TechSpot

Delayed write failed virus and Google search results redirects me to other pages

Solved
By Chazer001
Feb 3, 2012
  1. Hello;

    2 weeks ago I had the virus that pop up many dalayed write failed windows errors on my laptop, then I used malwarebytes and my antivirus software to get rid of it, then two weeks later I am still having some issues that I am not able to solve, like every time I search something in google every link that I click redirects me to other pages that I do not want to see, and the other issue is that every time that I turn on my laptop the notepad pop up showing the following text:

    [ShellclassInfo]
    LocalizadResourceName=@%SystemRoot%\system32\shell32.dll,-21787

    Thanks in advance!!!
     
  2. Broni

    Broni Malware Annihilator Posts: 48,004   +271

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Chazer001

    Chazer001 TS Rookie Topic Starter Posts: 26

    Hi Broni

    Thank you for reply my post and take my case, rigth now I will start the steps of the link that you give me.

    Have a great day!!!
     
  4. Broni

    Broni Malware Annihilator Posts: 48,004   +271

    Same to you :)
     
  5. Chazer001

    Chazer001 TS Rookie Topic Starter Posts: 26

    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.04.03

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    DCO-TECH01 :: DCO-D420-01 [administrator]

    2/4/2012 11:48:41 AM
    mbam-log-2012-02-04 (11-48-41).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 196778
    Time elapsed: 6 minute(s), 6 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  6. Chazer001

    Chazer001 TS Rookie Topic Starter Posts: 26

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-02-04 12:15:07
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK8009GAH rev.BS011G
    Running: gmer.exe; Driver: C:\Temp\pgdyqfog.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs trufos.sys (Trufos Kernel Module/BitDefender S.R.L.)
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat trufos.sys (Trufos Kernel Module/BitDefender S.R.L.)

    Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
    Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

    ---- EOF - GMER 1.0.15 ----
     
  7. Chazer001

    Chazer001 TS Rookie Topic Starter Posts: 26

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702
    Run by DCO-TECH01 at 12:18:24 on 2012-02-04
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.903 [GMT -7:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IObit\Advanced SystemCare 4\ASCService.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
    svchost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = ipoffice
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: AvayaIEHlprObj Class: {e6df0b46-7d6f-407a-a6a2-62d17a021a9a} - c:\program files\avaya\avaya ip softphone\AvayaWebDial.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No File
    uRun: [cdloader] "c:\documents and settings\dco-tech01\application data\mjusbsp\cdloader2.exe" MAGICJACK
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    uPolicies-explorer: NoInstrumentation = 1 (0x1)
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://service.futuremark.com/virtualmark/tc/FMSI.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://cisco.webex.com/client/T27L/event/ieatgpc.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 10.0.0.1 209.18.47.61 209.18.47.62
    TCP: Interfaces\{85DBE165-68E3-4A74-811F-ED32CF47F2D3} : DhcpNameServer = 10.0.0.1 209.18.47.61 209.18.47.62
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 94.63.147.14 www.google.com
    Hosts: 94.63.147.15 www.bing.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-9-19 232512]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\program files\iobit\advanced systemcare 4\ASCService.exe [2011-5-16 353168]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-10 652360]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
    R2 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952]
    R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2009-4-15 146312]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-1-31 20464]
    R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2011-1-24 25088]
    S0 atjxlsti;atjxlsti;c:\windows\system32\drivers\svxwyawg.sys --> c:\windows\system32\drivers\svxwyawg.sys [?]
    S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
    S2 KeyServ;Key Server;c:\program files\avaya\ip office\keyserve\keyserve.exe --> c:\program files\avaya\ip office\keyserve\KeyServe.exe [?]
    S2 SentinelKeysServer;Sentinel Keys Server;"c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe" --> c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [?]
    S3 21590363;21590363; [x]
    S3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\drivers\atmfbus.sys --> c:\windows\system32\drivers\ATMFBUS.sys [?]
    S3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\drivers\atmfcvsp.sys --> c:\windows\system32\drivers\ATMFCVsp.sys [?]
    S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\drivers\atmfflt.sys --> c:\windows\system32\drivers\ATMFFLT.sys [?]
    S3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\drivers\atmfmdm.sys --> c:\windows\system32\drivers\ATMFMdm.sys [?]
    S3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\drivers\atmfnet.sys --> c:\windows\system32\drivers\ATMFNET.sys [?]
    S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\drivers\atmfnvsp.sys --> c:\windows\system32\drivers\ATMFNVsp.sys [?]
    S3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\drivers\atmfvsp.sys --> c:\windows\system32\drivers\ATMFVsp.sys [?]
    S3 cpuz130;cpuz130;\??\c:\temp\cpuz130\cpuz_x32.sys --> c:\temp\cpuz130\cpuz_x32.sys [?]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-12-27 18688]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-12-27 8320]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2008-12-27 42112]
    S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2008-12-27 23680]
    S3 sembbus;SEMC WMC Composite Device driver (WDM);c:\windows\system32\drivers\sembbus.sys --> c:\windows\system32\drivers\sembbus.sys [?]
    S3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);c:\windows\system32\drivers\sembcard.sys --> c:\windows\system32\drivers\sembcard.sys [?]
    S3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;c:\windows\system32\drivers\sembmdfl2.sys --> c:\windows\system32\drivers\sembmdfl2.sys [?]
    S3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;c:\windows\system32\drivers\sembmdm2.sys --> c:\windows\system32\drivers\sembmdm2.sys [?]
    S3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);c:\windows\system32\drivers\sembmgmt.sys --> c:\windows\system32\drivers\sembmgmt.sys [?]
    S3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);c:\windows\system32\drivers\sembnd5.sys --> c:\windows\system32\drivers\sembnd5.sys [?]
    S3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);c:\windows\system32\drivers\sembunic.sys --> c:\windows\system32\drivers\sembunic.sys [?]
    S3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);c:\windows\system32\drivers\sembwwan.sys --> c:\windows\system32\drivers\sembwwan.sys [?]
    S3 SEMCReserved;SEMC Reserved Interface;c:\windows\system32\drivers\semcreserved.sys --> c:\windows\system32\drivers\semcreserved.sys [?]
    S3 Sony_EricssonWWSC;Sony Ericsson PC SC Port;c:\windows\system32\drivers\seu4scard.sys --> c:\windows\system32\drivers\seu4scard.sys [?]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-11 14336]
    S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\googleupdate.exe /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
    S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\googleupdate.exe /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]
    S4 MV_Manager_Svr;Avaya MV_Manager;c:\program files\avaya\mv_manager\bin\MV_Manager_Service.exe [2006-5-23 1220096]
    S4 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-1-24 2250616]
    .
    =============== Created Last 30 ================
    .
    2012-02-03 20:25:11 -------- d-----w- c:\documents and settings\all users\application data\SecTaskMan
    2012-02-03 20:25:06 -------- d-----w- c:\program files\Security Task Manager
    2012-02-03 10:05:00 81984 ----a-w- c:\windows\system32\bdod.bin
    2012-02-03 09:31:19 -------- d-----w- c:\documents and settings\dco-tech01\application data\BitDefender
    2012-02-03 09:30:34 -------- d-----w- c:\program files\BitDefender
    2012-02-03 09:30:34 -------- d-----w- c:\documents and settings\all users\application data\BitDefender
    2012-02-03 09:29:29 -------- d-----w- c:\program files\common files\BitDefender
    2012-02-03 06:51:52 -------- d-----w- c:\program files\ESET
    2012-02-01 21:07:54 -------- d-----w- c:\program files\common files\Deterministic Networks
    2012-02-01 19:16:51 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-01-31 10:32:50 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-25 21:05:41 172 ----a-w- c:\windows\uninstall.bat
    2012-01-25 08:48:00 -------- d-sha-r- C:\cmdcons
    2012-01-25 08:46:31 98816 ----a-w- c:\windows\sed.exe
    2012-01-25 08:46:31 518144 ----a-w- c:\windows\SWREG.exe
    2012-01-25 08:46:31 256000 ----a-w- c:\windows\PEV.exe
    2012-01-25 08:46:31 208896 ----a-w- c:\windows\MBR.exe
    2012-01-24 03:05:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
    2012-01-24 03:05:40 57600 ----a-w- c:\windows\system32\dllcache\redbook.sys
    2012-01-17 08:35:23 -------- d-----w- c:\program files\common files\SafeNet Sentinel
    2012-01-12 23:23:02 -------- d-----w- c:\documents and settings\dco-tech01\local settings\application data\PCHealth
    2012-01-10 19:29:58 -------- d-----w- c:\documents and settings\dco-tech01\application data\Malwarebytes
    2012-01-10 17:06:58 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2012-01-10 17:06:58 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-01-10 17:06:35 -------- d-----w- c:\program files\Viking
    .
    ==================== Find3M ====================
    .
    2012-02-03 22:39:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-02-03 22:39:16 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-02-03 10:04:51 146312 ----a-w- c:\windows\system32\drivers\bdfm.sys
    2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
    2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
    .
    ============= FINISH: 12:19:48.39 ===============
     
  8. Chazer001

    Chazer001 TS Rookie Topic Starter Posts: 26

    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 6/29/2007 4:30:13 PM
    System Uptime: 2/3/2012 4:43:16 PM (20 hours ago)
    .
    Motherboard: Dell Inc. | | 0TF868
    Processor: Intel(R) Core(TM) Solo CPU U1400 @ 1.20GHz | Microprocessor | 1197/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 29 GiB total, 2.359 GiB free.
    D: is FIXED (NTFS) - 45 GiB total, 32.115 GiB free.
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\254F0D81464FC000
    Manufacturer: Microsoft
    Name: 1394 Net Adapter
    PNP Device ID: V1394\NIC1394\254F0D81464FC000
    Service: NIC1394
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Cisco Systems VPN Adapter
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco Systems VPN Adapter
    PNP Device ID: ROOT\NET\0000
    Service: CVirtA
    .
    Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
    Description: OpenManage Client Instrumentation device driver
    Device ID: ROOT\SYSTEM\0003
    Manufacturer: Dell Inc
    Name: OpenManage Client Instrumentation device driver
    PNP Device ID: ROOT\SYSTEM\0003
    Service: omci
    .
    Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
    Description: CD-ROM Drive
    Device ID: DTSOFTBUS&REV1\DTCDROM&REV1\1&431A56F&0&00
    Manufacturer: (Standard CD-ROM drives)
    Name: DTSOFT Virtual CdRom Device
    PNP Device ID: DTSOFTBUS&REV1\DTCDROM&REV1\1&431A56F&0&00
    Service: cdrom
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    3CDaemon
    Adobe Acrobat Elements 6.0
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader 8
    Adobe Reader 8.1.1
    Adobe Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Reader 8.2.1
    Advanced Implementation and Admin of Avaya Aura CMB v1.0
    Advanced SystemCare 4
    Audacity 1.3.13 (Unicode)
    Avaya 3.1 Launch Implementation Highlights v1.0
    Avaya Gateway Installation Wizard
    Avaya Integrated Management Administration Tools
    Avaya Integrated Management Administration Tools SP5
    Avaya IP Softphone R6
    Avaya MV_IPTel
    BitDefender Free Edition 2009
    Broadcom Gigabit Integrated Controller
    BufferChm
    Cisco Systems VPN Client 5.0.05.0290
    Combined Community Codec Pack 2008-09-21 16:18
    Compatibility Pack for the 2007 Office system
    Conexant HDA D110 MDC V.92 Modem
    Copy
    Critical Update for Windows Media Player 11 (KB959772)
    CTG-2
    DAEMON Tools Lite
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DivX Web Player
    DJ_AIO_03_F4200_ProductContext
    DJ_AIO_03_F4200_Software
    DJ_AIO_03_F4200_Software_Min
    dj_sf_software_req
    EPSON Printer Software
    ESET Online Scanner v3
    eSupportQFolder
    F4200
    F4200_Help
    FileZilla Client 3.5.0
    Free DWG Viewer 6.1
    Google Update Helper
    GoToMeeting 4.8.0.723
    GPBaseService
    High Definition Audio Driver Package - KB835221
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
    HP Deskjet Printer Driver Software 9.0
    HP Imaging Device Functions 10.0
    HP Photosmart Essential 2.5
    HP Smart Web Printing
    HP Solution Center 10.0
    HP Update
    HPProductAssistant
    ImgBurn
    Intel(R) Graphics Media Accelerator Driver
    IP Office Admin Suite
    J2SE Runtime Environment 5.0 Update 15
    J2SE Runtime Environment 5.0 Update 6
    Java Auto Updater
    Java(TM) 6 Update 3
    Java(TM) 6 Update 30
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    magicJack
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2656353)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office File Validation Add-In
    Microsoft Office Live Meeting 2007
    Microsoft Office Professional Edition 2003
    Microsoft Office Project Professional 2003
    Microsoft Office Visio Professional 2003
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Modem Helper
    MPEG2 Codec(libmpeg2/mad)
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    MSXML4 SP2 Install
    OGA Notifier 2.0.0048.0
    PARTNERĀ® PC Administration UnInstaller
    PSSWCORE
    Reliable Data Transport Tool
    RTC Client API v1.2
    SAMSUNG Mobile USB Modem 1.0 Software
    Samsung PC Studio 3
    Scan
    Security Task Manager 1.8d
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982665)
    Segoe UI
    SmartWebPrintingOC
    SolutionCenter
    Status
    TeamViewer 6
    TFTPSuitePro 2000
    Toolbox
    TrayApp
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB2598845)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2492386)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VideoToolkit01
    VLC media player 1.0.2
    VNC Free Edition 4.1.3
    WavePad Sound Editor
    WebEx
    WebFldrs XP
    WebReg
    Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 11
    Windows Rights Management Client
    Windows Rights Management Client Backwards Compatibility
    Windows XP Service Pack 3
    WinPcap 4.1.2
    WinRAR archiver
    WinSCP 4.2.1 beta
    WinSPM
    Wireshark 1.4.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/3/2012 9:15:57 AM, error: Service Control Manager [7034] - The BitDefender Virus Shield service terminated unexpectedly. It has done this 1 time(s).
    2/2/2012 5:57:12 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
    2/2/2012 5:57:12 PM, error: Service Control Manager [7034] - The Cisco Systems, Inc. VPN Service service terminated unexpectedly. It has done this 1 time(s).
    2/2/2012 4:03:37 PM, error: Service Control Manager [7034] - The Sentinel Protection Server service terminated unexpectedly. It has done this 1 time(s).
    2/2/2012 11:05:27 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).
    2/2/2012 10:54:37 PM, error: Service Control Manager [7023] - The Pml Driver HPZ12 service terminated with the following error: The specified module could not be found.
    2/2/2012 10:54:37 PM, error: Service Control Manager [7023] - The Net Driver HPZ12 service terminated with the following error: The specified module could not be found.
    2/2/2012 10:54:37 PM, error: Service Control Manager [7000] - The Sentinel Keys Server service failed to start due to the following error: The system cannot find the file specified.
    2/2/2012 10:49:42 PM, error: Dhcp [1002] - The IP address lease 10.48.62.24 for the Network Card with network address 00188BD79BF2 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    2/1/2012 12:31:14 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
    2/1/2012 12:17:01 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    2/1/2012 12:16:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    2/1/2012 10:21:55 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb Fips intelppm ssmdrv StarOpen
    2/1/2012 1:58:23 PM, error: Service Control Manager [7034] - The Advanced SystemCare Service service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================
     
  9. Broni

    Broni Malware Annihilator Posts: 48,004   +271

    Uninstall Advanced SystemCare 4.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    =============================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ============================================================

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
     
  10. Chazer001

    Chazer001 TS Rookie Topic Starter Posts: 26

    Ok, thank you Broni, already unistall ASC4 and now I am going to run the other aplications that you said and post the logs.
     
