Possible Malware: Rogue.WinAntiVirus

View previous topic View next topic Go down

Possible Malware: Rogue.WinAntiVirus

Post by dolsson on 2nd September 2010, 5:18 pm

My work PC has been running painfully slowly and sometimes hanging completely. For instance, it has been hanging on an Adobe Reader update. Opening MS Help was incredibly slow. I tried a System Restore and got "cannot be restored" messages. So I ran MBAM and this was the result:

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4531

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/2/2010 9:08:59 AM
mbam-log-2010-09-02 (09-08-59).txt

Scan type: Quick scan
Objects scanned: 155369
Time elapsed: 10 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Okay, so that looks pretty good and maybe now the problem is fixed. But then again, maybe not. So I have followed the sticky in this forum and would appreciate an experts review of the results:

From the sticky:

Updates to Perform

Is your Java outdated?
No, I have updated it recently. "You have the recommended Java installed (Version 6 Update 21)."

Now, is your Adobe Reader outdated?
I have the current version, 9.3.4, installed. I also checked Control Panel to confirm that no older versions are present.

We also require you to install all the critical updates issued by Microsoft by visiting this site in not we will be wasting our time.
I use auto update but have also had MS scan for updates: everything is current.

I have run OTL. Logs will follow.

Thank you for checking on the health of my computer.
David


dolsson
Novice
Novice

Posts Posts : 24
Joined Joined : 2010-08-21
OS OS : XP pro SP3
Protection Protection : MacAfee VirusScan Enterprise 7.1/Webroot Spysweeper
Points Points : 23336
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible Malware: Rogue.WinAntiVirus

Post by dolsson on 2nd September 2010, 5:22 pm

Please let me know if there is a better solution to the forum's character limit. Otherwise, here are the logs, in several parts:

OTL.txt, part 1 of 3:

OTL logfile created on: 9/2/2010 9:44:30 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\David Olsson\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 527.00 Mb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): c:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 46.04 Gb Total Space | 1.32 Gb Free Space | 2.87% Space Free | Partition Type: NTFS
Drive D: | 607.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive N: | 687.33 Gb Total Space | 490.54 Gb Free Space | 71.37% Space Free | Partition Type: NTFS
Drive O: | 38.74 Gb Total Space | 17.25 Gb Free Space | 44.52% Space Free | Partition Type: NTFS

Computer Name: GOAPPEALSDCO
Current User Name: David Olsson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/22 07:42:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Olsson\My Documents\Downloads\OTL.exe
PRC - [2010/07/06 16:41:10 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe
PRC - [2010/03/23 13:57:45 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe
PRC - [2009/12/31 10:32:00 | 002,480,048 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2009/11/12 04:49:16 | 000,361,632 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/11/12 04:49:10 | 000,660,664 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/11/12 04:48:30 | 005,106,904 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/11/06 15:19:58 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2009/11/06 12:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] -- C:\Program Files\Webroot\Spy Sweeper\SSU.exe
PRC - [2009/04/24 02:57:42 | 001,025,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
PRC - [2008/05/27 08:23:17 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 13:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/27 11:42:26 | 001,566,160 | ---- | M] (Pro Softnet Corp.) -- C:\Program Files\IDrive\IDriveETray.exe
PRC - [2008/03/26 16:57:12 | 000,038,352 | ---- | M] (Pro Softnet Corp.) -- C:\Program Files\IDrive\IDriveEBackground.exe
PRC - [2008/03/26 16:56:42 | 000,136,656 | ---- | M] (Pro Softnet Corporation) -- C:\Program Files\IDrive\IDriveE Service.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/02/28 16:45:22 | 000,507,904 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2007/01/29 21:12:14 | 000,030,248 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2006/09/07 10:19:27 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2006/08/15 07:38:14 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/16 19:29:54 | 000,389,120 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2006/05/03 03:12:00 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2006/02/02 16:42:50 | 000,705,024 | ---- | M] () -- C:\WINDOWS\system32\TSSchBkpService.exe
PRC - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe


========== Modules (SafeList) ==========

MOD - [2010/08/22 07:42:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David Olsson\My Documents\Downloads\OTL.exe
MOD - [2010/05/13 22:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\asoehook.dll
MOD - [2009/07/12 01:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 01:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll
MOD - [2008/04/13 17:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/04/19 14:21:40 | 000,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll
MOD - [2006/09/07 10:18:56 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/08/13 09:13:32 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/03/23 13:57:45 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
SRV - [2009/12/31 10:32:00 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009/11/12 04:49:10 | 000,660,664 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/04/09 11:02:36 | 000,153,040 | ---- | M] () [Auto | Stopped] -- C:\Program Files\IDrive\IDrivePlugin.exe -- (IDrivePlugin)
SRV - [2008/03/26 16:56:42 | 000,136,656 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\Program Files\IDrive\IDriveE Service.exe -- (IDriveE Service)
SRV - [2007/12/12 22:03:47 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/02/02 16:42:50 | 000,705,024 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TSSchBkpService.exe -- (TSScheduleBackup)
SRV - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\DAVIDO~1\LOCALS~1\Temp\f6cB5.sys -- (f6cB5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DarkSpyKernel.sys -- (DarkSpy)
DRV - [2010/08/23 16:53:54 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/08/23 01:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100902.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/08/23 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/08/23 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/08/23 01:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100902.004\NAVENG.SYS -- (NAVENG)
DRV - [2010/08/10 01:16:24 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100810.004\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/06/16 18:54:13 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100830.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/05 21:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/28 22:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 20:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 19:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 19:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 17:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys -- (ccHP)
DRV - [2009/12/31 10:32:04 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2009/12/31 10:31:50 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV - [2009/12/31 10:31:46 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/12/31 10:31:17 | 000,158,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/10/14 20:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS -- (SymDS)
DRV - [2008/08/18 15:54:27 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/04 20:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc ([You must be registered and logged in to see this link.] [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2006/12/12 07:43:18 | 000,052,224 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2006/10/22 13:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/09/03 09:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/08/15 07:38:14 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/14 11:29:44 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/06/19 02:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/01/10 10:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/10/14 20:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/08/04 03:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/04 03:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/04 03:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/04 03:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/04 03:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/04 03:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/04 03:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/04 03:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/04 03:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/04 03:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/04 03:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/04 03:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/04 03:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/04 03:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/04 03:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/06/09 07:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
DRV - [2002/08/14 16:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/webhp?rls=ig"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.90
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1.2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.028

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/08/24 18:50:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/08/23 16:55:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox 3.5 Beta 4\components [2010/07/06 16:41:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.5 Beta 4\plugins [2010/09/02 08:12:32 | 000,000,000 | ---D | M]

[2009/06/12 12:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Olsson\Application Data\Mozilla\Extensions
[2010/09/02 09:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Olsson\Application Data\Mozilla\Firefox\Profiles\75x2moca.default\extensions
[2010/04/12 09:16:52 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\David Olsson\Application Data\Mozilla\Firefox\Profiles\75x2moca.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/04/27 11:12:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\David Olsson\Application Data\Mozilla\Firefox\Profiles\75x2moca.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/02 09:22:17 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\David Olsson\Application Data\Mozilla\Firefox\Profiles\75x2moca.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/08/24 14:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Olsson\Application Data\Mozilla\Firefox\Profiles\75x2moca.default\extensions\es-MX@dictionaries.addons.mozilla.org
[2010/06/10 09:09:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Olsson\Application Data\Mozilla\Firefox\Profiles\75x2moca.default\extensions\firefox@red-cog.com
[2010/08/24 14:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Olsson\Application Data\Mozilla\Firefox\Profiles\75x2moca.default\extensions\unplug@compunach

O1 HOSTS File: ([2010/03/31 05:13:40 | 000,000,794 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts:
O1 - Hosts: 192.168.0.66 HP000D9D23724F
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (DeskBandHelper Class) - {9E0B5480-4FF0-4FEE-818B-D4DB0F220D64} - C:\Program Files\LexisNexis\PClaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (PCLaw Web Timer) - {0E1230F8-EA50-42A9-983C-D22ABC2EED4B} - C:\Program Files\LexisNexis\PClaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PCLaw Web Timer) - {0E1230F8-EA50-42A9-983C-D22ABC2EED4B} - C:\Program Files\LexisNexis\PClaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Comodo Firewall] C:\Program Files\Comodo\Firewall\CPF.exe File not found
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\system32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\system32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [IDriveE Startup] C:\Program Files\IDrive\IDrvieEStartup.exe (Pro Softnet Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] File not found
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\David Olsson\Start Menu\Programs\Startup\Comcast Universal Caller ID.lnk = C:\Program Files\Comcast Universal Caller ID\Comcast Universal Caller ID.exe File not found
O4 - Startup: C:\Documents and Settings\David Olsson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\David Olsson\Start Menu\Programs\Startup\IDrive Tray.lnk = C:\Program Files\IDrive\IDriveEReg2ini.exe (Pro Softnet Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Webpage Capture - {1F958B09-6612-7a0e-9223-4C7324C57B23} - C:\Program Files\Webpage Capture\Webpage Capture.exe (Endicosoft.com)
O9 - Extra 'Tools' menuitem : PCLaw Web Timer Help - {91d9cee5-3906-40f7-b51a-9b013b59c826} - C:\Program Files\LexisNexis\PClaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O9 - Extra 'Tools' menuitem : PCLaw Web Timer - {9d2169e0-0775-4080-9b4e-90fce9945b4a} - C:\Program Files\LexisNexis\PClaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: valic.com ([www3] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} [You must be registered and logged in to see this link.] (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [You must be registered and logged in to see this link.] (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [You must be registered and logged in to see this link.] (GpcContainer Class)
O16 - DPF: PLLiveUpWeb [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: PLUpdate [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\David Olsson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David Olsson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 15:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/08/17 13:29:09 | 001,049,968 | R--- | M] (Microsoft Corporation) - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/06/19 13:58:38 | 000,000,225 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{8268569e-9688-11db-b6f9-00038a000015}\Shell\AutoRun\command - "" = E:\Connect.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (a) - File not found
O34 - HKLM BootExecute: (u) - File not found
O34 - HKLM BootExecute: (t) - File not found
O34 - HKLM BootExecute: (o) - File not found
O34 - HKLM BootExecute: (c) - File not found
O34 - HKLM BootExecute: (h) - File not found
O34 - HKLM BootExecute: (k) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


dolsson
Novice
Novice

Posts Posts : 24
Joined Joined : 2010-08-21
OS OS : XP pro SP3
Protection Protection : MacAfee VirusScan Enterprise 7.1/Webroot Spysweeper
Points Points : 23336
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible Malware: Rogue.WinAntiVirus

