 April 2011 - 11:36 AM

These additional scans I am asking you to run are to see if any additional malware is detected.

If you don't want any additional help, let me know, and I'll remove my tools and move on to assisting another user.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 esoterica81

esoterica81
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 03 April 2011 - 05:30 PM

C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe probably a variant of Win32/Agent.HZHBURL trojan
C:\WINDOWS\warnhp.html Win32/Oleloa.H trojan
C:\_OTL\MovedFiles\04022011_103833\C_Documents and Settings\All Users\Application Data\oCh06504nOnCj06504\oCh06504nOnCj06504.exe Win32/Kryptik.MFB.Gen trojan

Results of screen317's Security Check version 0.99.10
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
ESET Online Scanner v3
Sophos Anti-Virus
Antivirus out of date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 17
Java™ 6 Update 3
Java™ 6 Update 7
Java 2 Runtime Environment, SE v1.4.2_03
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Reader 7.0.8
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.16) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Sophos Sophos Anti-Virus SAVAdminService.exe
``````````End of Log````````````

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:41 PM

Posted 03 April 2011 - 07:09 PM

Howdy!

Your SecurityCheck log indicates that your Anti-Virus program is out of date. I suggest you update it to the latest version.

Lets see how things are running after these scans:

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
    :OTL
    
    :Reg
    
    :Files
    C:\WINDOWS\warnhp.html
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Update Adobe Reader
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
  • Go to Start > Control Panel > Add/Remove Programs
  • Remove ALL instances of Adobe Reader
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader
Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >here< Foxit Reader has fewer add-ons therefore loads more quickly.



NEXT:



Java Outdated
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Microsoft: ‘Unprecedented Wave of Java Exploitation’
Drive-by Trojan preying on out-of-date Java installations
Ghosts of Java Haunt UsersPlease follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows" (32-bit) or "Windows x64" (64-bit).
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u24-windows-i586.exe to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


NEXT



OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following bolded text into the Posted Image textbox.


    netsvcs
    drivers32
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



What outstanding issues (if any) are you still experiencing with your computer?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 esoterica81

esoterica81
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 04 April 2011 - 12:07 AM

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\WINDOWS\warnhp.html not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Carlos Bello\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Carlos Bello\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Carlos Bello
->Temp folder emptied: 890606 bytes
->Temporary Internet Files folder emptied: 94717502 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 560 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 67250 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: TEMP(2)

User: TEMP(2).CARLOS

User: TEMP.CARLOS

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 815 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1620 bytes

Total Files Cleaned = 91.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Carlos Bello
->Flash cache emptied: 0 bytes

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: TEMP(2)

User: TEMP(2).CARLOS

User: TEMP.CARLOS

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 04032011_200307

Files\Folders moved on Reboot...
C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\TRG3LIRK\likebox[1].htm moved successfully.
C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\TRG3LIRK\like[1].htm moved successfully.
C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\TRG3LIRK\like[2].htm moved successfully.
C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\TRG3LIRK\mail[1].htm moved successfully.
C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\TRG3LIRK\xd_receiver[1].htm moved successfully.
C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\NZ6KOH8X\01[1].htm moved successfully.
C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\NZ6KOH8X\data_sync[1].htm moved successfully.
C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\NZ6KOH8X\mail[1].htm moved successfully.
C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\NZ6KOH8X\xd_receiver[1].htm moved successfully.
C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\GJFPS0JX\how_5325924_fix-windows-installer-error[1].html moved successfully.
C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\GJFPS0JX\page__pid__2193755[1].htm moved successfully.
C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\GJFPS0JX\xd_receiver[1].htm moved successfully.
C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\F07TTVYG\comments[1].htm moved successfully.
C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\F07TTVYG\dm-dest[1].htm moved successfully.
C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\F07TTVYG\ers;cat=computers;scat=computertroubleshooting;sscat=pctroubleshooting;art=5325924;vid=0;ctype=articles;ugc=0;lvl=4;sz=300x310;tile=4;ord=7581489591356[1].htm moved successfully.
C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\F07TTVYG\iframe3[1].htm moved successfully.
C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\F07TTVYG\like[1].htm moved successfully.
C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\F07TTVYG\mail[2].htm moved successfully.
C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\F07TTVYG\xd_receiver[1].htm moved successfully.
C:\Documents and Settings\Carlos Bello\Local Settings\Temporary Internet Files\Content.IE5\F07TTVYG\xd_receiver[2].htm moved successfully.

Registry entries deleted on Reboot...


The rest of the steps don't work because Windows says another applications is currently being installed, but it's not. My Windows automatic updates is broken. It keeps notifying me that updates are available, the update being the service pack 3.5. But everytime I try downloading it it fails.

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:01:41 PM

Posted 04 April 2011 - 01:33 PM

Have you tried rebooting your computer to see if you're able to install the updates then?

Do you receive an error code when trying to install the updates available for Windows?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 esoterica81

esoterica81
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 04 April 2011 - 01:37 PM

Hi there, Yep, I have rebooted Windows countless times and still the Windows Updater will initalize but then just sit there and eventually fail. This is what I see after it initializes:

Installing Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86 (update 1 of 1)...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users