  11. Chazer001

    Chazer001 TS Rookie Topic Starter Posts: 26

    aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-04 14:26:57
    -----------------------------
    14:26:57.593 OS Version: Windows 5.1.2600 Service Pack 3
    14:26:57.593 Number of processors: 1 586 0xE0C
    14:26:57.593 ComputerName: DCO-D420-01 UserName: DCO-TECH01
    14:26:58.359 Initialize success
    14:30:24.953 AVAST engine defs: 12020401
    14:32:58.171 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    14:32:58.171 Disk 0 Vendor: TOSHIBA_MK8009GAH BS011G Size: 76319MB BusType: 3
    14:32:58.203 Disk 0 MBR read successfully
    14:32:58.218 Disk 0 MBR scan
    14:32:58.281 Disk 0 Windows XP default MBR code
    14:32:58.281 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 54 MB offset 63
    14:32:58.312 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 30176 MB offset 112455
    14:32:58.328 Disk 0 Partition - 00 0F Extended LBA 46084 MB offset 61914510
    14:32:58.359 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 46084 MB offset 61914573
    14:32:58.390 Disk 0 scanning sectors +156296385
    14:32:58.484 Disk 0 scanning C:\WINDOWS\system32\drivers
    14:33:20.312 Service scanning
    14:33:24.859 Modules scanning
    14:33:34.718 Disk 0 trace - called modules:
    14:33:34.765 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
    14:33:34.781 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a8fcab8]
    14:33:34.812 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a8b8940]
    14:33:35.296 AVAST engine scan C:\WINDOWS
    14:33:45.250 AVAST engine scan C:\WINDOWS\system32
    14:37:57.218 AVAST engine scan C:\WINDOWS\system32\drivers
    14:38:23.609 AVAST engine scan C:\Documents and Settings\DCO-TECH01
    14:42:51.921 AVAST engine scan C:\Documents and Settings\All Users
    14:43:17.515 Scan finished successfully
    15:35:55.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\DCO-TECH01\Desktop\MBR.dat"
    15:35:55.390 The log file has been saved successfully to "C:\Documents and Settings\DCO-TECH01\Desktop\aswMBR.txt"
     
     
  12. Chazer001

    Chazer001 TS Rookie Topic Starter Posts: 26

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    74 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
     
  13. Broni

    Broni Malware Annihilator Posts: 48,004   +271

    Looks good.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  14. Chazer001

    Chazer001 TS Rookie Topic Starter Posts: 26

    Hi Broni;

    I am back sorry for the delay, here it is the combofix log.that i got.

    Regards....


    ComboFix 12-02-05.01 - DCO-TECH01 02/08/2012 0:08.7.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.1026 [GMT -7:00]
    Running from: c:\documents and settings\DCO-TECH01\Desktop\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\drivers\etc\hosts.txt
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-08 to 2012-02-08 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-07 18:59 . 2012-02-07 18:59 -------- d-----w- c:\windows\LastGood
    2012-02-03 20:25 . 2012-02-03 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
    2012-02-03 20:25 . 2012-02-03 20:25 -------- d-----w- c:\program files\Security Task Manager
    2012-02-03 10:05 . 2012-02-03 10:24 81984 ----a-w- c:\windows\system32\bdod.bin
    2012-02-03 09:31 . 2012-02-03 09:31 -------- d-----w- c:\documents and settings\DCO-TECH01\Application Data\BitDefender
    2012-02-03 09:30 . 2012-02-03 09:35 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
    2012-02-03 09:30 . 2012-02-03 09:30 -------- d-----w- c:\program files\BitDefender
    2012-02-03 09:29 . 2012-02-03 09:30 -------- d-----w- c:\program files\Common Files\BitDefender
    2012-02-03 06:51 . 2012-02-03 06:51 -------- d-----w- c:\program files\ESET
    2012-02-01 21:07 . 2012-02-01 21:07 -------- d-----w- c:\program files\Common Files\Deterministic Networks
    2012-02-01 19:16 . 2012-02-01 19:16 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-01-31 10:32 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-25 21:05 . 2005-07-19 01:32 172 ----a-w- c:\windows\uninstall.bat
    2012-01-24 03:05 . 2008-04-13 19:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
    2012-01-24 03:05 . 2008-04-13 19:40 57600 ----a-w- c:\windows\system32\dllcache\redbook.sys
    2012-01-17 08:35 . 2012-01-24 11:31 -------- d-----w- c:\program files\Common Files\SafeNet Sentinel
    2012-01-12 23:23 . 2012-01-12 23:23 -------- d-----w- c:\documents and settings\DCO-TECH01\Local Settings\Application Data\PCHealth
    2012-01-10 19:29 . 2012-01-10 19:29 -------- d-----w- c:\documents and settings\DCO-TECH01\Application Data\Malwarebytes
    2012-01-10 17:06 . 2012-01-10 17:06 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-01-10 17:06 . 2012-01-10 17:06 -------- d-----w- c:\program files\Viking
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-03 22:39 . 2011-07-11 19:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-02-03 22:39 . 2007-10-24 06:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-02-03 10:04 . 2009-04-15 22:13 146312 ----a-w- c:\windows\system32\drivers\bdfm.sys
    2011-12-16 15:53 . 2011-01-25 00:23 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
    2011-11-25 21:57 . 2004-08-11 22:00 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25 . 2004-08-11 22:00 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 12:35 . 2004-08-11 22:00 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-16 14:21 . 2004-08-11 22:00 354816 ----a-w- c:\windows\system32\winhttp.dll
    2011-11-16 14:21 . 2004-08-11 22:00 152064 ----a-w- c:\windows\system32\schannel.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-02-05_03.00.50 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2004-08-11 22:00 . 2012-02-06 06:51 76522 c:\windows\system32\perfc009.dat
    - 2004-08-11 22:00 . 2012-02-03 23:48 76522 c:\windows\system32\perfc009.dat
    + 2012-02-07 18:59 . 2011-01-12 09:42 25088 c:\windows\LastGood\system32\DRIVERS\teamviewervpn.sys
    + 2004-08-11 22:00 . 2012-02-06 06:51 452974 c:\windows\system32\perfh009.dat
    - 2004-08-11 22:00 . 2012-02-03 23:48 452974 c:\windows\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cdloader"="c:\documents and settings\DCO-TECH01\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
    "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2012-02-03 782336]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
    backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
    backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
    backup=c:\windows\pss\VPN Client.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^DCO-TECH01^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
    path=c:\documents and settings\DCO-TECH01\Start Menu\Programs\Startup\PdaNet Desktop.lnk
    backup=c:\windows\pss\PdaNet Desktop.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2009-12-11 22:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-12-18 15:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
    2011-08-23 20:03 50592 ----a-w- c:\documents and settings\DCO-TECH01\Application Data\mjusbsp\cdloader2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4700 Series]
    2005-02-02 11:00 98304 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIADP.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-10-15 03:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
    2007-08-22 22:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    2005-12-13 07:45 118784 ----a-w- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    2005-12-13 07:44 98304 ----a-w- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRESET]
    2007-12-05 21:57 45056 ----a-w- c:\program files\Avaya\Avaya IP Softphone\IP Service Provider\pwreset.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    2006-03-24 07:30 282624 ----a-w- c:\windows\stsystra.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "WinVNC4"=2 (0x2)
    "rpcapd"=3 (0x3)
    "MV_IPTel_Server"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "IDriverT"=3 (0x3)
    "TeamViewer6"=2 (0x2)
    "gupdatem"=3 (0x3)
    "gupdate"=2 (0x2)
    "crmtftp"=3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\WinPcap\\rpcapd.exe"=
    "c:\\Program Files\\Walusoft\\TFTPSuite\\TFTPServer32.exe"=
    "c:\\Program Files\\Avaya\\Avaya IP Softphone\\ipsoftphone.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"=
    "c:\\WINDOWS\\system32\\ftp.exe"=
    "c:\\Program Files\\WinSCP\\WinSCP.exe"=
    "c:\\Program Files\\3Com\\3CDaemon\\3CDaemon.EXE"=
    "c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
    "c:\\Program Files\\Avaya\\IP Office\\Manager\\Manager.exe"=
    "c:\\Documents and Settings\\DCO-TECH01\\Application Data\\mjusbsp\\magicJack.exe"=
    "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
    "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    "AllowInboundTimestampRequest"= 1 (0x1)
    "AllowInboundMaskRequest"= 1 (0x1)
    "AllowInboundRouterRequest"= 1 (0x1)
    "AllowOutboundDestinationUnreachable"= 1 (0x1)
    "AllowOutboundSourceQuench"= 1 (0x1)
    "AllowOutboundParameterProblem"= 1 (0x1)
    "AllowOutboundTimeExceeded"= 1 (0x1)
    "AllowRedirect"= 1 (0x1)
    "AllowOutboundPacketTooBig"= 1 (0x1)
    .
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [9/19/2011 10:40 AM 232512]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/10/2012 12:29 PM 652360]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 10:07 AM 35088]
    R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [4/15/2009 3:13 PM 146312]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/31/2012 3:32 AM 20464]
    R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [1/24/2011 5:23 PM 25088]
    S0 atjxlsti;atjxlsti;c:\windows\system32\drivers\svxwyawg.sys --> c:\windows\system32\drivers\svxwyawg.sys [?]
    S2 KeyServ;Key Server;c:\program files\Avaya\IP Office\Keyserve\KeyServe.exe --> c:\program files\Avaya\IP Office\Keyserve\KeyServe.exe [?]
    S2 SentinelKeysServer;Sentinel Keys Server;"c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" --> c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [?]
    S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2/7/2012 11:59 AM 3027840]
    S3 21590363;21590363; [x]
    S3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\DRIVERS\ATMFBUS.sys --> c:\windows\system32\DRIVERS\ATMFBUS.sys [?]
    S3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\DRIVERS\ATMFCVsp.sys --> c:\windows\system32\DRIVERS\ATMFCVsp.sys [?]
    S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\DRIVERS\ATMFFLT.sys --> c:\windows\system32\DRIVERS\ATMFFLT.sys [?]
    S3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\DRIVERS\ATMFMdm.sys --> c:\windows\system32\DRIVERS\ATMFMdm.sys [?]
    S3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\DRIVERS\ATMFNET.sys --> c:\windows\system32\DRIVERS\ATMFNET.sys [?]
    S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\DRIVERS\ATMFNVsp.sys --> c:\windows\system32\DRIVERS\ATMFNVsp.sys [?]
    S3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\DRIVERS\ATMFVsp.sys --> c:\windows\system32\DRIVERS\ATMFVsp.sys [?]
    S3 cpuz130;cpuz130;\??\c:\temp\cpuz130\cpuz_x32.sys --> c:\temp\cpuz130\cpuz_x32.sys [?]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [12/27/2008 1:41 AM 18688]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [12/27/2008 1:41 AM 8320]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [12/27/2008 1:43 AM 42112]
    S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [12/27/2008 1:41 AM 23680]
    S3 sembbus;SEMC WMC Composite Device driver (WDM);c:\windows\system32\DRIVERS\sembbus.sys --> c:\windows\system32\DRIVERS\sembbus.sys [?]
    S3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);c:\windows\system32\DRIVERS\sembcard.sys --> c:\windows\system32\DRIVERS\sembcard.sys [?]
    S3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;c:\windows\system32\DRIVERS\sembmdfl2.sys --> c:\windows\system32\DRIVERS\sembmdfl2.sys [?]
    S3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;c:\windows\system32\DRIVERS\sembmdm2.sys --> c:\windows\system32\DRIVERS\sembmdm2.sys [?]
    S3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sembmgmt.sys --> c:\windows\system32\DRIVERS\sembmgmt.sys [?]
    S3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);c:\windows\system32\DRIVERS\sembnd5.sys --> c:\windows\system32\DRIVERS\sembnd5.sys [?]
    S3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);c:\windows\system32\DRIVERS\sembunic.sys --> c:\windows\system32\DRIVERS\sembunic.sys [?]
    S3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);c:\windows\system32\DRIVERS\sembwwan.sys --> c:\windows\system32\DRIVERS\sembwwan.sys [?]
    S3 SEMCReserved;SEMC Reserved Interface;c:\windows\system32\DRIVERS\semcreserved.sys --> c:\windows\system32\DRIVERS\semcreserved.sys [?]
    S3 Sony_EricssonWWSC;Sony Ericsson PC SC Port;c:\windows\system32\DRIVERS\seu4scard.sys --> c:\windows\system32\DRIVERS\seu4scard.sys [?]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/11/2004 3:00 PM 14336]
    S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
    S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
    S4 MV_Manager_Svr;Avaya MV_Manager;c:\program files\Avaya\MV_Manager\bin\MV_Manager_Service.exe [5/23/2006 6:41 AM 1220096]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - TEAMVIEWER7
    *Deregistered* - aswMBR
    *Deregistered* - pgdyqfog
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    WINRM REG_MULTI_SZ WINRM
    bdx REG_MULTI_SZ scan
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-25 c:\windows\Tasks\wavepadDowngrade.job
    - c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-08-01 21:04]
    .
    2012-01-25 c:\windows\Tasks\wavepadShakeIcon.job
    - c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-08-01 21:04]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = ipoffice
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    TCP: DhcpNameServer = 10.0.0.1 209.18.47.61 209.18.47.62
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-08 00:19
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2872956459-1784625082-3507246840-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
    @Denied: (Full) (LocalSystem)
    @SACL=
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):11,8b,29,7e,a5,e0,b6,05,79,83,ae,b1,6e,a7,6f,fc,1f,94,5c,33,0e,
    c9,e4,fd,8f,96,b1,2d,3d,62,0e,88,cb,c9,e6,8f,01,f8,1a,55,00,00,00,00,00,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{fa5803b0-14fb-4f3c-ae63-b21e20ab4068}]
    @Denied: (Full) (Everyone)
    "Model"=dword:00000122
    "Therad"=dword:0000001e
    "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
    38,95,44,eb,6d,27,42,80,c2,b8,87,e2,b4,de,df,70,2f,54,4d,83,e0,8b,c5,07,bb,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1620)
    c:\windows\system32\igfxdev.dll
    .
    Completion time: 2012-02-08 00:23:12
    ComboFix-quarantined-files.txt 2012-02-08 07:23
    ComboFix2.txt 2012-02-05 03:04
    ComboFix3.txt 2012-02-03 06:41
    ComboFix4.txt 2012-02-01 17:12
    ComboFix5.txt 2012-02-06 06:43
    .
    Pre-Run: 2,475,204,608 bytes free
    Post-Run: 2,536,333,312 bytes free
    .
    - - End Of File - - BFAB88CBC71688D5164E7442B6582B85
     
  15. Chazer001

    Chazer001 TS Rookie Topic Starter Posts: 26

    Update

    Broni;

    Just to let you know rhat I made some serches in google and still every link that I click keeps redirecting me to other pages.