Post by dolsson on 2nd September 2010, 5:31 pm

OTL.txt, part 2 of 3:



SafeBootMin: AVG Anti-Spyware Driver - Driver
SafeBootMin: AVG Anti-Spyware Guard - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WebrootSpySweeperService - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc. ([You must be registered and logged in to see this link.]
SafeBootMin: WRConsumerService - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AVG Anti-Spyware Driver - Driver
SafeBootNet: AVG Anti-Spyware Guard - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WebrootSpySweeperService - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc. ([You must be registered and logged in to see this link.]
SafeBootNet: WRConsumerService - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {1D453F96-94CF-0FB1-D564-55BAAEBEC006} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8596117B-04C5-1B7B-6B7E-F86482AB035D} - Microsoft Windows Media Player 6.4
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 30 Days ==========

[2010/09/02 09:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/09/02 08:48:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/02 08:48:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/31 16:41:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2010/08/31 16:27:19 | 001,230,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msvidctl.dll
[2010/08/31 16:27:19 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2010/08/31 16:27:19 | 000,052,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msdv.sys
[2010/08/31 16:27:19 | 000,052,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdv.sys
[2010/08/31 16:27:19 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstdecod.dll
[2010/08/31 16:27:19 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2010/08/31 16:27:19 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mpe.sys
[2010/08/31 16:27:19 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2010/08/31 16:27:19 | 000,014,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2010/08/31 16:27:19 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2010/08/31 16:27:19 | 000,010,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2010/08/31 16:27:18 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2010/08/31 16:27:18 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2010/08/31 16:27:18 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2010/08/31 16:27:18 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2010/08/31 16:27:18 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2010/08/31 16:27:18 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2010/08/31 16:27:18 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2010/08/31 16:27:18 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bdaplgin.ax
[2010/08/31 16:27:18 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2010/08/31 16:27:18 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2010/08/31 16:27:18 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2010/08/31 16:27:18 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksolay.ax
[2010/08/31 16:27:18 | 000,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bdasup.sys
[2010/08/31 16:27:18 | 000,011,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2010/08/31 16:27:18 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2010/08/31 16:27:15 | 001,201,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3d8.dll
[2010/08/31 16:27:15 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dinput8.dll
[2010/08/31 16:27:15 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmime.dll
[2010/08/31 16:27:15 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.dll
[2010/08/31 16:27:15 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmsynth.dll
[2010/08/31 16:27:15 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmstyle.dll
[2010/08/31 16:27:15 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmscript.dll
[2010/08/31 16:27:15 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmcompos.dll
[2010/08/31 16:27:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmloader.dll
[2010/08/31 16:27:15 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmband.dll
[2010/08/31 16:27:15 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dswave.dll
[2010/08/31 16:27:14 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxdiag.exe
[2010/08/31 16:27:14 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmoprp.dll
[2010/08/31 16:27:14 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvoice.dll
[2010/08/31 16:27:14 | 000,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsdmo.dll
[2010/08/31 16:27:14 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvvox.dll
[2010/08/31 16:27:14 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvsetup.exe
[2010/08/31 16:27:14 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxdllreg.exe
[2010/08/31 16:27:13 | 001,189,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx8vb.dll
[2010/08/31 16:27:13 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnet.dll
[2010/08/31 16:27:13 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnhupnp.dll
[2010/08/31 16:27:13 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnhpast.dll
[2010/08/31 16:27:13 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpvacm.dll
[2010/08/31 16:27:13 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnsvr.exe
[2010/08/31 16:27:13 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3d8thk.dll
[2010/08/31 16:27:13 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnlobby.dll
[2010/08/31 16:27:13 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpnaddr.dll
[2010/08/31 16:27:12 | 001,294,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound3d.dll
[2010/08/31 16:27:12 | 000,648,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dinput.dll
[2010/08/31 16:27:12 | 000,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dx7vb.dll
[2010/08/31 16:27:12 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsound.dll
[2010/08/31 16:27:12 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplayx.dll
[2010/08/31 16:27:12 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\joy.cpl
[2010/08/31 16:27:12 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpwsockx.dll
[2010/08/31 16:27:12 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dpmodemx.dll
[2010/08/31 16:27:12 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pid.dll
[2010/08/31 16:27:12 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dplaysvr.exe
[2010/08/31 16:27:12 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddrawex.dll
[2010/08/31 16:27:11 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\d3dim700.dll
[2010/08/31 16:27:11 | 000,292,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ddraw.dll
[2010/08/30 13:39:15 | 079,645,544 | ---- | C] (Microsoft Corp.) -- C:\Documents and Settings\David Olsson\Desktop\Win7-P-Retail-en-us-x64.exe
[2010/08/30 11:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Olsson\Application Data\Canneverbe Limited
[2010/08/30 11:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/08/30 11:47:16 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2010/08/30 10:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Olsson\Application Data\GetRightToGo
[2010/08/28 15:22:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Olsson\My Documents\My Games
[2010/08/25 15:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2010/08/25 15:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Olsson\My Documents\Stronghold 2
[2010/08/24 12:35:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Bootvis
[2010/08/23 18:57:23 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdi.sys
[2010/08/23 18:57:23 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symtdiv.sys
[2010/08/23 18:57:23 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.sys
[2010/08/23 18:57:23 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.sys
[2010/08/23 18:57:23 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.sys
[2010/08/23 18:57:22 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.sys
[2010/08/23 18:57:22 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.sys