    Have a nice day.....
     
  16. Broni

    Broni Malware Annihilator Posts: 48,004   +271

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\drivers\svxwyawg.sys
    
    Driver::
    atjxlsti
    21590363
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  17. Chazer001

    Chazer001 TS Rookie Topic Starter Posts: 26

    Hi, Broni I follow the steps that you said and here it is the log.

    Regards...

    ComboFix 12-02-05.01 - DCO-TECH01 02/08/2012 13:49:35.8.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.1024 [GMT -7:00]
    Running from: c:\documents and settings\DCO-TECH01\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\DCO-TECH01\Desktop\CFScript.txt
    .
    FILE ::
    "c:\windows\system32\drivers\svxwyawg.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_21590363
    -------\Service_21590363
    -------\Service_atjxlsti
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-08 to 2012-02-08 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-03 20:25 . 2012-02-03 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
    2012-02-03 20:25 . 2012-02-03 20:25 -------- d-----w- c:\program files\Security Task Manager
    2012-02-03 10:05 . 2012-02-08 16:26 81984 ----a-w- c:\windows\system32\bdod.bin
    2012-02-03 09:31 . 2012-02-03 09:31 -------- d-----w- c:\documents and settings\DCO-TECH01\Application Data\BitDefender
    2012-02-03 09:30 . 2012-02-03 09:35 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
    2012-02-03 09:30 . 2012-02-03 09:30 -------- d-----w- c:\program files\BitDefender
    2012-02-03 09:29 . 2012-02-03 09:30 -------- d-----w- c:\program files\Common Files\BitDefender
    2012-02-03 06:51 . 2012-02-03 06:51 -------- d-----w- c:\program files\ESET
    2012-02-01 21:07 . 2012-02-01 21:07 -------- d-----w- c:\program files\Common Files\Deterministic Networks
    2012-02-01 19:16 . 2012-02-01 19:16 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-01-31 10:32 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-25 21:05 . 2005-07-19 01:32 172 ----a-w- c:\windows\uninstall.bat
    2012-01-24 03:05 . 2008-04-13 19:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
    2012-01-24 03:05 . 2008-04-13 19:40 57600 ----a-w- c:\windows\system32\dllcache\redbook.sys
    2012-01-17 08:35 . 2012-01-24 11:31 -------- d-----w- c:\program files\Common Files\SafeNet Sentinel
    2012-01-12 23:23 . 2012-01-12 23:23 -------- d-----w- c:\documents and settings\DCO-TECH01\Local Settings\Application Data\PCHealth
    2012-01-10 19:29 . 2012-01-10 19:29 -------- d-----w- c:\documents and settings\DCO-TECH01\Application Data\Malwarebytes
    2012-01-10 17:06 . 2012-01-10 17:06 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-01-10 17:06 . 2012-01-10 17:06 -------- d-----w- c:\program files\Viking
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-03 22:39 . 2011-07-11 19:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-02-03 22:39 . 2007-10-24 06:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-02-03 10:04 . 2009-04-15 22:13 146312 ----a-w- c:\windows\system32\drivers\bdfm.sys
    2011-12-16 15:53 . 2011-01-25 00:23 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
    2011-11-25 21:57 . 2004-08-11 22:00 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25 . 2004-08-11 22:00 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 12:35 . 2004-08-11 22:00 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-16 14:21 . 2004-08-11 22:00 354816 ----a-w- c:\windows\system32\winhttp.dll
    2011-11-16 14:21 . 2004-08-11 22:00 152064 ----a-w- c:\windows\system32\schannel.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-02-05_03.00.50 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-02-08 21:03 . 2012-02-08 21:03 16384 c:\windows\temp\Perflib_Perfdata_5f0.dat
    + 2004-08-11 22:00 . 2012-02-08 21:10 76522 c:\windows\system32\perfc009.dat
    - 2004-08-11 22:00 . 2012-02-03 23:48 76522 c:\windows\system32\perfc009.dat
    + 2004-08-11 22:00 . 2012-02-08 21:10 452974 c:\windows\system32\perfh009.dat
    - 2004-08-11 22:00 . 2012-02-03 23:48 452974 c:\windows\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cdloader"="c:\documents and settings\DCO-TECH01\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
    "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2012-02-03 782336]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
    backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
    backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
    backup=c:\windows\pss\VPN Client.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^DCO-TECH01^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
    path=c:\documents and settings\DCO-TECH01\Start Menu\Programs\Startup\PdaNet Desktop.lnk
    backup=c:\windows\pss\PdaNet Desktop.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2009-12-11 22:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-12-18 15:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
    2011-08-23 20:03 50592 ----a-w- c:\documents and settings\DCO-TECH01\Application Data\mjusbsp\cdloader2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4700 Series]
    2005-02-02 11:00 98304 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIADP.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-10-15 03:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
    2007-08-22 22:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    2005-12-13 07:45 118784 ----a-w- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    2005-12-13 07:44 98304 ----a-w- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRESET]
    2007-12-05 21:57 45056 ----a-w- c:\program files\Avaya\Avaya IP Softphone\IP Service Provider\pwreset.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    2006-03-24 07:30 282624 ----a-w- c:\windows\stsystra.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "WinVNC4"=2 (0x2)
    "rpcapd"=3 (0x3)
    "MV_IPTel_Server"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "IDriverT"=3 (0x3)
    "TeamViewer6"=2 (0x2)
    "gupdatem"=3 (0x3)
    "gupdate"=2 (0x2)
    "crmtftp"=3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\WinPcap\\rpcapd.exe"=
    "c:\\Program Files\\Walusoft\\TFTPSuite\\TFTPServer32.exe"=
    "c:\\Program Files\\Avaya\\Avaya IP Softphone\\ipsoftphone.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"=
    "c:\\WINDOWS\\system32\\ftp.exe"=
    "c:\\Program Files\\WinSCP\\WinSCP.exe"=
    "c:\\Program Files\\3Com\\3CDaemon\\3CDaemon.EXE"=
    "c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
    "c:\\Program Files\\Avaya\\IP Office\\Manager\\Manager.exe"=
    "c:\\Documents and Settings\\DCO-TECH01\\Application Data\\mjusbsp\\magicJack.exe"=
    "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
    "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    "AllowInboundTimestampRequest"= 1 (0x1)
    "AllowInboundMaskRequest"= 1 (0x1)
    "AllowInboundRouterRequest"= 1 (0x1)
    "AllowOutboundDestinationUnreachable"= 1 (0x1)
    "AllowOutboundSourceQuench"= 1 (0x1)
    "AllowOutboundParameterProblem"= 1 (0x1)
    "AllowOutboundTimeExceeded"= 1 (0x1)
    "AllowRedirect"= 1 (0x1)
    "AllowOutboundPacketTooBig"= 1 (0x1)
    .
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [9/19/2011 10:40 AM 232512]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/10/2012 12:29 PM 652360]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 10:07 AM 35088]
    R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2/7/2012 11:59 AM 3027840]
    R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [4/15/2009 3:13 PM 146312]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/31/2012 3:32 AM 20464]
    R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [1/24/2011 5:23 PM 25088]
    S2 KeyServ;Key Server;c:\program files\Avaya\IP Office\Keyserve\KeyServe.exe --> c:\program files\Avaya\IP Office\Keyserve\KeyServe.exe [?]
    S2 SentinelKeysServer;Sentinel Keys Server;"c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" --> c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [?]
    S3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\DRIVERS\ATMFBUS.sys --> c:\windows\system32\DRIVERS\ATMFBUS.sys [?]
    S3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\DRIVERS\ATMFCVsp.sys --> c:\windows\system32\DRIVERS\ATMFCVsp.sys [?]
    S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\DRIVERS\ATMFFLT.sys --> c:\windows\system32\DRIVERS\ATMFFLT.sys [?]
    S3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\DRIVERS\ATMFMdm.sys --> c:\windows\system32\DRIVERS\ATMFMdm.sys [?]
    S3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\DRIVERS\ATMFNET.sys --> c:\windows\system32\DRIVERS\ATMFNET.sys [?]
    S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\DRIVERS\ATMFNVsp.sys --> c:\windows\system32\DRIVERS\ATMFNVsp.sys [?]
    S3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\DRIVERS\ATMFVsp.sys --> c:\windows\system32\DRIVERS\ATMFVsp.sys [?]
    S3 cpuz130;cpuz130;\??\c:\temp\cpuz130\cpuz_x32.sys --> c:\temp\cpuz130\cpuz_x32.sys [?]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [12/27/2008 1:41 AM 18688]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [12/27/2008 1:41 AM 8320]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [12/27/2008 1:43 AM 42112]
    S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [12/27/2008 1:41 AM 23680]
    S3 sembbus;SEMC WMC Composite Device driver (WDM);c:\windows\system32\DRIVERS\sembbus.sys --> c:\windows\system32\DRIVERS\sembbus.sys [?]
    S3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);c:\windows\system32\DRIVERS\sembcard.sys --> c:\windows\system32\DRIVERS\sembcard.sys [?]
    S3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;c:\windows\system32\DRIVERS\sembmdfl2.sys --> c:\windows\system32\DRIVERS\sembmdfl2.sys [?]
    S3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;c:\windows\system32\DRIVERS\sembmdm2.sys --> c:\windows\system32\DRIVERS\sembmdm2.sys [?]
    S3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sembmgmt.sys --> c:\windows\system32\DRIVERS\sembmgmt.sys [?]
    S3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);c:\windows\system32\DRIVERS\sembnd5.sys --> c:\windows\system32\DRIVERS\sembnd5.sys [?]
    S3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);c:\windows\system32\DRIVERS\sembunic.sys --> c:\windows\system32\DRIVERS\sembunic.sys [?]
    S3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);c:\windows\system32\DRIVERS\sembwwan.sys --> c:\windows\system32\DRIVERS\sembwwan.sys [?]
    S3 SEMCReserved;SEMC Reserved Interface;c:\windows\system32\DRIVERS\semcreserved.sys --> c:\windows\system32\DRIVERS\semcreserved.sys [?]
    S3 Sony_EricssonWWSC;Sony Ericsson PC SC Port;c:\windows\system32\DRIVERS\seu4scard.sys --> c:\windows\system32\DRIVERS\seu4scard.sys [?]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/11/2004 3:00 PM 14336]
    S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
    S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
    S4 MV_Manager_Svr;Avaya MV_Manager;c:\program files\Avaya\MV_Manager\bin\MV_Manager_Service.exe [5/23/2006 6:41 AM 1220096]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    WINRM REG_MULTI_SZ WINRM
    bdx REG_MULTI_SZ scan
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-08 c:\windows\Tasks\wavepadDowngrade.job
    - c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-08-01 21:04]
    .
    2012-01-25 c:\windows\Tasks\wavepadShakeIcon.job
    - c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-08-01 21:04]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    uInternet Settings,ProxyOverride = ipoffice
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    TCP: DhcpNameServer = 10.0.0.1 209.18.47.61 209.18.47.62
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-08 14:09
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2872956459-1784625082-3507246840-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
    @Denied: (Full) (LocalSystem)
    @SACL=
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):11,8b,29,7e,a5,e0,b6,05,79,83,ae,b1,6e,a7,6f,fc,1f,94,5c,33,0e,
    c9,e4,fd,8f,96,b1,2d,3d,62,0e,88,cb,c9,e6,8f,01,f8,1a,55,00,00,00,00,00,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{fa5803b0-14fb-4f3c-ae63-b21e20ab4068}]
    @Denied: (Full) (Everyone)
    "Model"=dword:00000122
    "Therad"=dword:0000001e
    "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
    38,95,44,eb,6d,27,42,80,c2,b8,87,e2,b4,de,df,70,2f,54,4d,83,e0,8b,c5,07,bb,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3528)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\wpdshext.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\Audiodev.dll
    c:\windows\system32\WMVCore.DLL
    c:\windows\system32\WMASF.DLL
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\WinSCP\DragExt.dll
    c:\windows\system32\PortableDeviceTypes.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Cisco Systems\VPN Client\cvpnd.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
    c:\program files\TeamViewer\Version7\TeamViewer.exe
    c:\program files\TeamViewer\Version7\tv_w32.exe
    .
    **************************************************************************
    .
    Completion time: 2012-02-08 14:14:56 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-02-08 21:14
    ComboFix2.txt 2012-02-08 07:23
    ComboFix3.txt 2012-02-05 03:04
    ComboFix4.txt 2012-02-03 06:41
    ComboFix5.txt 2012-02-08 20:47
    .
    Pre-Run: 2,457,997,312 bytes free
    Post-Run: 2,372,177,920 bytes free
    .
    - - End Of File - - 83D6829234B45530802A10553587FB3A
     
  18. Broni

    Broni Malware Annihilator Posts: 48,004   +271

    How is redirection?

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\bdod.bin
    
    DDS::
    uInternet Settings,ProxyOverride = ipoffice
    
    Driver::
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000000
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  19. Chazer001

    Chazer001 TS Rookie Topic Starter Posts: 26

    Hi Broni;

    The redirection happend when I make a search in google then I get all the results and I click one of them and looks like is opening the right page on the status bar but in one seccond or two it opens another page like norton.com and other search webpages, "but" rigth now I tried to replicate the problem and it did not hapenned, but here it is the log that you asked me for in your las post.

    ComboFix 12-02-05.01 - DCO-TECH01 02/08/2012 22:46:41.9.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.1078 [GMT -7:00]
    Running from: c:\documents and settings\DCO-TECH01\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\DCO-TECH01\Desktop\CFScript.txt
    .
    FILE ::
    "c:\windows\system32\bdod.bin"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\bdod.bin
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-09 to 2012-02-09 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-09 01:25 . 2001-08-18 05:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2012-02-09 01:25 . 2008-04-14 01:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2012-02-03 20:25 . 2012-02-03 20:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
    2012-02-03 20:25 . 2012-02-03 20:25 -------- d-----w- c:\program files\Security Task Manager
    2012-02-03 09:31 . 2012-02-03 09:31 -------- d-----w- c:\documents and settings\DCO-TECH01\Application Data\BitDefender
    2012-02-03 09:30 . 2012-02-03 09:35 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
    2012-02-03 09:30 . 2012-02-03 09:30 -------- d-----w- c:\program files\BitDefender
    2012-02-03 09:29 . 2012-02-03 09:30 -------- d-----w- c:\program files\Common Files\BitDefender
    2012-02-03 06:51 . 2012-02-03 06:51 -------- d-----w- c:\program files\ESET
    2012-02-01 21:07 . 2012-02-01 21:07 -------- d-----w- c:\program files\Common Files\Deterministic Networks
    2012-02-01 19:16 . 2012-02-01 19:16 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-01-31 10:32 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-25 21:05 . 2005-07-19 01:32 172 ----a-w- c:\windows\uninstall.bat
    2012-01-24 03:05 . 2008-04-13 19:40 57600 ----a-w- c:\windows\system32\drivers\redbook.sys
    2012-01-24 03:05 . 2008-04-13 19:40 57600 ----a-w- c:\windows\system32\dllcache\redbook.sys
    2012-01-17 08:35 . 2012-01-24 11:31 -------- d-----w- c:\program files\Common Files\SafeNet Sentinel
    2012-01-12 23:23 . 2012-01-12 23:23 -------- d-----w- c:\documents and settings\DCO-TECH01\Local Settings\Application Data\PCHealth
    2012-01-10 19:29 . 2012-01-10 19:29 -------- d-----w- c:\documents and settings\DCO-TECH01\Application Data\Malwarebytes
    2012-01-10 17:06 . 2012-01-10 17:06 -------- d-----w- c:\windows\system32\wbem\Repository
    2012-01-10 17:06 . 2012-01-10 17:06 -------- d-----w- c:\program files\Viking
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-03 22:39 . 2011-07-11 19:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-02-03 22:39 . 2007-10-24 06:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-02-03 10:04 . 2009-04-15 22:13 146312 ----a-w- c:\windows\system32\drivers\bdfm.sys
    2011-12-16 15:53 . 2011-01-25 00:23 25088 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
    2011-11-25 21:57 . 2004-08-11 22:00 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25 . 2004-08-11 22:00 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 12:35 . 2004-08-11 22:00 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-16 14:21 . 2004-08-11 22:00 354816 ----a-w- c:\windows\system32\winhttp.dll
    2011-11-16 14:21 . 2004-08-11 22:00 152064 ----a-w- c:\windows\system32\schannel.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-02-05_03.00.50 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-02-09 05:27 . 2012-02-09 05:27 16384 c:\windows\temp\Perflib_Perfdata_5fc.dat
    + 2004-08-11 22:00 . 2012-02-09 05:32 76522 c:\windows\system32\perfc009.dat
    - 2004-08-11 22:00 . 2012-02-03 23:48 76522 c:\windows\system32\perfc009.dat
    + 2004-08-11 22:00 . 2012-02-09 05:32 452974 c:\windows\system32\perfh009.dat
    - 2004-08-11 22:00 . 2012-02-03 23:48 452974 c:\windows\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "cdloader"="c:\documents and settings\DCO-TECH01\Application Data\mjusbsp\cdloader2.exe" [2011-08-23 50592]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
    "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2012-02-03 782336]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
    backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
    backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
    backup=c:\windows\pss\VPN Client.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^DCO-TECH01^Start Menu^Programs^Startup^PdaNet Desktop.lnk]
    path=c:\documents and settings\DCO-TECH01\Start Menu\Programs\Startup\PdaNet Desktop.lnk
    backup=c:\windows\pss\PdaNet Desktop.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2009-12-11 22:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-12-18 15:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
    2011-08-23 20:03 50592 ----a-w- c:\documents and settings\DCO-TECH01\Application Data\mjusbsp\cdloader2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX4700 Series]
    2005-02-02 11:00 98304 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATIADP.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2007-10-15 03:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
    2007-08-22 22:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    2005-12-13 07:45 118784 ----a-w- c:\windows\system32\igfxpers.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
    2005-12-13 07:44 98304 ----a-w- c:\windows\system32\igfxtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRESET]
    2007-12-05 21:57 45056 ----a-w- c:\program files\Avaya\Avaya IP Softphone\IP Service Provider\pwreset.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
    2006-03-24 07:30 282624 ----a-w- c:\windows\stsystra.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=3 (0x3)
    "WinVNC4"=2 (0x2)
    "rpcapd"=3 (0x3)
    "MV_IPTel_Server"=2 (0x2)
    "JavaQuickStarterService"=2 (0x2)
    "IDriverT"=3 (0x3)
    "TeamViewer6"=2 (0x2)
    "gupdatem"=3 (0x3)
    "gupdate"=2 (0x2)
    "crmtftp"=3 (0x3)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\WinPcap\\rpcapd.exe"=
    "c:\\Program Files\\Walusoft\\TFTPSuite\\TFTPServer32.exe"=
    "c:\\Program Files\\Avaya\\Avaya IP Softphone\\ipsoftphone.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Microsoft Office\\OFFICE11\\OUTLOOK.EXE"=
    "c:\\WINDOWS\\system32\\ftp.exe"=
    "c:\\Program Files\\WinSCP\\WinSCP.exe"=
    "c:\\Program Files\\3Com\\3CDaemon\\3CDaemon.EXE"=
    "c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
    "c:\\Program Files\\Avaya\\IP Office\\Manager\\Manager.exe"=
    "c:\\Documents and Settings\\DCO-TECH01\\Application Data\\mjusbsp\\magicJack.exe"=
    "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
    "c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
    "AllowInboundEchoRequest"= 1 (0x1)
    "AllowInboundTimestampRequest"= 1 (0x1)
    "AllowInboundMaskRequest"= 1 (0x1)
    "AllowInboundRouterRequest"= 1 (0x1)
    "AllowOutboundDestinationUnreachable"= 1 (0x1)
    "AllowOutboundSourceQuench"= 1 (0x1)
    "AllowOutboundParameterProblem"= 1 (0x1)
    "AllowOutboundTimeExceeded"= 1 (0x1)
    "AllowRedirect"= 1 (0x1)
    "AllowOutboundPacketTooBig"= 1 (0x1)
    .
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [9/19/2011 10:40 AM 232512]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/10/2012 12:29 PM 652360]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 10:07 AM 35088]
    R2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [2/7/2012 11:59 AM 3027840]
    R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [4/15/2009 3:13 PM 146312]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/31/2012 3:32 AM 20464]
    R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [1/24/2011 5:23 PM 25088]
    S2 KeyServ;Key Server;c:\program files\Avaya\IP Office\Keyserve\KeyServe.exe --> c:\program files\Avaya\IP Office\Keyserve\KeyServe.exe [?]
    S2 SentinelKeysServer;Sentinel Keys Server;"c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" --> c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [?]
    S3 ATMFBUS;A600 USB Composite Device Driver;c:\windows\system32\DRIVERS\ATMFBUS.sys --> c:\windows\system32\DRIVERS\ATMFBUS.sys [?]
    S3 ATMFCVsp;A600 Cricket CM Port;c:\windows\system32\DRIVERS\ATMFCVsp.sys --> c:\windows\system32\DRIVERS\ATMFCVsp.sys [?]
    S3 ATMFFLT;A600 USB Modem Installation CD;c:\windows\system32\DRIVERS\ATMFFLT.sys --> c:\windows\system32\DRIVERS\ATMFFLT.sys [?]
    S3 ATMFMdm;A600 Cricket EVDO Modem;c:\windows\system32\DRIVERS\ATMFMdm.sys --> c:\windows\system32\DRIVERS\ATMFMdm.sys [?]
    S3 ATMFNET;A600 Cricket EVDO Network Adapter;c:\windows\system32\DRIVERS\ATMFNET.sys --> c:\windows\system32\DRIVERS\ATMFNET.sys [?]
    S3 ATMFNVsp;A600 Cricket NMEA Port Serial Port;c:\windows\system32\DRIVERS\ATMFNVsp.sys --> c:\windows\system32\DRIVERS\ATMFNVsp.sys [?]
    S3 ATMFVsp;A600 Cricket Diagnostics Port;c:\windows\system32\DRIVERS\ATMFVsp.sys --> c:\windows\system32\DRIVERS\ATMFVsp.sys [?]
    S3 cpuz130;cpuz130;\??\c:\temp\cpuz130\cpuz_x32.sys --> c:\temp\cpuz130\cpuz_x32.sys [?]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [12/27/2008 1:41 AM 18688]
    S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [12/27/2008 1:41 AM 8320]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [12/27/2008 1:43 AM 42112]
    S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [12/27/2008 1:41 AM 23680]
    S3 sembbus;SEMC WMC Composite Device driver (WDM);c:\windows\system32\DRIVERS\sembbus.sys --> c:\windows\system32\DRIVERS\sembbus.sys [?]
    S3 sembcard;Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM);c:\windows\system32\DRIVERS\sembcard.sys --> c:\windows\system32\DRIVERS\sembcard.sys [?]
    S3 sembmdfl2;Sony Ericsson PC300 Wireless Modem Filter;c:\windows\system32\DRIVERS\sembmdfl2.sys --> c:\windows\system32\DRIVERS\sembmdfl2.sys [?]
    S3 sembmdm2;Sony Ericsson PC300 Wireless Modem Driver;c:\windows\system32\DRIVERS\sembmdm2.sys --> c:\windows\system32\DRIVERS\sembmdm2.sys [?]
    S3 sembmgmt;Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM);c:\windows\system32\DRIVERS\sembmgmt.sys --> c:\windows\system32\DRIVERS\sembmgmt.sys [?]
    S3 sembnd5;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS);c:\windows\system32\DRIVERS\sembnd5.sys --> c:\windows\system32\DRIVERS\sembnd5.sys [?]
    S3 sembunic;Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM);c:\windows\system32\DRIVERS\sembunic.sys --> c:\windows\system32\DRIVERS\sembunic.sys [?]
    S3 sembwwan;Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM);c:\windows\system32\DRIVERS\sembwwan.sys --> c:\windows\system32\DRIVERS\sembwwan.sys [?]
    S3 SEMCReserved;SEMC Reserved Interface;c:\windows\system32\DRIVERS\semcreserved.sys --> c:\windows\system32\DRIVERS\semcreserved.sys [?]
    S3 Sony_EricssonWWSC;Sony Ericsson PC SC Port;c:\windows\system32\DRIVERS\seu4scard.sys --> c:\windows\system32\DRIVERS\seu4scard.sys [?]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/11/2004 3:00 PM 14336]
    S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
    S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe /medsvc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
    S4 MV_Manager_Svr;Avaya MV_Manager;c:\program files\Avaya\MV_Manager\bin\MV_Manager_Service.exe [5/23/2006 6:41 AM 1220096]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    WINRM REG_MULTI_SZ WINRM
    bdx REG_MULTI_SZ scan
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-08 c:\windows\Tasks\wavepadDowngrade.job
    - c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-08-01 21:04]
    .
    2012-01-25 c:\windows\Tasks\wavepadShakeIcon.job
    - c:\program files\NCH Swift Sound\WavePad\wavepad.exe [2011-08-01 21:04]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    TCP: DhcpNameServer = 10.0.0.1 209.18.47.61 209.18.47.62
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-02-08 22:57
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2872956459-1784625082-3507246840-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
    @Denied: (Full) (LocalSystem)
    @SACL=
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):11,8b,29,7e,a5,e0,b6,05,79,83,ae,b1,6e,a7,6f,fc,1f,94,5c,33,0e,
    c9,e4,fd,8f,96,b1,2d,3d,62,0e,88,cb,c9,e6,8f,01,f8,1a,55,00,00,00,00,00,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{fa5803b0-14fb-4f3c-ae63-b21e20ab4068}]
    @Denied: (Full) (Everyone)
    "Model"=dword:00000122
    "Therad"=dword:0000001e
    "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
    38,95,44,eb,6d,27,42,80,c2,b8,87,e2,b4,de,df,70,2f,54,4d,83,e0,8b,c5,07,bb,\
    .
    Completion time: 2012-02-08 23:01:33
    ComboFix-quarantined-files.txt 2012-02-09 06:01
    ComboFix2.txt 2012-02-08 21:14
    ComboFix3.txt 2012-02-08 07:23
    ComboFix4.txt 2012-02-05 03:04
    ComboFix5.txt 2012-02-09 05:44
    .
    Pre-Run: 2,344,058,880 bytes free
    Post-Run: 2,361,401,344 bytes free
    .
    - - End Of File - - 77D9BD4E5E1FF6CE7F5FC61F641CABA8
     
  20. Broni

    Broni Malware Annihilator Posts: 48,004   +271

    Good news then :)

    Any current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  21. Chazer001

    Chazer001 TS Rookie Topic Starter Posts: 26

    Hi;

    I do not know if this is a virus related issue but when I turn on my laptop I still get the same text in a notepad file named "desktop.something" whit the following text:

    [ShellclassInfo]
    LocalizadResourceName=@%SystemRoot%\system32\shell32.dll,-21787
     
  22. Chazer001

    Chazer001 TS Rookie Topic Starter Posts: 26

    Here it is the first log:

    OTL logfile created on: 2/9/2012 8:17:26 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\DCO-TECH01\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.49 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 70.88% Memory free
    2.84 Gb Paging File | 2.48 Gb Available in Paging File | 87.17% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 29.47 Gb Total Space | 2.19 Gb Free Space | 7.42% Space Free | Partition Type: NTFS
    Drive D: | 45.00 Gb Total Space | 32.11 Gb Free Space | 71.36% Space Free | Partition Type: NTFS