========== Files - Modified Within 30 Days ==========

[2010/09/02 09:41:03 | 000,013,722 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/02 09:26:02 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/09/02 08:48:21 | 000,001,628 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L48F51C96F34644CFA0AFD0B8C6B6F977.job
[2010/09/02 08:42:56 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/09/02 08:41:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/02 08:41:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/02 08:41:32 | 1005,047,808 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/02 08:40:11 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\David Olsson\ntuser.dat
[2010/09/02 08:40:04 | 002,189,696 | -H-- | M] () -- C:\Documents and Settings\David Olsson\Local Settings\Application Data\IconCache.db
[2010/09/02 07:55:02 | 1005,080,576 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/09/01 19:56:17 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\David Olsson\ntuser.ini
[2010/09/01 10:03:56 | 000,000,467 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/09/01 10:00:00 | 000,000,602 | ---- | M] () -- C:\WINDOWS\tasks\ABF OB backup.job
[2010/08/31 17:10:22 | 000,688,226 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/08/31 16:29:25 | 000,001,798 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Age of Empires III.lnk
[2010/08/30 13:40:49 | 079,645,544 | ---- | M] (Microsoft Corp.) -- C:\Documents and Settings\David Olsson\Desktop\Win7-P-Retail-en-us-x64.exe
[2010/08/30 13:39:15 | 167,815,816 | ---- | M] () -- C:\Documents and Settings\David Olsson\Desktop\setup2.box
[2010/08/30 13:35:46 | 2860,840,667 | ---- | M] () -- C:\Documents and Settings\David Olsson\Desktop\setup1.box
[2010/08/30 13:23:27 | 000,006,061 | ---- | M] () -- C:\Documents and Settings\David Olsson\Application Data\PrimoPDFSet.xml
[2010/08/30 12:27:46 | 000,000,310 | ---- | M] () -- C:\Documents and Settings\David Olsson\Application Data\APUSet.xml
[2010/08/30 11:47:21 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2010/08/30 11:27:51 | 3224,686,592 | ---- | M] () -- C:\Documents and Settings\David Olsson\Desktop\X15-65805.iso
[2010/08/28 15:43:42 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\David Olsson\Desktop\Shortcut to age3.exe.lnk
[2010/08/28 15:13:57 | 000,001,852 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Age of Empires III Trial.lnk
[2010/08/27 13:18:11 | 000,000,247 | ---- | M] () -- C:\WINDOWS\PLREMOTE.INI
[2010/08/27 11:10:40 | 003,131,740 | ---- | M] () -- C:\Documents and Settings\David Olsson\My Documents\PCLaw_Tips and Tricks_v3Final_atuback.pdf
[2010/08/26 23:00:00 | 000,001,644 | ---- | M] () -- C:\WINDOWS\tasks\wrSpySweeper_L1E21E99FA2BA4C24A3526D2691D6E512.job
[2010/08/26 21:12:32 | 001,555,661 | ---- | M] () -- C:\Documents and Settings\David Olsson\My Documents\AOE3_quick_ref.pdf
[2010/08/26 20:57:01 | 003,756,868 | ---- | M] () -- C:\Documents and Settings\David Olsson\My Documents\AOE3_manual_r2.pdf
[2010/08/26 15:30:40 | 000,000,783 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/24 16:58:13 | 000,002,021 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2010/08/24 16:57:34 | 000,187,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/24 16:50:23 | 000,001,976 | ---- | M] () -- C:\Documents and Settings\David Olsson\Desktop\Bootvis.lnk
[2010/08/24 12:31:09 | 000,515,884 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/24 12:31:09 | 000,094,922 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/24 12:31:08 | 000,621,982 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/24 12:27:19 | 000,001,466 | ---- | M] () -- C:\Documents and Settings\David Olsson\Desktop\Layout.lnk
[2010/08/24 09:19:53 | 000,036,736 | ---- | M] () -- C:\Documents and Settings\David Olsson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/23 16:53:54 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/08/23 16:53:54 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/08/23 16:53:54 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/08/23 16:53:54 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/08/23 16:51:03 | 000,000,871 | ---- | M] () -- C:\Documents and Settings\David Olsson\Desktop\Norton Installation Files.lnk
[2010/08/23 16:28:47 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/23 16:28:47 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/23 16:28:47 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/08/23 16:28:47 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/08/23 16:28:46 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/08/22 18:44:30 | 000,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd
[2010/08/11 16:42:16 | 000,117,248 | ---- | M] () -- C:\Documents and Settings\David Olsson\My Documents\Mortgage Info.doc
[2010/08/11 14:21:28 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\David Olsson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/08/11 03:30:18 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/08 15:06:54 | 005,645,312 | ---- | M] () -- C:\Documents and Settings\David Olsson\Desktop\FW_E2000_1.0.01.007_US_20100415_code.bin
[2010/08/08 15:06:10 | 003,858,418 | ---- | M] () -- C:\Documents and Settings\David Olsson\Desktop\Linksys Router E2000_UG_USA_V10_NC-WEB,0.pdf
[2010/08/07 18:58:51 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\David Olsson\My Documents\FAMILY TV.doc
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/31 16:29:24 | 000,001,798 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Age of Empires III.lnk
[2010/08/31 16:27:19 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/08/31 16:27:19 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/08/31 16:27:19 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2010/08/31 16:27:19 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/08/31 16:27:19 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2010/08/31 16:27:19 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/08/31 16:27:17 | 001,798,144 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedit.dll
[2010/08/31 16:27:17 | 000,733,184 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
[2010/08/31 16:27:17 | 000,470,528 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2010/08/31 16:27:17 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll
[2010/08/31 16:27:16 | 000,316,928 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdv.dll
[2010/08/31 16:27:16 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qcap.dll
[2010/08/31 16:27:16 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax
[2010/08/31 16:27:16 | 000,132,608 | ---- | C] () -- C:\WINDOWS\System32\dllcache\devenum.dll
[2010/08/31 16:27:16 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\dllcache\amstream.dll
[2010/08/31 16:27:16 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mciqtz32.dll
[2010/08/30 13:35:47 | 167,815,816 | ---- | C] () -- C:\Documents and Settings\David Olsson\Desktop\setup2.box
[2010/08/30 12:31:33 | 2860,840,667 | ---- | C] () -- C:\Documents and Settings\David Olsson\Desktop\setup1.box
[2010/08/30 11:47:21 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2010/08/30 11:47:19 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/08/30 10:53:37 | 3224,686,592 | ---- | C] () -- C:\Documents and Settings\David Olsson\Desktop\X15-65805.iso
[2010/08/28 15:43:42 | 000,000,928 | ---- | C] () -- C:\Documents and Settings\David Olsson\Desktop\Shortcut to age3.exe.lnk
[2010/08/28 15:13:54 | 000,001,852 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Age of Empires III Trial.lnk
[2010/08/27 11:10:40 | 003,131,740 | ---- | C] () -- C:\Documents and Settings\David Olsson\My Documents\PCLaw_Tips and Tricks_v3Final_atuback.pdf
[2010/08/26 21:12:32 | 001,555,661 | ---- | C] () -- C:\Documents and Settings\David Olsson\My Documents\AOE3_quick_ref.pdf
[2010/08/26 20:56:15 | 003,756,868 | ---- | C] () -- C:\Documents and Settings\David Olsson\My Documents\AOE3_manual_r2.pdf
[2010/08/24 16:57:15 | 000,688,226 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\Cat.DB
[2010/08/24 16:50:23 | 000,001,976 | ---- | C] () -- C:\Documents and Settings\David Olsson\Desktop\Bootvis.lnk
[2010/08/24 12:27:05 | 000,001,466 | ---- | C] () -- C:\Documents and Settings\David Olsson\Desktop\Layout.lnk
[2010/08/23 18:57:23 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.cat
[2010/08/23 18:57:23 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.cat
[2010/08/23 18:57:23 | 000,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.cat
[2010/08/23 18:57:23 | 000,007,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.cat
[2010/08/23 18:57:23 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symefa.inf
[2010/08/23 18:57:23 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symds.inf
[2010/08/23 18:57:23 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnetv.inf
[2010/08/23 18:57:23 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\symnet.inf
[2010/08/23 18:57:22 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.cat
[2010/08/23 18:57:22 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.cat
[2010/08/23 18:57:22 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.cat
[2010/08/23 18:57:22 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.cat
[2010/08/23 18:57:22 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\cchpx86.inf
[2010/08/23 18:57:22 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtspx.inf
[2010/08/23 18:57:22 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\srtsp.inf
[2010/08/23 18:57:22 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\iron.inf
[2010/08/23 18:56:53 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0402000.00C\isolate.ini
[2010/08/23 16:53:55 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/08/23 16:53:54 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/08/23 16:53:40 | 000,002,021 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Security Suite.LNK
[2010/08/23 16:51:02 | 000,000,871 | ---- | C] () -- C:\Documents and Settings\David Olsson\Desktop\Norton Installation Files.lnk
[2010/08/23 16:42:20 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/11 16:42:15 | 000,117,248 | ---- | C] () -- C:\Documents and Settings\David Olsson\My Documents\Mortgage Info.doc
[2010/08/11 16:00:54 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\David Olsson\Desktop\06078400.xlt
[2010/08/08 15:06:54 | 005,645,312 | ---- | C] () -- C:\Documents and Settings\David Olsson\Desktop\FW_E2000_1.0.01.007_US_20100415_code.bin
[2010/08/08 15:06:10 | 003,858,418 | ---- | C] () -- C:\Documents and Settings\David Olsson\Desktop\Linksys Router E2000_UG_USA_V10_NC-WEB,0.pdf
[2010/08/07 18:58:51 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\David Olsson\My Documents\FAMILY TV.doc
[2010/05/14 10:55:29 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\David Olsson\Local Settings\Application Data\housecall.guid.cache
[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/09/06 14:27:57 | 000,025,842 | ---- | C] () -- C:\Documents and Settings\David Olsson\Application Data\Comma Separated Values (Windows).ADR
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/20 16:26:42 | 000,000,467 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/05/20 16:26:42 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/05/20 16:25:58 | 000,000,395 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/05/20 16:25:58 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/05/20 16:21:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2009/05/20 16:21:27 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2009/05/20 16:21:14 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/05/20 16:21:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/05/20 16:12:01 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/04/02 07:47:00 | 000,022,300 | ---- | C] () -- C:\Documents and Settings\David Olsson\Application Data\Tab Separated Values (DOS).ADR
[2009/04/02 07:43:37 | 000,022,304 | ---- | C] () -- C:\Documents and Settings\David Olsson\Application Data\Tab Separated Values (Windows).ADR
[2009/04/01 09:47:49 | 000,683,801 | ---- | C] () -- C:\Documents and Settings\David Olsson\Application Data\unins000.exe
[2009/04/01 09:47:49 | 000,011,615 | ---- | C] () -- C:\Documents and Settings\David Olsson\Application Data\unins000.dat
[2008/05/30 10:55:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\the.ini
[2008/04/21 12:49:06 | 000,006,061 | ---- | C] () -- C:\Documents and Settings\David Olsson\Application Data\PrimoPDFSet.xml
[2008/04/21 12:49:06 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\David Olsson\Application Data\APUSet.xml
[2008/04/15 14:17:56 | 000,000,611 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/01/25 13:32:39 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/01/09 16:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/12/12 22:15:28 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/10/12 10:30:29 | 000,009,368 | ---- | C] () -- C:\Documents and Settings\David Olsson\Application Data\Comma Separated Values (Windows).EML
[2007/10/07 13:19:36 | 000,034,368 | ---- | C] () -- C:\Program Files\MCj04244600000[1].wmf
[2007/10/07 13:17:47 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/09/13 17:14:15 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2007/09/13 17:11:18 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/09/13 17:11:17 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/06/28 15:39:52 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/04/19 13:17:44 | 000,000,145 | ---- | C] () -- C:\WINDOWS\PLACE32.INI
[2007/04/16 20:06:21 | 000,000,247 | ---- | C] () -- C:\WINDOWS\PLREMOTE.INI
[2007/04/13 12:07:03 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2007/04/11 18:42:25 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\ExportModeller.dll
[2007/04/11 18:42:16 | 000,049,223 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll
[2007/04/11 18:42:15 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\u25store.dll
[2007/04/11 18:42:01 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\xhbcommdll.dll
[2007/04/11 18:41:59 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll
[2007/04/11 18:41:59 | 000,173,056 | ---- | C] () -- C:\WINDOWS\System32\gteinet.dll
[2007/04/11 18:41:58 | 001,283,072 | ---- | C] () -- C:\WINDOWS\System32\AbacusDB.dll
[2007/04/11 18:41:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\crheapalloc.dll
[2007/04/10 09:34:25 | 000,005,299 | ---- | C] () -- C:\WINDOWS\STI.INI
[2007/04/10 09:25:54 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\UserEdit.dll
[2007/04/06 11:28:32 | 000,000,577 | ---- | C] () -- C:\WINDOWS\TIMESLIP.INI
[2007/04/06 11:28:13 | 000,244,984 | ---- | C] () -- C:\WINDOWS\System32\tutil32.dll
[2007/04/04 21:16:58 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\regd4e27win83.dll
[2007/01/23 12:58:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2007/01/12 18:41:47 | 000,010,536 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Svclog.log
[2007/01/05 14:39:28 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/26 11:43:54 | 000,087,040 | ---- | C] () -- C:\Documents and Settings\David Olsson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/06 15:49:36 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2006/10/22 13:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 13:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 13:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 13:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/10/07 07:32:32 | 000,001,401 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/10/06 18:42:07 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/10/06 18:42:07 | 000,000,299 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2006/10/06 18:27:26 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/10/06 18:27:26 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\D2178F15B2.sys
[2006/10/06 18:26:47 | 000,016,159 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/10/04 16:08:46 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\David Olsson\Application Data\dvd.bmk
[2006/10/04 16:02:54 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\David Olsson\Local Settings\Application Data\fusioncache.dat
[2006/09/21 19:47:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/21 19:40:42 | 000,004,173 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/21 19:33:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/21 19:10:04 | 000,000,302 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 06:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 15:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 15:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/06/12 12:00:56 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2003/01/07 13:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/11/29 09:50:40 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\QTExporter.dll
[1997/06/13 18:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

dolsson
Novice
Novice

Posts Posts : 24
Joined Joined : 2010-08-21
OS OS : XP pro SP3
Protection Protection : MacAfee VirusScan Enterprise 7.1/Webroot Spysweeper
Points Points : 23336
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible Malware: Rogue.WinAntiVirus

Post by dolsson on 2nd September 2010, 5:32 pm

OTL.txt, part 3 of 3:



========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2009/11/06 12:00:28 | 000,031,088 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\wrLZMA.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[2009/11/06 12:00:20 | 000,016,240 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\SsiEfr.exe
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/01/05 05:45:59 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/01/05 13:39:10 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2007/01/05 05:45:59 | 028,573,696 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/01/05 05:46:01 | 004,718,592 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 03:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/04 03:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2006/10/06 18:27:26 | 000,000,008 | RHS- | M] () -- C:\WINDOWS\system32\D2178F15B2.sys
[2004/06/09 07:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\DDMI2.sys
[2005/03/13 14:54:00 | 000,006,656 | ---- | M] (GTek Technologies Ltd.) -- C:\WINDOWS\system32\DLPT2.sys
[2005/02/08 10:37:52 | 000,007,626 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GPCIEnum.sys
[2004/06/15 13:55:56 | 000,007,882 | ---- | M] (Gteko Ltd.) -- C:\WINDOWS\system32\GTKCMOS.sys
[2004/08/04 03:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/04 03:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 03:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2006/10/20 20:08:08 | 000,002,516 | -HS- | M] () -- C:\WINDOWS\system32\KGyGaAvL.sys
[2004/08/04 03:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/04 03:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/04 03:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/04 03:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/04 03:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 03:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 03:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 03:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 03:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 03:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 11:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/06/23 06:44:04 | 001,851,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 17:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 17:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 17:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 17:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 17:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 17:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 17:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 17:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 17:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 17:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 17:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 17:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 17:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/13 17:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/13 17:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2007/04/11 20:08:23 | 000,052,531 | ---- | M] () -- C:\ads_err.dbf
[2004/08/11 15:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/03/16 12:32:07 | 000,004,096 | ---- | M] () -- C:\BFMatLnk.dat
[2009/03/16 12:32:07 | 000,004,096 | ---- | M] () -- C:\BFMatLnk.idx
[2007/01/05 13:56:47 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2004/08/11 15:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/09/21 19:17:26 | 000,005,956 | RH-- | M] () -- C:\dell.sdr
[2010/09/02 08:41:32 | 1005,047,808 | -HS- | M] () -- C:\hiberfil.sys
[2007/01/05 13:49:54 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2008/09/06 14:52:18 | 000,000,164 | ---- | M] () -- C:\install.dat
[2007/04/12 15:23:22 | 000,010,217 | ---- | M] () -- C:\INSTALL.LOG
[2004/08/11 15:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2006/09/21 19:36:10 | 000,000,828 | -H-- | M] () -- C:\IPH.PH
[2004/08/11 15:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 03:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/04 14:31:36 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/02 08:41:31 | 1509,949,440 | -HS- | M] () -- C:\pagefile.sys
[2007/12/07 13:23:11 | 000,000,007 | ---- | M] () -- C:\PLOFFCAL.001
[2009/08/24 14:08:18 | 000,000,014 | ---- | M] () -- C:\PLOFFCAL.KEY
[2007/12/07 13:23:11 | 000,000,007 | ---- | M] () -- C:\PLSATCAL.001
[2009/08/24 14:08:18 | 000,000,014 | ---- | M] () -- C:\PLSATCAL.KEY
[2009/01/01 09:42:59 | 000,000,153 | ---- | M] () -- C:\Rescued document 1.txt
[2009/10/09 11:48:52 | 000,002,979 | ---- | M] () -- C:\Rescued document 2.txt
[2009/10/09 11:57:38 | 000,002,629 | ---- | M] () -- C:\Rescued document 3.txt
[2010/06/04 09:06:56 | 000,000,076 | ---- | M] () -- C:\Rescued document 4.txt
[2010/06/04 09:06:58 | 000,001,397 | ---- | M] () -- C:\Rescued document 5.txt
[2010/06/04 09:07:07 | 000,001,854 | ---- | M] () -- C:\Rescued document 6.txt
[2010/06/19 13:45:27 | 000,001,569 | ---- | M] () -- C:\Rescued document 7.txt
[2007/02/09 17:55:34 | 000,003,585 | ---- | M] () -- C:\Rescued document.txt
[2010/09/01 16:38:57 | 000,167,411 | ---- | M] () -- C:\RTBTrace.txt
[2007/05/29 12:59:42 | 000,004,096 | ---- | M] () -- C:\SADVANCE.dat
[2007/05/29 12:59:42 | 000,004,096 | ---- | M] () -- C:\SADVANCE.idx
[2007/04/05 07:32:11 | 000,010,320 | ---- | M] () -- C:\SBCSTray.log
[2006/09/21 19:36:17 | 000,000,070 | ---- | M] () -- C:\SystemInfo.ini
[2010/01/20 15:47:17 | 000,000,059 | ---- | M] () -- C:\Trace.txt
[2007/01/02 13:49:44 | 027,262,976 | ---- | M] () -- C:\VIRTPART.DAT
[2007/01/01 10:42:44 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX
[2010/06/04 09:06:56 | 000,000,162 | -H-- | M] () -- C:\~$scued document 4.txt

< %PROGRAMFILES%\*. >
[2010/08/23 16:18:46 | 000,000,000 | ---D | M] -- C:\Program Files\a-squared Free Malware Scanner
[2008/05/14 10:31:47 | 000,000,000 | ---D | M] -- C:\Program Files\Acronis
[2008/01/25 13:32:37 | 000,000,000 | ---D | M] -- C:\Program Files\activePDF
[2010/08/23 16:41:22 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/11/13 17:18:22 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2006/09/21 19:41:08 | 000,000,000 | ---D | M] -- C:\Program Files\BAE
[2009/11/13 17:23:21 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2007/04/06 11:28:13 | 000,000,000 | ---D | M] -- C:\Program Files\Borland
[2006/09/21 19:30:29 | 000,000,000 | ---D | M] -- C:\Program Files\Broadcom
[2010/07/08 10:44:09 | 000,000,000 | ---D | M] -- C:\Program Files\Brother
[2009/06/12 12:13:01 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/08/30 11:47:20 | 000,000,000 | ---D | M] -- C:\Program Files\CDBurnerXP
[2010/08/08 14:53:44 | 000,000,000 | ---D | M] -- C:\Program Files\Cisco Systems
[2009/06/02 14:29:39 | 000,000,000 | ---D | M] -- C:\Program Files\Cleaner 5 EZ
[2010/07/06 14:13:31 | 000,000,000 | ---D | M] -- C:\Program Files\Comcast
[2010/07/06 14:10:48 | 000,000,000 | ---D | M] -- C:\Program Files\ComcastUI
[2010/08/23 19:55:52 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2007/01/15 18:11:27 | 000,000,000 | ---D | M] -- C:\Program Files\Comodo
[2004/08/11 15:12:04 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2006/09/21 19:38:51 | 000,000,000 | ---D | M] -- C:\Program Files\Corel Corporation
[2008/04/13 11:09:48 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2006/09/21 19:43:38 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support
[2008/08/04 13:19:56 | 000,000,000 | ---D | M] -- C:\Program Files\directx
[2009/05/17 15:54:56 | 000,000,000 | ---D | M] -- C:\Program Files\DogObedienceTraining
[2007/01/12 18:40:51 | 000,000,000 | ---D | M] -- C:\Program Files\Downloaded Installations
[2006/12/15 11:44:42 | 000,000,000 | ---D | M] -- C:\Program Files\Driver Validation
[2008/08/04 22:04:59 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Flick
[2007/01/11 21:41:13 | 000,000,000 | ---D | M] -- C:\Program Files\ERUNT
[2009/06/08 21:19:28 | 000,000,000 | ---D | M] -- C:\Program Files\Excel to QIF Converter
[2010/08/25 14:49:43 | 000,000,000 | ---D | M] -- C:\Program Files\Firefly Studios
[2010/07/02 15:21:35 | 000,000,000 | ---D | M] -- C:\Program Files\FreeMind
[2009/11/22 12:10:58 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2007/01/15 12:28:23 | 000,000,000 | ---D | M] -- C:\Program Files\Grisoft
[2009/04/01 11:12:53 | 000,000,000 | ---D | M] -- C:\Program Files\GroupMail 5
[2009/05/20 15:04:11 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2010/09/02 08:52:04 | 000,000,000 | ---D | M] -- C:\Program Files\IDrive
[2010/08/28 15:18:08 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2006/09/21 19:32:09 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2010/08/11 03:13:25 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/03/04 12:47:39 | 000,000,000 | ---D | M] -- C:\Program Files\Intuit
[2009/11/11 10:48:01 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2006/09/21 19:36:08 | 000,000,000 | ---D | M] -- C:\Program Files\Learn2.com
[2007/04/16 09:42:08 | 000,000,000 | ---D | M] -- C:\Program Files\LexisNexis
[2009/04/01 09:55:15 | 000,000,000 | ---D | M] -- C:\Program Files\Lotus
[2007/12/11 18:15:54 | 000,000,000 | ---D | M] -- C:\Program Files\Macromedia
[2010/09/02 08:48:37 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/08/19 03:06:49 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2006/09/21 19:33:26 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2010/08/24 17:13:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Bootvis
[2008/04/13 11:53:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2004/08/11 15:15:24 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/08/31 16:04:29 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2009/04/09 11:39:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2006/09/21 19:35:07 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Digital Media Edition
[2006/09/21 19:35:09 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2007/04/12 18:22:46 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2006/09/21 19:33:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2008/11/20 12:29:17 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2006/09/21 19:33:11 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/08/11 03:04:18 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/09/02 09:22:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox 3.5 Beta 4
[2009/06/09 21:42:43 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/08/25 09:23:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSECache
[2004/08/11 15:11:30 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004/08/11 15:11:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/07/13 15:44:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSSOAP
[2006/11/20 12:55:25 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/04/13 11:53:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2007/01/03 10:23:13 | 000,000,000 | ---D | M] -- C:\Program Files\MUSICMATCH
[2008/08/04 14:38:25 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/08/23 16:32:13 | 000,000,000 | ---D | M] -- C:\Program Files\Network Associates
[2010/08/23 16:53:08 | 000,000,000 | ---D | M] -- C:\Program Files\Norton Security Suite
[2010/08/23 16:52:56 | 000,000,000 | ---D | M] -- C:\Program Files\NortonInstaller
[2010/09/02 09:22:37 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2009/05/20 16:12:36 | 000,000,000 | ---D | M] -- C:\Program Files\Nuance
[2004/08/11 15:11:50 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/05/12 03:01:31 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2007/01/11 18:57:59 | 000,000,000 | ---D | M] -- C:\Program Files\PageDfrg
[2010/08/23 16:30:06 | 000,000,000 | ---D | M] -- C:\Program Files\Panda Security
[2010/08/31 15:14:06 | 000,000,000 | ---D | M] -- C:\Program Files\Password Safe
[2010/06/20 14:26:26 | 000,000,000 | ---D | M] -- C:\Program Files\Payne Consulting Group
[2007/01/09 15:54:34 | 000,000,000 | ---D | M] -- C:\Program Files\PC Wizard 2006
[2007/04/05 08:18:18 | 000,000,000 | ---D | M] -- C:\Program Files\PDF Converter
[2008/03/17 13:00:27 | 000,000,000 | ---D | M] -- C:\Program Files\pdf995
[2010/07/23 17:11:02 | 000,000,000 | ---D | M] -- C:\Program Files\PFPortChecker
[2007/04/12 19:16:19 | 000,000,000 | ---D | M] -- C:\Program Files\ProLaw Evaluation
[2009/09/15 11:03:14 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
[2009/11/13 17:21:24 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/01/14 11:50:36 | 000,000,000 | ---D | M] -- C:\Program Files\Rasterbator
[2006/09/21 19:35:54 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2006/10/20 18:45:39 | 000,000,000 | ---D | M] -- C:\Program Files\Real World Training
[2009/06/09 21:42:17 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/08/23 19:51:26 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2009/05/20 16:10:14 | 000,000,000 | ---D | M] -- C:\Program Files\ScanSoft
[2006/09/21 19:31:08 | 000,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2006/09/21 19:41:07 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2009/04/15 18:25:50 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Online Entertainment
[2010/05/13 11:23:11 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2009/02/06 16:31:54 | 000,000,000 | ---D | M] -- C:\Program Files\Starfield
[2007/04/12 14:07:49 | 000,000,000 | ---D | M] -- C:\Program Files\STI
[2007/10/06 09:59:34 | 000,000,000 | ---D | M] -- C:\Program Files\Sticker Lite
[2007/01/12 20:59:15 | 000,000,000 | ---D | M] -- C:\Program Files\StorageSync
[2007/01/12 18:41:33 | 000,000,000 | ---D | M] -- C:\Program Files\Sunbelt Software
[2009/11/21 18:04:27 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2005/09/09 20:56:32 | 000,000,000 | ---D | M] -- C:\Program Files\Support
[2010/08/23 16:53:55 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2007/01/01 10:07:01 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec Technical Support
[2009/06/08 14:59:08 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2007/01/07 08:20:21 | 000,000,000 | ---D | M] -- C:\Program Files\UnHackMe
[2004/08/11 15:20:34 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2007/02/09 13:32:40 | 000,000,000 | ---D | M] -- C:\Program Files\Unlocker
[2006/09/21 19:36:07 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2009/05/28 09:16:36 | 000,000,000 | ---D | M] -- C:\Program Files\Webpage Capture
[2008/04/12 15:51:31 | 000,000,000 | ---D | M] -- C:\Program Files\Webroot
[2006/09/21 19:36:30 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2008/06/02 11:29:34 | 000,000,000 | ---D | M] -- C:\Program Files\William O'Neil + Co. Inc
[2008/08/04 13:20:27 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Components
[2008/08/04 14:38:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/08/04 14:38:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010/08/23 16:53:05 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2004/08/11 15:13:20 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2007/01/09 19:17:42 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2004/08/11 15:15:24 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2010/08/30 12:27:46 | 000,000,310 | ---- | M] () -- C:\Documents and Settings\David Olsson\Application Data\APUSet.xml
[2009/09/06 14:28:01 | 000,025,842 | ---- | M] () -- C:\Documents and Settings\David Olsson\Application Data\Comma Separated Values (Windows).ADR
[2007/10/12 10:30:29 | 000,009,368 | ---- | M] () -- C:\Documents and Settings\David Olsson\Application Data\Comma Separated Values (Windows).EML
[2004/08/11 15:07:12 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\David Olsson\Application Data\desktop.ini
[2008/08/06 13:29:49 | 000,004,096 | ---- | M] () -- C:\Documents and Settings\David Olsson\Application Data\dvd.bmk
[2010/08/30 13:23:27 | 000,006,061 | ---- | M] () -- C:\Documents and Settings\David Olsson\Application Data\PrimoPDFSet.xml
[2009/04/02 07:47:05 | 000,022,300 | ---- | M] () -- C:\Documents and Settings\David Olsson\Application Data\Tab Separated Values (DOS).ADR
[2009/04/02 07:43:39 | 000,022,304 | ---- | M] () -- C:\Documents and Settings\David Olsson\Application Data\Tab Separated Values (Windows).ADR
[2009/04/01 09:48:42 | 000,011,615 | ---- | M] () -- C:\Documents and Settings\David Olsson\Application Data\unins000.dat
[2009/04/01 09:47:13 | 000,683,801 | ---- | M] () -- C:\Documents and Settings\David Olsson\Application Data\unins000.exe