    Computer Name: DCO-D420-01 | User Name: DCO-TECH01 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/02/09 20:15:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DCO-TECH01\Desktop\OTL.exe
    PRC - [2012/02/03 03:04:52 | 000,419,096 | ---- | M] (BitDefender SRL) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
    PRC - [2012/02/03 03:04:47 | 000,782,336 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
    PRC - [2012/01/19 04:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
    PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2009/04/06 14:12:02 | 001,626,112 | ---- | M] (BitDefender S. R. L.) -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
    PRC - [2009/03/27 15:25:28 | 000,438,272 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
    PRC - [2009/01/13 11:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/04/27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/05/22 10:21:36 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
    MOD - [2009/04/13 11:53:26 | 000,233,472 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\ENU\seccenter.ui
    MOD - [2009/04/06 11:41:58 | 000,221,184 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\bdfltlib.dll
    MOD - [2009/03/27 15:25:28 | 000,438,272 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
    MOD - [2009/03/26 11:36:22 | 000,167,936 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\agentreg.dll
    MOD - [2009/02/23 10:44:34 | 000,045,056 | ---- | M] () -- C:\Program Files\BitDefender\BitDefender 2009\actxcont.dll
    MOD - [2009/01/13 11:29:00 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
    MOD - [2008/10/09 16:31:54 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\txmlutil.dll
    MOD - [2008/10/09 16:31:54 | 000,192,512 | ---- | M] () -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\txmlutil.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (SentinelKeysServer)
    SRV - File not found [Auto | Stopped] -- -- (Pml Driver HPZ12)
    SRV - File not found [Auto | Stopped] -- -- (Net Driver HPZ12)
    SRV - File not found [Auto | Stopped] -- -- (KeyServ)
    SRV - File not found [Disabled | Stopped] -- -- (gupdatem) Google Update Service (gupdatem)
    SRV - File not found [Disabled | Stopped] -- -- (gupdate) Google Update Service (gupdate)
    SRV - [2012/02/03 03:04:52 | 000,419,096 | ---- | M] (BitDefender SRL) [Auto | Running] -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV)
    SRV - [2012/02/03 03:04:45 | 000,323,584 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan)
    SRV - [2012/01/19 04:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2010/06/25 10:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
    SRV - [2009/04/06 14:12:02 | 001,626,112 | ---- | M] (BitDefender S. R. L.) [Auto | Running] -- C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV)
    SRV - [2009/01/13 11:28:46 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
    SRV - [2008/10/15 16:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Disabled | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
    SRV - [2007/04/27 07:40:00 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
    SRV - [2006/05/23 06:41:10 | 001,220,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Avaya\MV_Manager\bin\MV_Manager_Service.exe -- (MV_Manager_Svr)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2012/02/03 03:04:51 | 000,146,312 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm)
    DRV - [2011/12/16 08:53:01 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)
    DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/09/19 10:40:13 | 000,232,512 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV - [2010/06/25 10:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
    DRV - [2009/04/06 16:44:58 | 000,266,376 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr)
    DRV - [2009/04/03 17:49:38 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos)
    DRV - [2009/01/13 11:27:38 | 000,306,811 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
    DRV - [2009/01/12 12:27:58 | 000,008,832 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr)
    DRV - [2008/09/02 14:32:06 | 000,013,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos)
    DRV - [2008/08/28 17:17:38 | 000,131,856 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
    DRV - [2008/08/21 18:49:56 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
    DRV - [2008/08/21 18:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
    DRV - [2007/11/14 18:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
    DRV - [2007/10/10 17:41:50 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
    DRV - [2007/06/18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
    DRV - [2007/06/18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
    DRV - [2007/01/31 01:37:18 | 000,056,320 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
    DRV - [2007/01/18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
    DRV - [2006/03/24 00:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2005/10/26 09:01:02 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2005/08/30 16:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm)
    DRV - [2005/08/30 16:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl)
    DRV - [2005/08/30 16:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
    DRV - [2003/07/16 03:27:40 | 000,043,264 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.mx/ig/dell?hl=en&client=dell-row-rel&channel=mx&ibd=3070619
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com.mx/ig/dell?hl=en&client=dell-row-rel&channel=mx&ibd=3070619

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..network.proxy.no_proxies_on: "ipoffice"


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll File not found


    [2010/07/08 23:36:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DCO-TECH01\Application Data\Mozilla\Extensions
    [2011/11/05 11:49:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DCO-TECH01\Application Data\Mozilla\Firefox\Profiles\ccdb0exi.default\extensions
    [2010/07/12 20:57:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\DCO-TECH01\Application Data\Mozilla\Firefox\Profiles\ccdb0exi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/01/25 15:18:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/01/10 10:06:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2012/02/03 15:39:20 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/03/18 12:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/03/18 12:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

    O1 HOSTS File: ([2012/02/08 22:57:35 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (AvayaIEHlprObj Class) - {E6DF0B46-7D6F-407A-A6A2-62D17A021A9A} - C:\Program Files\Avaya\Avaya IP Softphone\AvayaWebDial.dll ()
    O2 - BHO: (no name) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Value error.)
    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://service.futuremark.com/virtualmark/tc/FMSI.cab (Reg Error: Value error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://cisco.webex.com/client/T27L/event/ieatgpc.cab (GpcContainer Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 209.18.47.61 209.18.47.62
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85DBE165-68E3-4A74-811F-ED32CF47F2D3}: DhcpNameServer = 10.0.0.1 209.18.47.61 209.18.47.62
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\DCO-TECH01\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\DCO-TECH01\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2004/08/11 15:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/02/09 20:15:37 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DCO-TECH01\Desktop\OTL.exe
    [2012/02/09 15:16:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2012/02/07 11:59:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 7
    [2012/02/04 19:44:16 | 004,396,501 | R--- | C] (Swearware) -- C:\Documents and Settings\DCO-TECH01\Desktop\ComboFix.exe
    [2012/02/04 15:37:09 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Documents and Settings\DCO-TECH01\Desktop\boot_cleaner.exe
    [2012/02/04 14:26:54 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Documents and Settings\DCO-TECH01\Desktop\aswMBR.exe
    [2012/02/04 12:18:10 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\DCO-TECH01\Desktop\dds.scr
    [2012/02/03 13:25:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
    [2012/02/03 13:25:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager
    [2012/02/03 13:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
    [2012/02/03 02:31:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BitDefender 2009
    [2012/02/03 02:31:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Application Data\BitDefender
    [2012/02/03 02:30:34 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender
    [2012/02/03 02:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BitDefender
    [2012/02/03 02:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
    [2012/02/02 23:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/02/01 14:07:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cisco Systems VPN Client
    [2012/02/01 14:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
    [2012/02/01 12:16:51 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/01/31 03:51:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
    [2012/01/31 03:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2012/01/31 03:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2012/01/31 03:32:50 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/01/30 16:40:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Desktop\it
    [2012/01/26 11:18:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2012/01/25 15:54:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DWG Viewer
    [2012/01/25 14:28:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Accessories
    [2012/01/25 14:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\Real
    [2012/01/25 14:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\PrintMe Internet Printing
    [2012/01/25 14:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\NetWaiting
    [2012/01/25 14:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\Modem Helper
    [2012/01/25 14:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\Microsoft Silverlight
    [2012/01/25 14:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\Microsoft Office Live Meeting 2007
    [2012/01/25 14:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\Microsoft Office
    [2012/01/25 14:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/01/25 14:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\IP Office
    [2012/01/25 14:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\ImgBurn
    [2012/01/25 14:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\HP
    [2012/01/25 14:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\Games
    [2012/01/25 14:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\FileZilla FTP Client
    [2012/01/25 14:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\EPSON
    [2012/01/25 14:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\DWG Viewer
    [2012/01/25 14:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\DivX
    [2012/01/25 14:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\DAEMON Tools Lite
    [2012/01/25 14:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\Coupons
    [2012/01/25 14:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\Combined Community Codec Pack
    [2012/01/25 14:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\Avira
    [2012/01/25 14:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\Avaya University
    [2012/01/25 14:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\Avaya Solutions
    [2012/01/25 14:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\Avaya Reliable Data Transport Tool
    [2012/01/25 14:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\Avaya IP Softphone
    [2012/01/25 14:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\Avaya
    [2012/01/25 14:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\Audio Related Programs
    [2012/01/25 14:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\Advanced SystemCare 4
    [2012/01/25 14:28:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\3CDaemon
    [2012/01/25 14:28:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\WinSCP
    [2012/01/25 14:28:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\WinPcap
    [2012/01/25 14:28:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\Windows Live
    [2012/01/25 14:28:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\Viking
    [2012/01/25 14:28:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\VideoLAN
    [2012/01/25 14:28:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\TFTPSuite95Pro
    [2012/01/25 14:28:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\Samsung PC Studio 3
    [2012/01/25 14:28:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\RealVNC
    [2012/01/25 01:48:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2012/01/25 01:46:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2012/01/25 01:46:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2012/01/25 01:46:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2012/01/25 01:46:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2012/01/25 01:46:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2012/01/25 01:37:55 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/01/24 11:05:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\DCO-TECH01\Recent
    [2012/01/23 20:04:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
    [2012/01/23 18:28:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2012/01/23 18:22:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2012/01/23 18:22:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2012/01/18 01:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Desktop\Ip Office R7
    [2012/01/17 01:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\IP Office
    [2012/01/17 01:35:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SafeNet Sentinel
    [2012/01/12 16:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Local Settings\Application Data\PCHealth
    [2012/01/11 16:31:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DCO-TECH01\Desktop\New Folder

    ========== Files - Modified Within 30 Days ==========

    [2012/02/09 20:15:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DCO-TECH01\Desktop\OTL.exe
    [2012/02/09 14:05:01 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
    [2012/02/08 22:57:35 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2012/02/08 22:32:05 | 000,452,974 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/02/08 22:32:05 | 000,076,522 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/02/08 22:28:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/02/08 22:27:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/02/08 22:27:10 | 1600,249,856 | -HS- | M] () -- C:\hiberfil.sys
    [2012/02/08 14:05:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\wavepadDowngrade.job
    [2012/02/08 00:04:01 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\DCO-TECH01\Desktop\MBR.dat
    [2012/02/07 19:35:06 | 000,000,055 | ---- | M] () -- C:\WINDOWS\ATTWKTOP.INI
    [2012/02/07 11:59:55 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 7.lnk
    [2012/02/05 13:18:41 | 000,002,220 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml
    [2012/02/04 19:46:52 | 000,000,480 | ---- | M] () -- C:\Documents and Settings\DCO-TECH01\Desktop\Shortcut to ComboFix.lnk
    [2012/02/04 19:44:16 | 004,396,501 | R--- | M] (Swearware) -- C:\Documents and Settings\DCO-TECH01\Desktop\ComboFix.exe
    [2012/02/04 14:24:20 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\DCO-TECH01\Desktop\aswMBR.exe
    [2012/02/04 12:15:42 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\DCO-TECH01\Desktop\dds.scr
    [2012/02/03 03:04:51 | 000,146,312 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfm.sys
    [2012/02/03 02:34:34 | 000,000,850 | ---- | M] () -- C:\WINDOWS\System32\ProductTweaks.xml
    [2012/02/03 02:34:34 | 000,000,385 | ---- | M] () -- C:\WINDOWS\System32\user_gensett.xml
    [2012/02/02 16:45:28 | 000,192,541 | ---- | M] () -- C:\Documents and Settings\DCO-TECH01\Local Settings\Application Data\census.cache
    [2012/02/02 16:45:09 | 000,175,270 | ---- | M] () -- C:\Documents and Settings\DCO-TECH01\Local Settings\Application Data\ars.cache
    [2012/02/02 16:24:08 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\DCO-TECH01\Local Settings\Application Data\housecall.guid.cache
    [2012/02/02 10:36:26 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2012/02/02 10:36:26 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2012/02/02 09:39:49 | 000,396,850 | ---- | M] () -- C:\Documents and Settings\DCO-TECH01\Desktop\MARSH CD JUAREZ.pdf
    [2012/02/01 14:11:02 | 000,001,594 | ---- | M] () -- C:\WINDOWS\VPNInstall.MIF
    [2012/02/01 14:06:54 | 000,001,594 | ---- | M] () -- C:\WINDOWS\VPNUnInstall.MIF
    [2012/01/31 11:49:29 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2012/01/31 03:33:09 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\DCO-TECH01\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/01/30 17:53:12 | 000,025,510 | ---- | M] () -- C:\Documents and Settings\DCO-TECH01\Desktop\MXCHH21MARSHPBX2.cfg
    [2012/01/30 17:51:25 | 000,024,901 | ---- | M] () -- C:\Documents and Settings\DCO-TECH01\Desktop\MXCHH21MARSHPBX.cfg
    [2012/01/30 17:36:08 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\DCO-TECH01\PUTTY.RND
    [2012/01/30 16:35:02 | 015,311,903 | ---- | M] () -- C:\Documents and Settings\DCO-TECH01\Desktop\g430_sw_31_20_1.bin
    [2012/01/30 15:01:54 | 000,013,091 | ---- | M] () -- C:\Documents and Settings\DCO-TECH01\Desktop\PREDIAL MOM.htm
    [2012/01/30 12:47:54 | 012,780,091 | ---- | M] () -- C:\Documents and Settings\DCO-TECH01\Desktop\g430_sw_30_12_1.bin
    [2012/01/27 19:12:35 | 001,562,174 | ---- | M] () -- C:\Documents and Settings\DCO-TECH01\Desktop\COMPROBACION LAREDO.pdf
    [2012/01/26 01:35:19 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\DCO-TECH01\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2012/01/26 01:26:28 | 000,329,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/01/25 12:31:33 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\DCO-TECH01\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to ASA.exe.lnk
    [2012/01/25 11:43:10 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\DCO-TECH01\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
    [2012/01/25 06:08:06 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\DCO-TECH01\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to OUTLOOK.EXE.lnk
    [2012/01/25 01:48:09 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2012/01/23 18:18:41 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\DCO-TECH01\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2012/01/23 13:49:12 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2012/01/20 15:21:11 | 000,000,568 | ---- | M] () -- C:\Documents and Settings\DCO-TECH01\address.ser