< MD5 for: AGP440.SYS >
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2007/01/09 15:31:48 | 016,765,745 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/04 14:18:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/04 14:18:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 21:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 21:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2007/01/09 15:31:48 | 016,765,745 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/04 14:18:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/04 14:18:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 20:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/04 03:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:disk.sys
[2007/01/09 15:31:48 | 016,765,745 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/08/04 14:18:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/08/04 14:18:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 03:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\i386\disk.sys
[2004/08/04 03:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 11:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 03:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2006/05/11 09:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/04 03:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2006/03/16 17:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 03:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SYMMPI.SYS >
[2005/11/17 11:58:16 | 000,092,672 | ---- | M] (LSI Logic) MD5=1FD5249D5103125D2DA63F68D7BE1D35 -- C:\WINDOWS\dell\symmpi\symmpi.sys

< MD5 for: USBSTOR.SYS >
[2004/08/04 03:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:usbstor.sys
[2007/01/09 15:31:48 | 016,765,745 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/08/04 14:18:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/08/04 14:18:50 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 03:00:00 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 11:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-27 10:00:57
< End of report >

dolsson
Novice
Novice

Posts Posts : 24
Joined Joined : 2010-08-21
OS OS : XP pro SP3
Protection Protection : MacAfee VirusScan Enterprise 7.1/Webroot Spysweeper
Points Points : 23336
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible Malware: Rogue.WinAntiVirus

Post by dolsson on 2nd September 2010, 5:33 pm

Extras.txt, complete:

OTL Extras logfile created on: 9/2/2010 9:44:31 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\David Olsson\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 527.00 Mb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): c:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 46.04 Gb Total Space | 1.32 Gb Free Space | 2.87% Space Free | Partition Type: NTFS
Drive D: | 607.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive N: | 687.33 Gb Total Space | 490.54 Gb Free Space | 71.37% Space Free | Partition Type: NTFS
Drive O: | 38.74 Gb Total Space | 17.25 Gb Free Space | 44.52% Space Free | Partition Type: NTFS

Computer Name: GOAPPEALSDCO
Current User Name: David Olsson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3.5 Beta 4\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"D:\Setup\HPZnet01.exe" = D:\Setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Disabled:HP Digital Imaging Monitor -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Disabled:HP AiO Fax Manager -- File not found
"C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe:*:Enabled:Dreamweaver MX -- (Macromedia, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:HP CUE-Scanning Flow Component -- File not found
"C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe" = C:\Program Files\Microsoft Games\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD" = C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"C:\Documents and Settings\David Olsson\Application Data\GameRanger\GameRanger\GameRanger.exe" = C:\Documents and Settings\David Olsson\Application Data\GameRanger\GameRanger\GameRanger.exe:*:Enabled:GameRanger -- (GameRanger Technologies)
"C:\Program Files\Adobe\Adobe InDesign CS2\InDesign.exe" = C:\Program Files\Adobe\Adobe InDesign CS2\InDesign.exe:*:Enabled:Adobe InDesign CS2 -- (Adobe Systems Incorporated)
"C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe" = C:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- (Firefly Studios)
"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires III -- (Ensemble Studios)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}" = Adobe ExtendScript Toolkit 2
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{2274624C-5B38-41AD-AD27-CEC0924EB628}" = Adobe Setup
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{25B25C84-6132-4662-972B-4E4DC1B00C98}" = Age of Empires III Trial
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{3846E811-639D-4DE1-844B-30491C0A6C0C}" = Dell Support 3.2
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{6490484D-E6F0-4D47-AC7E-4BBC9264CAAE}" = Learning QuickBooks
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis True Image Home
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{72FC0445-FE6D-4E12-815B-3A8C5E3704DA}_is1" = GroupMail :: Free Edition
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{779A19AC-A302-425D-B295-F12116C2D731}" = DGOControls
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F2771FA-1371-4F73-A7F3-9F3B17073CE4}" = Web-Based Email Tools
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3788444-0284-49F7-8416-3DC2670754B0}" = Data Converter
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4868E88-F5B5-4E45-9592-C7062BD97441}" = Symantec Technical Support Web Controls
"{C83FB11D-9EC6-49D7-99A7-DDDB2264883C}" = Brother MFL-Pro Suite
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D504303A-717D-414C-BA9F-FE01093E2EF8}" = Adobe Setup
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"Able2Extract v4.0" = Able2Extract v4.0
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"Adobe Premiere 6.0" = Adobe Premiere 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_5bc0f8414ec36c555a3e7e5ec2e225e" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Adobe_cbb2ea61da9c780bd7e47a5230a9ed7" = Adobe Stock Photos CS3
"Age of Empires 2.0" = Microsoft Age of Empires II
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CCleaner" = CCleaner (remove only)
"Cisco Connect" = Cisco Connect
"Cleaner 5 EZ" = Cleaner 5 EZ
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"DVD Flick_is1" = DVD Flick
"ERUNT_is1" = ERUNT 1.1j
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IDrive_is1" = IDrive version 2.1.0 April 09 2008
"ie8" = Windows Internet Explorer 8
"InBookletID" = InBooklet for InDesign CS2
"InstallShield_{25B25C84-6132-4662-972B-4E4DC1B00C98}" = Age of Empires III Trial
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{A3788444-0284-49F7-8416-3DC2670754B0}" = Data Converter
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"N360" = Norton Security Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OFX Writer" = OFX Writer
"Password Safe" = Password Safe
"Payne Consulting Group Bates Labels" = Payne Consulting Group Bates Labels
"PC Wizard 2006_is1" = PC Wizard 2006.1.71.3
"PCLaw" = LexisNexis PCLaw
"PFPortChecker" = PFPortChecker 1.0.32
"PrimoPDF4.0.1" = PrimoPDF
"RealPlayer 6.0" = RealPlayer
"RNCompiler 6.0" = Advanced RealMedia Export Plug-in for Premiere 6.0
"SearchAssist" = SearchAssist
"Station Installer" = Station Installer 1.0.3.58
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Unlocker" = Unlocker 1.8.5
"ViewpointMediaPlayer" = Viewpoint Media Player
"Webpage Capture" = Webpage Capture
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/25/2010 6:41:01 PM | Computer Name = GOAPPEALSDCO | Source = Application Error | ID = 1000
Description = Faulting application bootvis.exe, version 1.0.0.1, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x000369da.

Error - 8/25/2010 9:21:19 PM | Computer Name = GOAPPEALSDCO | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3834, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/26/2010 6:59:25 PM | Computer Name = GOAPPEALSDCO | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x05ad23ac.

Error - 8/31/2010 6:18:24 PM | Computer Name = GOAPPEALSDCO | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8325.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/31/2010 6:22:02 PM | Computer Name = GOAPPEALSDCO | Source = Application Hang | ID = 1002
Description = Hanging application setup.exe, version 12.0.0.58851, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/31/2010 6:22:02 PM | Computer Name = GOAPPEALSDCO | Source = Application Hang | ID = 1002
Description = Hanging application setup.exe, version 12.0.0.58851, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/31/2010 7:03:13 PM | Computer Name = GOAPPEALSDCO | Source = MsiInstaller | ID = 11704
Description = Product: Age of Empires III -- Error 1704.An installation for Adobe
Reader 9.3.4 is currently suspended. You must undo the changes made by that installation
to continue. Do you want to undo those changes?

Error - 9/2/2010 11:10:26 AM | Computer Name = GOAPPEALSDCO | Source = Application Hang | ID = 1002
Description = Hanging application helpctr.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/2/2010 11:19:50 AM | Computer Name = GOAPPEALSDCO | Source = MsiInstaller | ID = 11719
Description = Product: Adobe Reader 9.3.4 -- Error 1719.Windows Installer service
could not be accessed. Contact your support personnel to verify that it is properly
registered and enabled.

Error - 9/2/2010 11:19:50 AM | Computer Name = GOAPPEALSDCO | Source = MsiInstaller | ID = 1024
Description = Product: Adobe Reader 9.3.4 - Update 'Adobe Reader 9.3.4 - CPSID_83708'
could not be installed. Error code 1603. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: [You must be registered and logged in to see this link.]

[ System Events ]
Error - 8/31/2010 6:40:52 PM | Computer Name = GOAPPEALSDCO | Source = Service Control Manager | ID = 7001
Description = The Wireless Zero Configuration service depends on the NDIS Usermode
I/O Protocol service which failed to start because of the following error: %%1058

Error - 8/31/2010 6:48:28 PM | Computer Name = GOAPPEALSDCO | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the stisvc service.

Error - 8/31/2010 6:53:52 PM | Computer Name = GOAPPEALSDCO | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Windows Management Instrumentation
service, but this action failed with the following error: %%1056

Error - 8/31/2010 6:57:07 PM | Computer Name = GOAPPEALSDCO | Source = Service Control Manager | ID = 7001
Description = The Wireless Zero Configuration service depends on the NDIS Usermode
I/O Protocol service which failed to start because of the following error: %%1058

Error - 8/31/2010 7:37:57 PM | Computer Name = GOAPPEALSDCO | Source = Service Control Manager | ID = 7001
Description = The Wireless Zero Configuration service depends on the NDIS Usermode
I/O Protocol service which failed to start because of the following error: %%1058

Error - 9/1/2010 10:58:28 PM | Computer Name = GOAPPEALSDCO | Source = Service Control Manager | ID = 7001
Description = The Wireless Zero Configuration service depends on the NDIS Usermode
I/O Protocol service which failed to start because of the following error: %%1058

Error - 9/2/2010 10:55:49 AM | Computer Name = GOAPPEALSDCO | Source = Service Control Manager | ID = 7001
Description = The Wireless Zero Configuration service depends on the NDIS Usermode
I/O Protocol service which failed to start because of the following error: %%1058

Error - 9/2/2010 10:56:56 AM | Computer Name = GOAPPEALSDCO | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 bf85255a, parameter3
b85d1a58, parameter4 00000000.

Error - 9/2/2010 11:26:02 AM | Computer Name = GOAPPEALSDCO | Source = Service Control Manager | ID = 7001
Description = The Wireless Zero Configuration service depends on the NDIS Usermode
I/O Protocol service which failed to start because of the following error: %%1058

Error - 9/2/2010 11:41:59 AM | Computer Name = GOAPPEALSDCO | Source = Service Control Manager | ID = 7001
Description = The Wireless Zero Configuration service depends on the NDIS Usermode
I/O Protocol service which failed to start because of the following error: %%1058

< End of report >

Thank you for looking this over for continuing/additional problems.

dolsson
Novice
Novice

Posts Posts : 24
Joined Joined : 2010-08-21
OS OS : XP pro SP3
Protection Protection : MacAfee VirusScan Enterprise 7.1/Webroot Spysweeper
Points Points : 23336
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible Malware: Rogue.WinAntiVirus

Post by Belahzur on 2nd September 2010, 11:51 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Possible Malware: Rogue.WinAntiVirus

Post by dolsson on 3rd September 2010, 4:36 pm

As instructed, dl'd and renamed Combo-Fix. Disabled AV and Anti-Spy and ran scan. Log:

ComboFix 10-09-02.04 - David Olsson 09/03/2010 9:17.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.515 [GMT -7:00]
Running from: c:\documents and settings\David Olsson\Desktop\Combo-Fix.exe
AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\oeminfo.ini
c:\windows\system32\regsvr.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-03 to 2010-09-03 )))))))))))))))))))))))))))))))
.

2010-09-02 15:48 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-02 15:48 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-31 23:41 . 2010-08-31 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Age of Empires 3
2010-08-30 18:52 . 2010-08-30 18:52 -------- d-----w- c:\documents and settings\David Olsson\Application Data\Canneverbe Limited
2010-08-30 18:52 . 2010-08-30 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2010-08-30 18:47 . 2009-11-12 21:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-08-30 18:47 . 2010-08-30 18:47 -------- d-----w- c:\program files\CDBurnerXP
2010-08-30 17:52 . 2010-08-30 21:48 -------- d-----w- c:\documents and settings\David Olsson\Application Data\GetRightToGo
2010-08-27 17:21 . 2010-08-27 17:21 6476416 ----a-w- c:\documents and settings\All Users\Application Data\Cisco Systems\Cisco Connect\Update\Connect.exe
2010-08-27 17:21 . 2010-08-27 17:21 4096 ----a-w- c:\documents and settings\All Users\Application Data\Cisco Systems\Cisco Connect\Update\._Setup.exe
2010-08-27 17:21 . 2010-08-27 17:21 4096 ----a-w- c:\documents and settings\All Users\Application Data\Cisco Systems\Cisco Connect\Update\._Connect.exe
2010-08-25 22:08 . 2010-08-25 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Firefly Studios
2010-08-24 19:35 . 2010-08-25 00:13 -------- d-----w- c:\program files\Microsoft Bootvis
2010-08-23 23:54 . 2009-05-18 22:17 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-23 23:54 . 2008-04-17 21:12 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-08-23 23:53 . 2010-08-23 23:53 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-08-23 23:53 . 2010-08-23 23:53 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-08-23 23:53 . 2010-08-24 23:58 -------- d-----w- c:\windows\system32\drivers\N360
2010-08-23 23:53 . 2010-08-23 23:53 -------- d-----w- c:\program files\Norton Security Suite
2010-08-23 23:53 . 2010-08-23 23:53 -------- d-----w- c:\program files\Windows Sidebar
2010-08-23 23:52 . 2010-08-23 23:52 -------- d-----w- c:\program files\NortonInstaller
2010-08-23 23:52 . 2010-08-23 23:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-08-23 23:51 . 2010-08-23 23:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-08-23 23:40 . 2010-08-23 23:40 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-08-23 23:29 . 2010-08-23 23:29 -------- d-----w- c:\program files\Common Files\Java
2010-08-23 23:29 . 2010-08-23 23:29 503808 ----a-w- c:\documents and settings\David Olsson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1c511a64-n\msvcp71.dll
2010-08-23 23:29 . 2010-08-23 23:29 61440 ----a-w- c:\documents and settings\David Olsson\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-731a2679-n\decora-sse.dll
2010-08-23 23:29 . 2010-08-23 23:29 499712 ----a-w- c:\documents and settings\David Olsson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1c511a64-n\jmc.dll
2010-08-23 23:29 . 2010-08-23 23:29 348160 ----a-w- c:\documents and settings\David Olsson\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-1c511a64-n\msvcr71.dll
2010-08-23 23:29 . 2010-08-23 23:29 12800 ----a-w- c:\documents and settings\David Olsson\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-731a2679-n\decora-d3d.dll
2010-08-23 23:29 . 2010-08-23 23:28 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-08 21:53 . 2010-08-24 23:57 -------- d-----w- c:\windows\system32\LogFiles
2010-08-08 21:53 . 2010-08-08 21:53 -------- d-----w- c:\program files\Cisco Systems
2010-08-08 21:40 . 2010-08-08 21:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Cisco Systems