    ========== Files Created - No Company Name ==========

    [2012/02/07 11:59:55 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 7.lnk
    [2012/02/04 19:46:52 | 000,000,480 | ---- | C] () -- C:\Documents and Settings\DCO-TECH01\Desktop\Shortcut to ComboFix.lnk
    [2012/02/04 15:35:55 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\DCO-TECH01\Desktop\MBR.dat
    [2012/02/04 12:09:12 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\DCO-TECH01\Desktop\gmer.exe
    [2012/02/03 03:23:52 | 000,002,220 | ---- | C] () -- C:\WINDOWS\System32\BDUpdateV1.xml
    [2012/02/03 02:34:34 | 000,000,850 | ---- | C] () -- C:\WINDOWS\System32\ProductTweaks.xml
    [2012/02/03 02:34:34 | 000,000,385 | ---- | C] () -- C:\WINDOWS\System32\user_gensett.xml
    [2012/02/02 16:45:28 | 000,192,541 | ---- | C] () -- C:\Documents and Settings\DCO-TECH01\Local Settings\Application Data\census.cache
    [2012/02/02 16:45:09 | 000,175,270 | ---- | C] () -- C:\Documents and Settings\DCO-TECH01\Local Settings\Application Data\ars.cache
    [2012/02/02 16:24:08 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\DCO-TECH01\Local Settings\Application Data\housecall.guid.cache
    [2012/02/02 09:39:45 | 000,396,850 | ---- | C] () -- C:\Documents and Settings\DCO-TECH01\Desktop\MARSH CD JUAREZ.pdf
    [2012/02/01 12:18:05 | 1600,249,856 | -HS- | C] () -- C:\hiberfil.sys
    [2012/01/31 03:33:09 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\DCO-TECH01\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
    [2012/01/30 17:53:12 | 000,025,510 | ---- | C] () -- C:\Documents and Settings\DCO-TECH01\Desktop\MXCHH21MARSHPBX2.cfg
    [2012/01/30 17:43:20 | 000,024,901 | ---- | C] () -- C:\Documents and Settings\DCO-TECH01\Desktop\MXCHH21MARSHPBX.cfg
    [2012/01/30 16:57:10 | 014,879,965 | ---- | C] () -- C:\Documents and Settings\DCO-TECH01\Desktop\640-801(New).pdf
    [2012/01/30 16:33:43 | 015,311,903 | ---- | C] () -- C:\Documents and Settings\DCO-TECH01\Desktop\g430_sw_31_20_1.bin
    [2012/01/30 15:01:54 | 000,013,091 | ---- | C] () -- C:\Documents and Settings\DCO-TECH01\Desktop\PREDIAL MOM.htm
    [2012/01/30 12:47:54 | 012,780,091 | ---- | C] () -- C:\Documents and Settings\DCO-TECH01\Desktop\g430_sw_30_12_1.bin
    [2012/01/27 19:12:32 | 001,562,174 | ---- | C] () -- C:\Documents and Settings\DCO-TECH01\Desktop\COMPROBACION LAREDO.pdf
    [2012/01/26 01:35:19 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\DCO-TECH01\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
    [2012/01/25 15:48:36 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\Shortcut to wireshark.exe.lnk
    [2012/01/25 15:20:49 | 000,000,651 | ---- | C] () -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\VLC.lnk
    [2012/01/25 15:14:37 | 000,000,615 | ---- | C] () -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\Shortcut to msmsgs.exe.lnk
    [2012/01/25 15:08:21 | 000,000,667 | ---- | C] () -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\Shortcut to iexplore.exe.lnk
    [2012/01/25 14:28:26 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\DCO-TECH01\Start Menu\Programs\WavePad Sound Editor.lnk
    [2012/01/25 14:05:41 | 000,000,172 | ---- | C] () -- C:\WINDOWS\uninstall.bat
    [2012/01/25 14:05:23 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\wavepadShakeIcon.job
    [2012/01/25 14:05:22 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\wavepadDowngrade.job
    [2012/01/25 12:31:33 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\DCO-TECH01\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to ASA.exe.lnk
    [2012/01/25 11:43:10 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\DCO-TECH01\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
    [2012/01/25 06:08:06 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\DCO-TECH01\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to OUTLOOK.EXE.lnk
    [2012/01/25 01:48:09 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2012/01/25 01:48:05 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2012/01/25 01:46:31 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2012/01/25 01:46:31 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2012/01/25 01:46:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2012/01/25 01:46:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2012/01/25 01:46:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2012/01/24 16:04:58 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\DCO-TECH01\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2012/01/10 09:16:05 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\DCO-TECH01\Local Settings\Application Data\keyfile3.drm
    [2011/10/05 15:06:08 | 000,068,221 | ---- | C] () -- C:\Documents and Settings\DCO-TECH01\Application Data\WavePad.dmp
    [2011/01/17 17:55:06 | 000,000,055 | ---- | C] () -- C:\WINDOWS\ATTWKTOP.INI
    [2010/07/11 13:22:06 | 000,121,304 | ---- | C] () -- C:\WINDOWS\HPHins15.dat
    [2010/07/11 13:22:06 | 000,002,885 | ---- | C] () -- C:\WINDOWS\hphmdl15.dat
    [2010/07/08 23:36:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/07/01 17:21:06 | 001,217,600 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    [2010/06/25 10:03:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
    [2010/06/01 09:45:27 | 000,000,216 | ---- | C] () -- C:\WINDOWS\WOMBAT.INI
    [2010/03/10 17:26:53 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
    [2009/12/16 11:13:35 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\DCO-TECH01\Local Settings\Application Data\PUTTY.RND
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
    [2009/03/10 11:29:56 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\DCO-TECH01\Application Data\winscp.rnd
    [2009/01/13 11:29:00 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
    [2009/01/13 11:28:44 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
    [2008/12/18 17:01:50 | 000,000,108 | ---- | C] () -- C:\WINDOWS\Lexstat.ini
    [2008/12/18 17:00:43 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv7.dll
    [2008/12/18 17:00:43 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv6.dll
    [2008/12/18 17:00:43 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv5.dll
    [2008/12/18 17:00:43 | 000,039,899 | ---- | C] () -- C:\WINDOWS\System32\rtsicis.ini
    [2008/10/09 16:31:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
    [2008/10/08 10:51:26 | 000,157,629 | ---- | C] () -- C:\WINDOWS\hpoins28.dat.temp
    [2008/10/08 10:51:25 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat.temp
    [2008/10/08 10:30:48 | 000,157,047 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
    [2008/10/08 10:30:48 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
    [2008/08/02 22:43:27 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
    [2008/07/06 12:34:30 | 003,113,952 | ---- | C] () -- C:\WINDOWS\tn799dp-h0-f24-sig.bin
    [2008/07/06 12:31:57 | 003,113,952 | ---- | C] () -- C:\WINDOWS\System32\tn799dp-h0-f24-sig.bin
    [2007/11/05 13:50:21 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\uninstpw.exe
    [2007/11/05 08:52:44 | 000,074,752 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe
    [2007/08/12 22:34:35 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2007/08/10 03:39:10 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2007/08/01 19:39:13 | 000,038,912 | ---- | C] () -- C:\Documents and Settings\DCO-TECH01\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/07/03 19:17:50 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\DCO-TECH01\Local Settings\Application Data\fusioncache.dat
    [2007/07/01 00:31:59 | 000,000,603 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2007/06/19 19:16:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2007/06/19 18:40:55 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
    [2007/06/19 18:38:57 | 000,001,195 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2007/01/31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll
    [2006/09/08 06:30:44 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
    [2004/08/11 15:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/11 15:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2004/08/11 15:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2004/08/11 15:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2004/08/11 15:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2004/08/11 15:06:43 | 000,329,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2004/08/11 15:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2004/08/11 15:00:28 | 000,452,974 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2004/08/11 15:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2004/08/11 15:00:28 | 000,076,522 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2004/08/11 15:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2004/08/11 15:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2004/08/11 15:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2004/08/11 15:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2004/08/11 15:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2004/08/11 15:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2004/08/11 15:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2004/08/11 15:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2003/01/30 06:04:00 | 000,618,496 | ---- | C] () -- C:\WINDOWS\System32\stlpmt45.dll
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

    ========== LOP Check ==========

    [2009/02/11 20:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
    [2010/04/17 10:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
    [2012/02/03 02:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BitDefender
    [2011/08/30 08:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
    [2011/09/19 10:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2010/08/25 10:41:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\magicJack
    [2007/08/06 08:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
    [2011/08/01 01:27:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2012/02/03 13:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
    [2010/03/10 16:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
    [2008/09/01 14:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
    [2011/10/05 14:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viking
    [2007/06/19 19:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
    [2011/10/05 23:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DCO-TECH01\Application Data\Audacity
    [2012/01/25 14:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DCO-TECH01\Application Data\Avaya
    [2009/03/13 17:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DCO-TECH01\Application Data\Avaya_GA_backup
    [2012/02/03 02:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DCO-TECH01\Application Data\BitDefender
    [2011/09/19 10:42:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DCO-TECH01\Application Data\DAEMON Tools Lite
    [2009/10/18 10:44:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DCO-TECH01\Application Data\DMCache
    [2012/01/30 16:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DCO-TECH01\Application Data\FileZilla
    [2011/09/07 00:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DCO-TECH01\Application Data\FutureDial
    [2011/09/19 09:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DCO-TECH01\Application Data\ImgBurn
    [2012/02/02 23:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DCO-TECH01\Application Data\IObit
    [2012/01/20 18:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DCO-TECH01\Application Data\mjusbsp
    [2011/08/01 01:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DCO-TECH01\Application Data\NCH Swift Sound
    [2011/02/03 13:49:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DCO-TECH01\Application Data\SAMSUNG
    [2011/12/28 20:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DCO-TECH01\Application Data\TeamViewer
    [2007/08/14 15:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DCO-TECH01\Application Data\Wave Systems Corp
    [2012/01/11 23:38:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DCO-TECH01\Application Data\webex
    [2010/08/30 16:47:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DCO-TECH01\Application Data\Wireshark
    [2012/02/08 14:05:00 | 000,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadDowngrade.job
    [2012/02/09 14:05:01 | 000,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job
     