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-03 15:52 . 2008-01-10 19:06 -------- d-----w- c:\program files\IDrive
2010-09-02 20:57 . 2009-06-12 19:57 -------- d-----w- c:\program files\Mozilla Firefox 3.5 Beta 4
2010-09-02 15:48 . 2009-06-09 01:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-31 23:04 . 2010-07-25 15:40 -------- d-----w- c:\program files\Microsoft Games
2010-08-31 22:14 . 2007-05-30 02:32 -------- d-----w- c:\program files\Password Safe
2010-08-30 15:32 . 2010-07-25 01:21 452104 ----a-w- c:\documents and settings\David Olsson\Application Data\Real\Update\setup3.12\setup.exe
2010-08-28 22:18 . 2006-09-22 02:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-25 21:49 . 2010-07-23 23:00 -------- d-----w- c:\program files\Firefly Studios
2010-08-25 16:23 . 2009-04-09 18:38 -------- d-----w- c:\program files\MSECache
2010-08-24 16:19 . 2006-10-04 23:02 36736 ----a-w- c:\documents and settings\David Olsson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-24 02:51 . 2006-09-22 02:40 -------- d-----w- c:\program files\Roxio
2010-08-24 02:49 . 2006-09-22 02:32 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-08-24 00:36 . 2006-10-05 20:58 -------- d-----w- c:\program files\Common Files\Intuit
2010-08-24 00:22 . 2006-12-15 18:44 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-23 23:53 . 2006-12-15 18:44 -------- d-----w- c:\program files\Symantec
2010-08-23 23:53 . 2010-08-23 23:53 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-08-23 23:53 . 2010-08-23 23:53 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-08-23 23:42 . 2006-09-22 02:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-23 23:40 . 2010-07-07 23:05 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-08-23 23:32 . 2006-10-04 22:22 -------- d-----w- c:\program files\Network Associates
2010-08-23 23:30 . 2010-01-17 06:29 -------- d-----w- c:\program files\Panda Security
2010-08-23 23:25 . 2010-09-02 15:10 184090 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-08-23 23:18 . 2010-05-14 02:13 -------- d-----w- c:\program files\a-squared Free Malware Scanner
2010-07-25 16:44 . 2010-07-25 16:44 -------- d-----w- c:\documents and settings\David Olsson\Application Data\GameRanger
2010-07-24 00:11 . 2010-07-24 00:10 -------- d-----w- c:\program files\PFPortChecker
2010-07-08 17:49 . 2009-05-20 23:25 65 ----a-w- c:\windows\system32\bd9440cn.dat
2010-07-08 17:44 . 2009-05-20 23:21 -------- d-----w- c:\program files\Brother
2010-07-07 23:08 . 2010-07-07 23:08 -------- d-----w- c:\documents and settings\David Olsson\Application Data\com.comcast.callerid.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
2010-07-07 23:05 . 2010-07-07 23:06 53632 ----a-w- c:\documents and settings\David Olsson\Application Data\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
2010-07-07 04:08 . 2010-07-07 04:08 -------- d-----w- c:\documents and settings\David Olsson\Application Data\VirtualStore
2010-07-06 21:14 . 2010-07-06 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SupportSoft
2010-07-06 21:13 . 2010-07-06 21:10 -------- d-----w- c:\program files\Common Files\SupportSoft
2010-07-06 21:13 . 2010-07-06 21:13 -------- d-----w- c:\program files\Comcast
2010-07-06 21:10 . 2010-07-06 21:10 -------- d-----w- c:\program files\ComcastUI
2010-06-30 12:31 . 2004-08-04 10:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 00:31 . 2010-05-31 02:07 439816 ----a-w- c:\documents and settings\David Olsson\Application Data\Real\Update\setup3.10\setup.exe
2010-06-29 22:45 . 2010-06-29 22:45 1240800 ----a-w- c:\documents and settings\David Olsson\Application Data\GameRanger\GameRanger\GameRanger.exe
2010-06-29 22:43 . 2010-06-29 22:43 159456 ----a-w- c:\documents and settings\David Olsson\Application Data\GameRanger\GameRanger\Data\GameRanger.dll
2010-06-24 12:22 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-04 10:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 10:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-04 10:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-11 22:12 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-04 10:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-10 21:27 . 2010-06-17 22:37 4210688 ----a-w- c:\windows\system32\cdintf400.dll
2007-10-07 20:19 . 2007-10-07 20:19 34368 ----a-w- c:\program files\MCj04244600000[1].wmf
2006-10-07 01:27 . 2006-10-07 01:27 8 --sha-r- c:\windows\system32\D2178F15B2.sys
2006-10-21 03:08 . 2006-10-07 01:27 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-17 389120]
"IDriveE Startup"="c:\program files\IDrive\IDrvieEStartup.exe" [2008-03-26 189904]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"SigmatelSysTrayApp"="c:\windows\stsystra.exe" [2006-08-15 282624]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="c:\windows\system32\nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-27 185896]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-30 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-30 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-12 5106904]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-12 361632]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-02 630784]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-11-08 65536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-11-06 6515784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-4 113664]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0a\0u\0t\0o\0c\0h\0k\0 \0*

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Documents and Settings\\David Olsson\\Application Data\\GameRanger\\GameRanger\\GameRanger.exe"=
"c:\\Program Files\\Adobe\\Adobe InDesign CS2\\InDesign.exe"=
"c:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [8/9/2008 2:42 PM 29808]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0402000.00C\symds.sys [8/23/2010 6:57 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0402000.00C\symefa.sys [8/23/2010 6:57 PM 173104]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [12/31/2009 10:31 AM 911680]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100810.004\BHDrvx86.sys [8/10/2010 1:16 AM 692272]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0402000.00C\cchpx86.sys [8/23/2010 6:57 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0402000.00C\ironx86.sys [8/23/2010 6:57 PM 116784]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [12/31/2009 10:32 AM 2480048]
R2 IDriveE Service;IDriveE Service;c:\program files\IDrive\IDriveE Service.exe [4/15/2008 9:35 AM 136656]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe [8/23/2010 6:57 PM 126392]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [7/13/2009 3:45 PM 1201640]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [12/31/2009 10:32 AM 160288]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/24/2010 9:45 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100901.003\IDSXpx86.sys [9/2/2010 4:56 PM 331640]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 4:47 AM 98304]
S2 IDrivePlugin;IDrivePlugin;c:\program files\IDrive\IDrivePlugin.exe [4/15/2008 9:35 AM 153040]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 3:40 AM 118784]
S2 TSScheduleBackup;TimeslipsBackup;c:\windows\system32\TSSchBkpService.exe [4/6/2007 11:28 AM 705024]
S3 DarkSpy;DarkSpy;\??\c:\windows\system32\DarkSpyKernel.sys --> c:\windows\system32\DarkSpyKernel.sys [?]
S3 f6cB5;f6cB5;\??\c:\docume~1\DAVIDO~1\LOCALS~1\Temp\f6cB5.sys --> c:\docume~1\DAVIDO~1\LOCALS~1\Temp\f6cB5.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-09-03 c:\windows\Tasks\wrSpySweeper_L1E21E99FA2BA4C24A3526D2691D6E512.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-04-12 22:19]

2010-09-03 c:\windows\Tasks\wrSpySweeper_L1E21E99FA2BA4C24A3526D2691D6E512.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-04-12 22:19]

2010-09-03 c:\windows\Tasks\wrSpySweeper_L48F51C96F34644CFA0AFD0B8C6B6F977.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-04-12 22:19]

2010-09-03 c:\windows\Tasks\wrSpySweeper_L48F51C96F34644CFA0AFD0B8C6B6F977.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-04-12 22:19]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{91d9cee5-3906-40f7-b51a-9b013b59c826} - {836ece4e-a83a-404a-9433-6b15a66cb0fc} - c:\program files\LexisNexis\PClaw\plietool.dll
IE: {{9d2169e0-0775-4080-9b4e-90fce9945b4a} - {2741ca04-5b65-4b10-afc0-4e8387fe6bde} - c:\program files\LexisNexis\PClaw\plietool.dll
Trusted Zone: valic.com\www3
DPF: PLLiveUpWeb - [You must be registered and logged in to see this link.]
DPF: PLUpdate - [You must be registered and logged in to see this link.]
DPF: Web-Based Email Tools - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\David Olsson\Application Data\Mozilla\Firefox\Profiles\75x2moca.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox 3.5 Beta 4\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Comodo Firewall - c:\program files\Comodo\Firewall\CPF.exe
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.dll
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-09-03 09:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"=""c:\program files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe" /s "N360" /m "c:\program files\Norton Security Suite\Engine\4.2.0.12\diMaster.dll" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\BasePane-59393]
"IsVisible"=dword:00000001

[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\BasePane-593980]
"IsVisible"=dword:00000001

[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\BasePane-593981b]
"IsVisible"=dword:00000001

[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\BasePane-5939820]
"IsVisible"=dword:00000001

[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\BasePane-5939825]
"IsVisible"=dword:00000001

[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\BasePane-797]
"IsVisible"=dword:00000001

[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\CommandManager]
"CommandsWithoutImages"=hex:00,00
"MenuUserImages"=hex:00,00

[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\ControlBars-Summary]
"Bars"=dword:00000000
"ScreenCX"=dword:00000500
"ScreenCY"=dword:00000400

[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\ControlBarVersion]
"Major"=dword:00000009
"Minor"=dword:00000000

[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\DockingManager-2]
"DockingPaneAndPaneDividers"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00

[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\Keyboard-0]
"Accelerators"=hex:0b,00,43,00,22,e1,0b,00,4e,00,00,e1,0b,00,4f,00,01,e1,0b,00,
50,00,07,e1,0f,00,50,00,09,e1,0b,00,52,00,a8,5a,0b,00,53,00,03,e1,0b,00,56,\

[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\MFCToolBar-593980]
"Name"="Menu Bar"
"Buttons"=hex:00,20,00,00,01,00,00,00,03,00,ff,ff,01,00,15,00,43,4d,46,43,54,
6f,6f,6c,42,61,72,4d,65,6e,75,42,75,74,74,6f,6e,00,00,00,00,00,00,00,00,ff,\
"OriginalItems"=hex:03,00,ff,ff,01,00,15,00,43,4d,46,43,54,6f,6f,6c,42,61,72,
4d,65,6e,75,42,75,74,74,6f,6e,00,00,00,00,00,00,00,00,ff,ff,ff,ff,00,00,00,\

[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\MFCToolBar-593981b]
"Name"="Menu Bar"
"Buttons"=hex:00,20,00,00,01,00,00,00,07,00,ff,ff,01,00,15,00,43,4d,46,43,54,
6f,6f,6c,42,61,72,4d,65,6e,75,42,75,74,74,6f,6e,00,00,00,00,00,00,00,00,ff,\
"OriginalItems"=hex:07,00,ff,ff,01,00,15,00,43,4d,46,43,54,6f,6f,6c,42,61,72,
4d,65,6e,75,42,75,74,74,6f,6e,00,00,00,00,00,00,00,00,ff,ff,ff,ff,00,00,00,\