  23. Chazer001

    Chazer001 TS Rookie Topic Starter Posts: 26

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2011/08/01 14:07:39 | 000,026,674 | ---- | M] () -- C:\ captura conanp.txt
    [2010/01/19 11:26:12 | 000,141,806 | ---- | M] () -- C:\3550MX07.txt
    [2010/01/22 09:24:27 | 000,276,923 | ---- | M] () -- C:\3550OutputInterpreter.txt
    [2011/07/26 12:18:54 | 000,300,996 | ---- | M] () -- C:\4 comandos DELOITTE.txt
    [2010/10/06 14:02:59 | 000,035,833 | ---- | M] () -- C:\4 Comandos IACNA Hillo.txt
    [2008/10/24 16:25:08 | 000,018,768 | ---- | M] () -- C:\4006 MX07.txt
    [2009/11/02 11:51:44 | 000,018,729 | ---- | M] () -- C:\4comandosMX34.txt
    [2010/04/07 18:47:12 | 000,026,861 | ---- | M] () -- C:\7 ABRIL 2010 ARCA.txt
    [2008/07/02 11:57:20 | 000,009,183 | ---- | M] () -- C:\7_2_2008_MX07_LCA.txt
    [2010/08/11 09:00:01 | 000,012,872 | ---- | M] () -- C:\ADEMCO 11 08 10.txt
    [2009/11/24 15:48:10 | 000,009,455 | ---- | M] () -- C:\aeromexico-vectores.txt
    [2010/01/27 11:05:29 | 000,170,854 | ---- | M] () -- C:\aeromty.txt
    [2008/08/14 16:21:29 | 000,151,584 | ---- | M] () -- C:\AIG CM5 INSTALL.txt
    [2010/07/29 11:42:10 | 000,094,242 | ---- | M] () -- C:\AIG Mante Julio 2010.txt
    [2011/01/18 12:19:49 | 007,674,651 | ---- | M] () -- C:\AIG MTTO ENERO 2010.txt
    [2011/01/18 12:43:45 | 000,033,160 | ---- | M] () -- C:\aig ultima captura.txt
    [2008/04/09 17:45:20 | 000,010,194 | ---- | M] () -- C:\american.txt
    [2009/04/02 11:32:20 | 000,128,560 | ---- | M] () -- C:\ani.txt
    [2008/08/04 14:29:26 | 000,033,656 | ---- | M] () -- C:\APCMX16
    [2010/02/20 18:29:24 | 000,020,996 | ---- | M] () -- C:\arca 2010.txt
    [2009/06/27 23:30:55 | 000,094,949 | ---- | M] () -- C:\ARCA LIST REGISTERED.txt
    [2008/11/21 15:37:13 | 000,196,452 | ---- | M] () -- C:\ARCA08.txt
    [2009/08/17 11:52:12 | 000,311,481 | ---- | M] () -- C:\ArcaChih.txt
    [2009/01/15 15:54:27 | 000,038,263 | ---- | M] () -- C:\arcamantojuarez09.txt
    [2008/04/15 20:50:54 | 000,135,841 | ---- | M] () -- C:\arca_main_server.txt
    [2004/08/11 15:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2011/05/26 13:44:15 | 000,025,030 | ---- | M] () -- C:\BARD_JRZ_IDF1_2960A.txt
    [2011/05/26 13:45:43 | 000,026,337 | ---- | M] () -- C:\BARD_JRZ_IDF1_2960B.txt
    [2011/05/26 13:48:55 | 000,026,123 | ---- | M] () -- C:\BARD_JRZ_IDF2_2960A.txt
    [2011/05/26 13:47:49 | 000,024,919 | ---- | M] () -- C:\BARD_JRZ_IDF2_2960B.txt
    [2011/05/26 13:42:56 | 000,055,185 | ---- | M] () -- C:\BARD_JRZ_MDF_3750STK.txt
    [2008/12/09 15:27:17 | 000,055,615 | ---- | M] () -- C:\bbva renacimiento.txt
    [2010/11/02 14:14:27 | 000,002,762 | ---- | M] () -- C:\BELDEN.TXT
    [2011/07/10 14:18:59 | 000,087,688 | ---- | M] () -- C:\bimbo chihuahua.txt
    [2011/08/13 12:14:20 | 000,000,136 | ---- | M] () -- C:\BIMBO DATOS.txt
    [2008/05/23 08:34:41 | 000,036,349 | ---- | M] () -- C:\bimbo-chihuahua.txt
    [2011/08/13 12:14:26 | 000,208,976 | ---- | M] () -- C:\bimbo.txt
    [2012/01/23 13:49:12 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2012/01/25 01:48:09 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010/03/23 10:36:07 | 000,205,560 | ---- | M] () -- C:\bristol antes de quitarlo.txt
    [2009/11/16 11:51:34 | 000,261,246 | ---- | M] () -- C:\bristol Para Delicias.txt
    [2011/07/08 11:33:20 | 000,222,205 | ---- | M] () -- C:\CAPTURA BARD reynosa.txt
    [2011/08/01 13:39:02 | 000,022,630 | ---- | M] () -- C:\captura conamp.txt
    [2011/05/30 15:01:04 | 000,040,227 | ---- | M] () -- C:\captura DAVOL CISCO ip+pc.txt
    [2009/10/11 10:34:56 | 000,007,795 | ---- | M] () -- C:\captura llamadasmx60.txt
    [2011/05/25 10:22:40 | 000,018,641 | ---- | M] () -- C:\captura MF.txt
    [2009/10/20 11:45:58 | 000,028,509 | ---- | M] () -- C:\capturaMX34.txt
    [2008/05/06 18:09:12 | 000,011,728 | ---- | M] () -- C:\capturaoxxo.txt
    [2009/02/12 17:10:38 | 000,035,365 | ---- | M] () -- C:\capturaParaLicenciaMX07.txt
    [2008/06/18 10:50:56 | 000,010,564 | ---- | M] () -- C:\cdr_honeywell_mx07.txt
    [2010/12/03 10:26:12 | 000,034,478 | ---- | M] () -- C:\CERVECERIA ISDN.txt
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2011/02/03 13:48:20 | 000,000,074 | ---- | M] () -- C:\CMLoader.log
    [2011/04/11 15:27:46 | 000,197,306 | ---- | M] () -- C:\COCA COLA CAPTURE.txt
    [2011/04/11 12:10:37 | 000,240,076 | ---- | M] () -- C:\coca cola Media Gateways.txt
    [2011/01/08 12:14:39 | 000,008,905 | ---- | M] () -- C:\cocacola 1 08 2011.txt
    [2012/02/08 23:01:34 | 000,017,388 | ---- | M] () -- C:\ComboFix.txt
    [2004/08/11 15:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/04/12 16:07:33 | 000,083,496 | ---- | M] () -- C:\DAVOL 04 12 2010.txt
    [2010/08/16 08:44:53 | 000,031,682 | ---- | M] () -- C:\davol 16 Agosto 2010.txt
    [2010/10/06 13:28:48 | 000,039,035 | ---- | M] () -- C:\DAVOL 4 COMAND.txt
    [2009/05/27 15:29:30 | 000,034,095 | ---- | M] () -- C:\DAVOL.CONFIGURACION FLASH CARD.txt
    [2008/02/27 15:38:04 | 000,059,825 | ---- | M] () -- C:\davol_4comandos.txt
    [2008/04/28 16:01:21 | 000,064,234 | ---- | M] () -- C:\davol_ia770.txt
    [2007/09/03 10:51:37 | 004,194,304 | ---- | M] () -- C:\DbgOut.txt
    [2007/09/15 15:16:14 | 000,000,000 | ---- | M] () -- C:\DBS.TXT
    [2007/06/19 18:41:18 | 000,005,481 | R--- | M] () -- C:\dell.sdr
    [2011/07/26 15:38:04 | 000,109,048 | ---- | M] () -- C:\deloit ext 7469.txt
    [2011/07/25 15:25:28 | 000,498,181 | ---- | M] () -- C:\DELOIT R2.txt
    [2007/08/02 12:14:22 | 000,043,445 | ---- | M] () -- C:\disp tru 14 AIG.txt
    [2010/06/10 10:29:22 | 000,128,031 | ---- | M] () -- C:\ESNA Corrugados.txt
    [2010/06/10 12:31:34 | 000,217,723 | ---- | M] () -- C:\ESNA PRUEba.txt
    [2010/07/20 10:21:06 | 000,034,325 | ---- | M] () -- C:\faurecia 4 comandos.txt
    [2010/10/15 13:01:36 | 000,006,977 | ---- | M] () -- C:\FAURECIA.txt
    [2009/02/18 13:53:22 | 000,000,214 | ---- | M] () -- C:\ferromex PKI.txt
    [2009/03/11 13:07:42 | 000,339,143 | ---- | M] () -- C:\ferromex respaldo.txt
    [2009/03/11 13:19:12 | 000,016,105 | ---- | M] () -- C:\ferromex route pattern.txt
    [2012/02/08 22:27:10 | 1600,249,856 | -HS- | M] () -- C:\hiberfil.sys
    [2008/08/01 20:29:00 | 000,129,659 | ---- | M] () -- C:\Honeywell monterrey.txt
    [2008/10/31 14:11:08 | 000,029,558 | ---- | M] () -- C:\honeywelllogin.txt
    [2008/10/31 14:39:46 | 000,015,954 | ---- | M] () -- C:\honeywelllogin2.txt
    [2009/05/11 11:49:34 | 000,085,439 | ---- | M] () -- C:\HoneywellMTRY.txt
    [2008/02/27 13:59:19 | 000,066,776 | ---- | M] () -- C:\Honeywell_opto_4_comandos.txt
    [2008/05/01 14:00:35 | 000,061,263 | ---- | M] () -- C:\hospital_muguerza.txt
    [2008/03/27 15:01:34 | 000,167,407 | ---- | M] () -- C:\Hotel_sicomoro_chihuahua.txt
    [2007/07/01 00:11:52 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
    [2010/03/03 14:40:58 | 000,089,805 | ---- | M] () -- C:\info Honeywel cd Juarez.txt
    [2004/08/11 15:15:00 | 000,000,000 | ---- | M] () -- C:\IO.SYS
    [2008/07/09 16:38:00 | 005,856,501 | ---- | M] () -- C:\ip500.bin
    [2011/01/31 10:53:09 | 000,029,083 | ---- | M] () -- C:\LEONI IP TRU AVAYA VS CALL MANAGER.txt
    [2010/12/02 13:58:19 | 000,036,317 | ---- | M] () -- C:\leoni isdn trunkgroup.txt
    [2010/12/02 13:56:29 | 000,030,913 | ---- | M] () -- C:\leoni isdn.txt
    [2010/06/09 22:59:06 | 000,071,540 | ---- | M] () -- C:\LEONI WIRING PUERTOS.txt
    [2010/06/10 15:58:02 | 000,010,616 | ---- | M] () -- C:\LEONI WIRING.txt
    [2008/03/24 11:45:28 | 000,009,183 | ---- | M] () -- C:\list conf all Honeywell MX7.txt
    [2009/02/17 19:33:59 | 000,062,410 | ---- | M] () -- C:\list conf all mx07 09.txt
    [2008/03/27 00:16:30 | 000,009,183 | ---- | M] () -- C:\list conf all MX7.txt
    [2008/03/06 11:35:57 | 000,029,698 | ---- | M] () -- C:\list st home depot 8711.txt
    [2007/08/02 12:04:56 | 000,153,374 | ---- | M] () -- C:\list trace st 3300 AIG.txt
    [2011/04/05 15:35:38 | 000,011,104 | ---- | M] () -- C:\list trace st coca cola tarde sen mex.txt
    [2009/10/11 10:51:01 | 000,041,794 | ---- | M] () -- C:\llamadas de prueba MX60.txt
    [2008/10/01 13:27:05 | 000,000,483 | ---- | M] () -- C:\LOG2E0.log
    [2008/10/01 13:48:46 | 000,000,483 | ---- | M] () -- C:\LOG2E2.log
    [2009/10/31 15:20:28 | 000,024,337 | ---- | M] () -- C:\MantenimientoMayorMx34.txt
    [2010/05/05 10:44:18 | 000,004,051 | ---- | M] () -- C:\mc.txt
    [2010/12/06 21:04:45 | 002,715,409 | ---- | M] () -- C:\MDF1 MX03.txt
    [2008/11/22 23:16:48 | 000,002,474 | ---- | M] () -- C:\memoria.txt
    [2009/02/10 17:15:29 | 000,230,355 | ---- | M] () -- C:\memoriatecnicaMX07.txt
    [2009/01/16 16:02:26 | 000,049,506 | ---- | M] () -- C:\migracionTDMMX07.txt
    [2010/07/07 10:13:52 | 000,012,327 | ---- | M] () -- C:\MOLEX COR 07 07 10.txt
    [2010/06/15 06:56:56 | 001,129,838 | ---- | M] () -- C:\molex main server.txt
    [2010/07/21 18:08:18 | 000,300,535 | ---- | M] () -- C:\molex memoria tecnica.txt
    [2010/08/19 09:09:42 | 000,006,404 | ---- | M] () -- C:\MOLEX PROBLEMA.txt
    [2010/06/02 16:12:33 | 000,131,591 | ---- | M] () -- C:\MOLEX.txt
    [2009/06/05 16:42:06 | 000,042,554 | ---- | M] () -- C:\monterrey para memoria tecnica.txt
    [2004/08/11 15:15:00 | 000,000,000 | ---- | M] () -- C:\MSDOS.SYS
    [2011/04/20 10:14:51 | 000,082,357 | ---- | M] () -- C:\MWI corrugados 20 abril 2011.txt
    [2011/01/11 09:52:11 | 000,401,742 | ---- | M] () -- C:\MX01 switch IDF 1.txt
    [2011/01/11 09:55:53 | 000,251,841 | ---- | M] () -- C:\MX01 switch IDF 2.txt
    [2011/01/11 09:48:45 | 004,214,521 | ---- | M] () -- C:\MX01 switch MDF 4510.txt
    [2011/11/13 23:31:08 | 000,257,551 | ---- | M] () -- C:\mx03 13 nov dids despues de reinicio.txt
    [2011/11/13 20:24:01 | 000,025,305 | ---- | M] () -- C:\mx03 13 nov dids.txt
    [2011/10/09 11:07:05 | 000,188,822 | ---- | M] () -- C:\MX03 voice gateway antes.txt
    [2011/10/18 14:31:36 | 000,018,855 | ---- | M] () -- C:\mx03 Voice gateway show diag.txt
    [2010/09/10 18:05:11 | 000,045,725 | ---- | M] () -- C:\MX07 4 Comandos.txt
    [2009/01/23 22:44:43 | 000,073,065 | ---- | M] () -- C:\MX07 ANTES DEL CAMBIO.TXT
    [2010/06/02 08:31:52 | 000,060,810 | ---- | M] () -- C:\Mx07 LIST REG.txt
    [2011/01/11 10:00:52 | 000,205,333 | ---- | M] () -- C:\MX16 switch IDF1 FL5 SWA.txt
    [2011/01/11 10:09:40 | 000,063,271 | ---- | M] () -- C:\MX16 switch IDF1 FL5 SWB.txt
    [2011/01/11 10:18:32 | 000,376,572 | ---- | M] () -- C:\MX16 switch IDF2 FL1 .txt
    [2011/01/11 10:13:13 | 001,054,857 | ---- | M] () -- C:\MX16 switch MDF FL5 .txt
    [2011/06/21 01:37:44 | 000,116,402 | ---- | M] () -- C:\mx29.txt
    [2011/08/25 11:46:20 | 000,006,559 | ---- | M] () -- C:\MX34 A D L.txt
    [2010/03/04 08:35:34 | 000,043,824 | ---- | M] () -- C:\Mx34 Comandos.txt
    [2011/05/19 23:14:42 | 000,128,660 | ---- | M] () -- C:\MX34 Instalacion de lic.txt
    [2010/11/23 11:30:45 | 000,070,779 | ---- | M] () -- C:\MX34.txt
    [2010/05/22 01:03:41 | 000,005,462 | ---- | M] () -- C:\mx60 list conf all.txt
    [2010/05/21 12:49:52 | 000,031,226 | ---- | M] () -- C:\MX60 LIST REG.txt
    [2008/10/05 16:39:14 | 000,000,000 | ---- | M] () -- C:\mx60_5deOctubre.txt
    [2011/01/11 09:35:30 | 001,568,551 | ---- | M] () -- C:\MX89 switch MDF1.txt
    [2011/01/11 09:30:38 | 000,232,007 | ---- | M] () -- C:\MX89 switch MDF2.txt
    [2011/08/08 10:23:28 | 000,035,345 | ---- | M] () -- C:\NORTEL SWITCH.txt
    [2004/08/04 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2011/07/21 18:44:54 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2008/08/06 16:08:08 | 000,001,976 | ---- | M] () -- C:\OCTELMX07.TXT
    [2009/03/09 11:33:03 | 000,038,567 | ---- | M] () -- C:\oxxo cd juarez g450.txt
    [2008/03/28 11:05:04 | 000,018,382 | ---- | M] () -- C:\oxxo disp capacity.txt
    [2008/05/06 17:29:45 | 000,020,203 | ---- | M] () -- C:\oxxo0001.txt
    [2008/05/06 17:44:42 | 000,042,798 | ---- | M] () -- C:\oxxo30000.txt
    [2008/05/06 17:21:07 | 000,166,084 | ---- | M] () -- C:\oxxo_cd_juarez.txt
    [2010/07/30 10:44:07 | 000,060,056 | ---- | M] () -- C:\P WC julio 2010.txt
    [2012/02/08 22:27:04 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
    [2010/11/11 09:05:30 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
    [2011/03/29 10:27:33 | 000,044,873 | ---- | M] () -- C:\ping coca cola 11 15 am.txt
    [2010/08/30 15:35:47 | 000,006,627 | ---- | M] () -- C:\PRUEBA PARA LEONI.txt
    [2009/02/19 12:00:23 | 000,064,982 | ---- | M] () -- C:\pwc.txt
    [2009/02/19 11:02:51 | 000,153,905 | ---- | M] () -- C:\PWC19FEB09.txt
    [2009/07/23 12:00:04 | 000,064,272 | ---- | M] () -- C:\pwc23 de julio del 2009.txt
    [2012/02/01 09:37:39 | 000,000,418 | ---- | M] () -- C:\rkill.log
    [2009/01/20 08:42:27 | 000,074,148 | ---- | M] () -- C:\SANBORNMISIONES.txt
    [2010/03/10 08:41:14 | 000,108,801 | ---- | M] () -- C:\sanborns ermanos cd juarez misiones.txt
    [2008/10/16 10:26:28 | 000,131,268 | ---- | M] () -- C:\santander.txt
    [2008/06/03 08:28:33 | 000,035,781 | ---- | M] () -- C:\sensus4comandos.txt
    [2008/03/31 09:14:05 | 000,070,059 | ---- | M] () -- C:\sensus_config.txt
    [2011/05/23 12:42:35 | 002,243,194 | ---- | M] () -- C:\show tech 3750 DAVOL.txt
    [2010/07/02 12:59:01 | 000,024,392 | ---- | M] () -- C:\sigma alimentos.txt
    [2009/03/02 15:33:52 | 000,000,232 | ---- | M] () -- C:\sqmdata00.sqm
    [2009/03/02 15:48:34 | 000,000,232 | ---- | M] () -- C:\sqmdata01.sqm
    [2009/04/15 10:35:28 | 000,000,232 | ---- | M] () -- C:\sqmdata02.sqm
    [2009/04/15 10:53:43 | 000,000,232 | ---- | M] () -- C:\sqmdata03.sqm
    [2009/04/15 10:55:54 | 000,000,232 | ---- | M] () -- C:\sqmdata04.sqm
    [2009/04/15 10:56:16 | 000,000,232 | ---- | M] () -- C:\sqmdata05.sqm
    [2009/07/06 20:57:59 | 000,000,232 | ---- | M] () -- C:\sqmdata06.sqm
    [2009/07/24 21:04:54 | 000,000,232 | ---- | M] () -- C:\sqmdata07.sqm
    [2009/07/26 01:49:38 | 000,000,232 | ---- | M] () -- C:\sqmdata08.sqm
    [2009/08/29 20:58:50 | 000,000,232 | ---- | M] () -- C:\sqmdata09.sqm
    [2009/09/03 22:02:50 | 000,000,232 | ---- | M] () -- C:\sqmdata10.sqm
    [2008/06/04 10:53:37 | 000,000,232 | ---- | M] () -- C:\sqmdata11.sqm
    [2008/06/04 10:56:10 | 000,000,232 | ---- | M] () -- C:\sqmdata12.sqm
    [2008/10/08 21:10:38 | 000,000,232 | ---- | M] () -- C:\sqmdata13.sqm
    [2008/12/17 11:35:18 | 000,000,232 | ---- | M] () -- C:\sqmdata14.sqm
    [2008/12/18 13:08:01 | 000,000,232 | ---- | M] () -- C:\sqmdata15.sqm
    [2008/12/30 16:34:58 | 000,000,232 | ---- | M] () -- C:\sqmdata16.sqm
    [2009/01/17 00:17:59 | 000,000,232 | ---- | M] () -- C:\sqmdata17.sqm
    [2009/03/02 15:30:41 | 000,000,232 | ---- | M] () -- C:\sqmdata18.sqm
    [2009/03/02 15:33:06 | 000,000,232 | ---- | M] () -- C:\sqmdata19.sqm
    [2009/03/02 15:33:52 | 000,000,244 | ---- | M] () -- C:\sqmnoopt00.sqm
    [2009/03/02 15:48:34 | 000,000,244 | ---- | M] () -- C:\sqmnoopt01.sqm
    [2009/04/15 10:35:27 | 000,000,244 | ---- | M] () -- C:\sqmnoopt02.sqm
    [2009/04/15 10:53:43 | 000,000,244 | ---- | M] () -- C:\sqmnoopt03.sqm
    [2009/04/15 10:55:54 | 000,000,244 | ---- | M] () -- C:\sqmnoopt04.sqm
    [2009/04/15 10:56:16 | 000,000,244 | ---- | M] () -- C:\sqmnoopt05.sqm
    [2009/07/06 20:57:59 | 000,000,244 | ---- | M] () -- C:\sqmnoopt06.sqm
    [2009/07/24 21:04:54 | 000,000,244 | ---- | M] () -- C:\sqmnoopt07.sqm
    [2009/07/26 01:49:38 | 000,000,244 | ---- | M] () -- C:\sqmnoopt08.sqm
    [2009/08/29 20:58:50 | 000,000,244 | ---- | M] () -- C:\sqmnoopt09.sqm
    [2009/09/03 22:02:50 | 000,000,244 | ---- | M] () -- C:\sqmnoopt10.sqm
    [2008/06/04 10:53:36 | 000,000,244 | ---- | M] () -- C:\sqmnoopt11.sqm
    [2008/06/04 10:56:10 | 000,000,244 | ---- | M] () -- C:\sqmnoopt12.sqm
    [2008/10/08 21:10:38 | 000,000,244 | ---- | M] () -- C:\sqmnoopt13.sqm
    [2008/12/17 11:35:18 | 000,000,244 | ---- | M] () -- C:\sqmnoopt14.sqm
    [2008/12/18 13:08:01 | 000,000,244 | ---- | M] () -- C:\sqmnoopt15.sqm
    [2008/12/30 16:34:58 | 000,000,244 | ---- | M] () -- C:\sqmnoopt16.sqm
    [2009/01/17 00:17:59 | 000,000,244 | ---- | M] () -- C:\sqmnoopt17.sqm
    [2009/03/02 15:30:40 | 000,000,244 | ---- | M] () -- C:\sqmnoopt18.sqm
    [2009/03/02 15:33:06 | 000,000,244 | ---- | M] () -- C:\sqmnoopt19.sqm
    [2009/11/24 01:27:27 | 000,004,923 | ---- | M] () -- C:\ssid camino real.txt
    [2011/01/11 10:25:33 | 000,626,624 | ---- | M] () -- C:\SWITCH HONEYWELL.zip
    [2009/03/27 13:48:36 | 000,001,647 | ---- | M] () -- C:\System CDR
    [2012/02/02 23:09:33 | 000,068,396 | ---- | M] () -- C:\TDSSKiller.2.7.7.0_02.02.2012_23.09.06_log.txt
    [2012/01/24 15:39:15 | 000,054,654 | ---- | M] () -- C:\TDSSKiller.2.7.7.0_24.01.2012_15.35.40_log.txt
    [2012/01/24 15:48:56 | 000,070,258 | ---- | M] () -- C:\TDSSKiller.2.7.7.0_24.01.2012_15.43.51_log.txt
    [2012/01/24 15:56:36 | 000,136,612 | ---- | M] () -- C:\TDSSKiller.2.7.7.0_24.01.2012_15.53.49_log.txt
    [2012/01/31 12:10:24 | 000,000,346 | ---- | M] () -- C:\TDSSKiller.2.7.7.0_31.01.2012_12.10.11_log.txt
    [2012/02/01 09:33:49 | 000,000,346 | ---- | M] () -- C:\TDSSKiller.2.7.8.0_01.02.2012_09.33.43_log.txt
    [2012/01/31 12:14:09 | 000,070,770 | ---- | M] () -- C:\TDSSKiller.2.7.8.0_31.01.2012_12.11.22_log.txt
    [2012/02/01 09:36:03 | 000,070,816 | ---- | M] () -- C:\TDSSKiller.2.7.9.0_01.02.2012_09.35.20_log.txt
    [2012/02/01 12:16:59 | 000,076,596 | ---- | M] () -- C:\TDSSKiller.2.7.9.0_01.02.2012_12.10.55_log.txt
    [2011/10/24 04:53:45 | 000,044,383 | ---- | M] () -- C:\teledinamica home depot 8711 despues.txt
    [2000/07/31 10:45:22 | 000,039,574 | ---- | M] () -- C:\Tm_data.c
    [2007/06/13 12:39:00 | 000,368,374 | ---- | M] () -- C:\tn2464bp_f19-2-sig.bin
    [2008/08/03 08:28:00 | 000,481,240 | ---- | M] () -- C:\tn2464cp-h13-f22-sig.bin
    [2007/06/21 23:46:48 | 003,113,952 | ---- | M] () -- C:\tn799dp-h0-f24-sig.bin
    [2008/07/21 12:04:43 | 001,316,806 | ---- | M] () -- C:\tn799dp-h0-f26-sig.bin
    [2007/06/21 23:47:37 | 003,558,512 | ---- | M] () -- C:\tn799dp-h13-f24-sig.bin
    [2008/07/21 12:04:43 | 004,097,860 | ---- | M] () -- C:\tn799dp-h13-f26-sig.bin
    [2010/09/30 13:54:23 | 000,051,801 | ---- | M] () -- C:\torre medica cima.txt
    [2011/04/13 11:18:39 | 000,062,144 | ---- | M] () -- C:\trafico llamada mochis.txt
    [2011/04/05 08:31:40 | 000,016,571 | ---- | M] () -- C:\trazado extension 1921 Sen Mexico.txt
    [2010/05/18 13:36:13 | 000,271,756 | ---- | M] () -- C:\TTI Mx34.txt
    [2009/02/03 16:53:34 | 000,050,680 | ---- | M] () -- C:\type4610.txt
    [2011/05/16 19:05:31 | 000,068,217 | ---- | M] () -- C:\ultimocambio DAVOL.txt
    [2009/04/09 08:15:29 | 000,000,594 | ---- | M] () -- C:\updatedatfix.log
    [2011/06/08 15:09:39 | 000,004,714 | ---- | M] () -- C:\voice gateway Mx03.txt

    < %systemroot%\Fonts\*.com >
    [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2004/08/11 15:14:22 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/03/28 12:57:34 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
    [2007/12/17 17:05:32 | 000,278,016 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5mu.dll
    [2011/02/05 13:25:34 | 000,082,184 | ---- | M] (Microsoft Corporation.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lmdippr8.dll
    [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >
    [2007/05/20 16:55:02 | 000,082,007 | ---- | M] () -- C:\WINDOWS\Corp_NB_1280x864_01.jpg

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2009/04/18 08:38:53 | 000,001,538 | ---- | M] () -- C:\Documents and Settings\DCO-TECH01\Application Data\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2004/08/11 15:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
    [2004/08/11 15:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
    [2004/08/11 15:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

    < %PROGRAMFILES%\bak. /s >
    [2009/03/13 17:36:52 | 000,000,000 | ---D | M] -- C:\Program Files\Avaya\JRE\1.5.0_11\lib\security\bak

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2012/01/23 18:18:41 | 000,000,060 | -HS- | M] () -- C:\Documents and Settings\DCO-TECH01\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2012/01/23 18:18:41 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\DCO-TECH01\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2012/02/04 14:24:20 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Documents and Settings\DCO-TECH01\Desktop\aswMBR.exe
    [2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Documents and Settings\DCO-TECH01\Desktop\boot_cleaner.exe
    [2012/02/04 19:44:16 | 004,396,501 | R--- | M] (Swearware) -- C:\Documents and Settings\DCO-TECH01\Desktop\ComboFix.exe
    [2011/07/16 22:21:04 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\DCO-TECH01\Desktop\gmer.exe
    [2012/02/09 20:15:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DCO-TECH01\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >
    [2007/08/23 16:39:22 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\DCO-TECH01\launchLicense.exe

    < %systemroot%\ADDINS\*.* >
    [2004/08/04 03:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/01/23 18:18:42 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\DCO-TECH01\Favorites\Desktop.ini
    [2012/01/25 14:04:56 | 000,000,236 | ---- | M] () -- C:\Documents and Settings\DCO-TECH01\Favorites\NCH Software Download Site.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/11/18 08:20:45 | 000,000,406 | ---- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2007/07/03 19:42:40 | 000,000,067 | ---- | M] () -- C:\Documents and Settings\DCO-TECH01\Cookies\desktop.ini
    [2012/02/09 18:22:03 | 000,327,680 | ---- | M] () -- C:\Documents and Settings\DCO-TECH01\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 17:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/03 23:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/03 23:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 10:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/03 23:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/03 23:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/03 23:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/03 23:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/03 23:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    < End of report >
     
  24. Chazer001

    Chazer001 TS Rookie Topic Starter Posts: 26

    Here it is the second log:

    OTL Extras logfile created on: 2/9/2012 8:17:26 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\DCO-TECH01\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.49 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 70.88% Memory free
    2.84 Gb Paging File | 2.48 Gb Available in Paging File | 87.17% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 29.47 Gb Total Space | 2.19 Gb Free Space | 7.42% Space Free | Partition Type: NTFS
    Drive D: | 45.00 Gb Total Space | 32.11 Gb Free Space | 71.36% Space Free | Partition Type: NTFS

    Computer Name: DCO-D420-01 | User Name: DCO-TECH01 | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\WinPcap\rpcapd.exe" = C:\Program Files\WinPcap\rpcapd.exe:*:Enabled:Remote Packet Capture Daemon -- (CACE Technologies, Inc.)
    "C:\Program Files\Walusoft\TFTPSuite\TFTPServer32.exe" = C:\Program Files\Walusoft\TFTPSuite\TFTPServer32.exe:*:Enabled:TFTPSERVER2000 for Win95/NT/2000 -- (Walusoft (http://www.walusoft.co.uk/))
    "C:\Program Files\Avaya\Avaya IP Softphone\ipsoftphone.exe" = C:\Program Files\Avaya\Avaya IP Softphone\ipsoftphone.exe:*:Enabled:Avaya IP Softphone R6 -- (Avaya Inc.)
    "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
    "C:\Program Files\WinSCP\WinSCP.exe" = C:\Program Files\WinSCP\WinSCP.exe:*:Enabled:SFTP, FTP and SCP client -- (Martin Prikryl)
    "C:\Program Files\3Com\3CDaemon\3CDaemon.EXE" = C:\Program Files\3Com\3CDaemon\3CDaemon.EXE:*:Enabled:3CDaemon Application -- (3Com)
    "C:\Program Files\RealVNC\VNC4\vncviewer.exe" = C:\Program Files\RealVNC\VNC4\vncviewer.exe:*:Enabled:VNC Viewer Free Edition for Win32 -- (RealVNC Ltd.)
    "C:\Program Files\Avaya\IP Office\Manager\Manager.exe" = C:\Program Files\Avaya\IP Office\Manager\Manager.exe:*:Enabled:Manager -- (Avaya)
    "C:\Documents and Settings\DCO-TECH01\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\DCO-TECH01\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
    "C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
    "C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
    "{29914633-C013-43B3-A980-15C1F70DFDB2}" = Avaya Integrated Management Administration Tools
    "{3192A00C-7336-48C6-8BD7-54B9CFA6F7C1}" = Windows Rights Management Client
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{3248F0A8-6813-11D6-A77B-00B0D0150150}" = J2SE Runtime Environment 5.0 Update 15
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
    "{3981D842-22CC-11D5-AE9F-00A0C975EB18}" = Reliable Data Transport Tool
    "{44B436FA-FB33-4B24-8AD1-D8C9A50474E9}" = BitDefender Free Edition 2009
    "{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4D9C7DA3-D532-432D-A556-5F6CD186B0A5}" = DJ_AIO_03_F4200_ProductContext
    "{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
    "{516F00FD-6255-4D13-9F1C-E55CEC4DD03F}" = CTG-2
    "{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
    "{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
    "{62653245-3DC5-4019-AF6B-4E62D6150D9E}" = F4200_Help
    "{634C6324-8E9A-461E-BEF6-3B40E73AC654}" = Avaya MV_IPTel
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{67DFCE0D-BBA9-43AC-90B3-548390ECE522}" = F4200
    "{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
    "{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DBCE8C7-FE94-4D8F-9FF0-38EF3D8BC99E}" = DJ_AIO_03_F4200_Software
    "{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A279F2EA-B570-4BD0-859E-6AA9D0921E42}" = Avaya IP Softphone R6
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
    "{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.1
    "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.1
    "{AE9A67F9-ADF1-4a44-BAB5-C1DB302B37A2}" = HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B29B526D-F027-4122-BC7A-D9E5BC86CC40}" = DJ_AIO_03_F4200_Software_Min
    "{B2BD53EE-9F53-458F-9BF3-7DDA6EAFB63C}" = Avaya Integrated Management Administration Tools SP5
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom Gigabit Integrated Controller
    "{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 6.1
    "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
    "{C03BCB28-51CA-4A05-AC1F-DF540C0A0BBE}" = Samsung PC Studio 3
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
    "{C7EFFD30-CF26-46B6-8F40-EF825D06055D}" = MSXML4 SP2 Install
    "{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
    "{C9B77227-267A-414C-A07E-19C20699B4DD}" = Avaya Gateway Installation Wizard
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D312EBF0-70D9-41DC-A50D-E25A7BC725D6}" = IP Office Admin Suite
    "{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
    "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
    "{E0C18BB0-32CA-4679-B422-9B9FA825378F}" = HP Deskjet Printer Driver Software 9.0
    "{E5E6E687-1033-BA7E-6000-000000000001}" = Adobe Acrobat Elements 6.0
    "{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
    "{EA710A0A-BF5D-433C-8EB5-D17DC54CC298}" = Microsoft Office Live Meeting 2007
    "{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}" = Cisco Systems VPN Client 5.0.05.0290
    "{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "3CDaemon" = 3CDaemon
    "ActiveTouchMeetingClient" = WebEx
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Advanced Implementation and Admin of Avaya Aura CMB" = Advanced Implementation and Admin of Avaya Aura CMB v1.0
    "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
    "Avaya 3.1 Launch Implementation Highlights" = Avaya 3.1 Launch Implementation Highlights v1.0
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "EB88B6218325D2AB47CFFBF7170236B60A6198FF" = Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)
    "EPSON Printer and Utilities" = EPSON Printer Software
    "ESET Online Scanner" = ESET Online Scanner v3
    "FileZilla Client" = FileZilla Client 3.5.0
    "HP Imaging Device Functions" = HP Imaging Device Functions 10.0
    "HP Photosmart Essential" = HP Photosmart Essential 2.5
    "HP Smart Web Printing" = HP Smart Web Printing
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie8" = Windows Internet Explorer 8
    "ImgBurn" = ImgBurn
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PARTNERĀ® ACS R7.0 PC Administration" = PARTNERĀ® PC Administration UnInstaller
    "RealVNC_is1" = VNC Free Edition 4.1.3
    "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
    "Security Task Manager" = Security Task Manager 1.8d
    "TeamViewer 7" = TeamViewer 7
    "TFTPSuitePro 2000" = TFTPSuitePro 2000
    "VLC media player" = VLC media player 1.0.2
    "WavePad" = WavePad Sound Editor
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinPcapInst" = WinPcap 4.1.2
    "WinRAR archiver" = WinRAR archiver
    "winscp3_is1" = WinSCP 4.2.1 beta
    "WinSPM" = WinSPM
    "Wireshark" = Wireshark 1.4.0
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 4.8.0.723
    "magicJack" = magicJack

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  25. Broni

    Broni Malware Annihilator Posts: 48,004   +271



Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.