[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\MFCToolBar-5939820]
"Name"="Menu Bar"
"Buttons"=hex:00,20,00,00,01,00,00,00,07,00,ff,ff,01,00,15,00,43,4d,46,43,54,
6f,6f,6c,42,61,72,4d,65,6e,75,42,75,74,74,6f,6e,00,00,00,00,00,00,00,00,ff,\
"OriginalItems"=hex:07,00,ff,ff,01,00,15,00,43,4d,46,43,54,6f,6f,6c,42,61,72,
4d,65,6e,75,42,75,74,74,6f,6e,00,00,00,00,00,00,00,00,ff,ff,ff,ff,00,00,00,\

[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\MFCToolBar-5939825]
"Name"="Menu Bar"
"Buttons"=hex:00,20,00,00,01,00,00,00,07,00,ff,ff,01,00,15,00,43,4d,46,43,54,
6f,6f,6c,42,61,72,4d,65,6e,75,42,75,74,74,6f,6e,00,00,00,00,00,00,00,00,ff,\
"OriginalItems"=hex:07,00,ff,ff,01,00,15,00,43,4d,46,43,54,6f,6f,6c,42,61,72,
4d,65,6e,75,42,75,74,74,6f,6e,00,00,00,00,00,00,00,00,ff,ff,ff,ff,00,00,00,\

[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\MFCToolBar-797]
"Name"=""
"Buttons"=hex:00,10,00,00,01,00,00,00,00,00,00,00,00,00,00,ff,7f,00,00

[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\MFCToolBarParameters]
"Tooltips"=dword:00000001
"ShortcutKeys"=dword:00000001
"LargeIcons"=dword:00000000
"MenuAnimation"=dword:00000000
"RecentlyUsedMenus"=dword:00000001
"MenuShadows"=dword:00000001
"ShowAllMenusAfterDelay"=dword:00000001
"CommandsUsage"=hex:01,00,00,00,01,00,01,e1,00,00,01,00,00,00

[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\Pane-59393]
"ID"=dword:00000000
"RectRecentFloat"=hex:0a,00,00,00,0a,00,00,00,6e,00,00,00,6e,00,00,00
"RectRecentDocked"=hex:00,00,00,00,8a,02,00,00,b8,03,00,00,a0,02,00,00
"RecentFrameAlignment"=dword:00001000
"RecentRowIndex"=dword:00000000
"IsFloating"=dword:00000000
"MRUWidth"=dword:00007fff
"PinState"=dword:00000000

[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\Pane-593980]
"ID"=dword:0000e806
"RectRecentFloat"=hex:0a,00,00,00,0a,00,00,00,6e,00,00,00,6e,00,00,00
"RectRecentDocked"=hex:00,00,00,00,00,00,00,00,b8,03,00,00,19,00,00,00
"RecentFrameAlignment"=dword:00002000
"RecentRowIndex"=dword:00000000
"IsFloating"=dword:00000000
"MRUWidth"=dword:00007fff
"PinState"=dword:00000000

[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\Pane-593981b]
"ID"=dword:0000e806
"RectRecentFloat"=hex:0a,00,00,00,0a,00,00,00,6e,00,00,00,6e,00,00,00
"RectRecentDocked"=hex:00,00,00,00,00,00,00,00,b8,03,00,00,19,00,00,00
"RecentFrameAlignment"=dword:00002000
"RecentRowIndex"=dword:00000000
"IsFloating"=dword:00000000
"MRUWidth"=dword:00007fff
"PinState"=dword:00000000

[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\Pane-5939820]
"ID"=dword:0000e806
"RectRecentFloat"=hex:0a,00,00,00,0a,00,00,00,6e,00,00,00,6e,00,00,00
"RectRecentDocked"=hex:00,00,00,00,00,00,00,00,b8,03,00,00,1c,00,00,00
"RecentFrameAlignment"=dword:00002000
"RecentRowIndex"=dword:00000000
"IsFloating"=dword:00000000
"MRUWidth"=dword:00007fff
"PinState"=dword:00000000

[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\Pane-5939825]
"ID"=dword:0000e806
"RectRecentFloat"=hex:0a,00,00,00,0a,00,00,00,6e,00,00,00,6e,00,00,00
"RectRecentDocked"=hex:00,00,00,00,00,00,00,00,b8,03,00,00,1c,00,00,00
"RecentFrameAlignment"=dword:00002000
"RecentRowIndex"=dword:00000000
"IsFloating"=dword:00000000
"MRUWidth"=dword:00007fff
"PinState"=dword:00000000

[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\Pane-797]
"ID"=dword:0000031d
"RectRecentFloat"=hex:0a,00,00,00,0a,00,00,00,6e,00,00,00,6e,00,00,00
"RectRecentDocked"=hex:00,00,00,00,60,00,00,00,19,00,00,00,58,02,00,00
"RecentFrameAlignment"=dword:00001000
"RecentRowIndex"=dword:00000000
"IsFloating"=dword:00000000
"MRUWidth"=dword:00007fff
"PinState"=dword:00000000

[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\LexisNexis\P*C*L*a*w*"!\BOOKS-1\DCO\WindowPlacement]
"MainWindowRect"=hex:1b,00,00,00,23,00,00,00,db,03,00,00,eb,02,00,00
"Flags"=dword:00000000
"ShowCmd"=dword:00000001

[HKEY_USERS\S-1-5-21-1976711761-373712229-1087412766-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2010-09-03 09:32:34
ComboFix-quarantined-files.txt 2010-09-03 16:32

Pre-Run: 4,991,963,136 bytes free
Post-Run: 5,050,343,424 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 01740E52CAB3D14BC2B9DEA5E76418A0

dolsson
Novice
Novice

Posts Posts : 24
Joined Joined : 2010-08-21
OS OS : XP pro SP3
Protection Protection : MacAfee VirusScan Enterprise 7.1/Webroot Spysweeper
Points Points : 23336
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible Malware: Rogue.WinAntiVirus

Post by Belahzur on 3rd September 2010, 11:39 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Possible Malware: Rogue.WinAntiVirus

Post by dolsson on 24th September 2010, 6:19 pm

Sorry for the delay on this. I reran ComboFix and then did the command line uninstall as directed. I then ran ESET with this result:

C:\WINDOWS\Downloaded Program Files\WebEx\424\atpdmod.dll probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined

Prior to the ESET scan, I was still having a long wait for Firefox to open--and experiencing some general system slowness--but was not seeing other problems.

dolsson
Novice
Novice

Posts Posts : 24
Joined Joined : 2010-08-21
OS OS : XP pro SP3
Protection Protection : MacAfee VirusScan Enterprise 7.1/Webroot Spysweeper
Points Points : 23336
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible Malware: Rogue.WinAntiVirus

Post by Belahzur on 24th September 2010, 9:32 pm

Hello.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Possible Malware: Rogue.WinAntiVirus

Post by dolsson on 25th September 2010, 2:51 am

Looks good. Firefox, which took over 30 seconds to start before, now starts in 2.4 seconds. Now I hope that trojan doesn't come back. My new Norton Security Suite has been quite good so far.

Thank you very much for your help. Any final instructions?

dolsson
Novice
Novice

Posts Posts : 24
Joined Joined : 2010-08-21
OS OS : XP pro SP3
Protection Protection : MacAfee VirusScan Enterprise 7.1/Webroot Spysweeper
Points Points : 23336
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible Malware: Rogue.WinAntiVirus

Post by Belahzur on 25th September 2010, 11:58 pm

Hello.
Yes, just this one last thing.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Viewpoint Media Player

Your Firefox is also out of date, so we need to update that.

Please download [You must be registered and logged in to see this link.] and install it. It will install over version 3.5 you currently have installed, so you won't lose any bookmarked websites.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Possible Malware: Rogue.WinAntiVirus

Post by dolsson on 28th September 2010, 10:53 pm

Belahzur,
I think I spoke too soon. My browser opened quickly until I rebooted, but upon reboot, it's as slow as ever. Just now, after reboot, I tried to open PClaw, a time-tracking program, and Firefox. When I got nothing for about a minute, I tried IE. Then, having given up, I decided to reboot. Of course, once the shut down started, the browsers tried to open. But they're taking like 2 minutes to open. I ran Task Manager and saw that resources are being eaten up by wuauclt.exe. Google results show that that file may be a Windows update file or may be something more sinister.

I ran ESET again and found nothing. I am now running in Safe Mode and things are working well. But this problem is killing my productivity. I'm sorry that this is not cleared up like I thought, but what else should I do? Maybe we need to start again from scratch?

Please hang in there with me...

David

dolsson
Novice
Novice

Posts Posts : 24
Joined Joined : 2010-08-21
OS OS : XP pro SP3
Protection Protection : MacAfee VirusScan Enterprise 7.1/Webroot Spysweeper
Points Points : 23336
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible Malware: Rogue.WinAntiVirus

Post by dolsson on 28th September 2010, 11:18 pm

Update:

I read that wuauclt.exe will legitimately exist in the System32 folder. I searched for wuauclt.exe, found several instances and deleted all but the one in the System32 folder.

I also uninstalled the Viewpoint Media Player and updated Firefox.

dolsson
Novice
Novice

Posts Posts : 24
Joined Joined : 2010-08-21
OS OS : XP pro SP3
Protection Protection : MacAfee VirusScan Enterprise 7.1/Webroot Spysweeper
Points Points : 23336
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible Malware: Rogue.WinAntiVirus

Post by Belahzur on 29th September 2010, 11:33 pm

Hello.
You have more than likely deleted backups of the file. OS system files are stored in super hidden folders for a reason, in case the legit one gets damaged.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Possible Malware: Rogue.WinAntiVirus

Post by dolsson on 30th September 2010, 4:30 pm

I understand. The process is still running and using more memory than other processes, but both CPU and RAM are well below full usage. I don't know what's going on, but it seems to mostly be a problem on startup. I spend maybe half and hour getting the machine up and running, but then it performs okay.

I notice that my Webroot Spysweeper is taking a very long time to start; I wonder is there is some kind of conflict between it and the Norton Security Suite that is causing a slow down on startup? I am thinking of uninstalling the Spysweeper to see if things improve, but I don't know really what I should try. I ran sweeps with both the Webroot and Norton and they found no threats.

dolsson
Novice
Novice

Posts Posts : 24
Joined Joined : 2010-08-21
OS OS : XP pro SP3
Protection Protection : MacAfee VirusScan Enterprise 7.1/Webroot Spysweeper
Points Points : 23336
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible Malware: Rogue.WinAntiVirus

Post by Belahzur on 30th September 2010, 11:42 pm

Lets see what we can do about that.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Possible Malware: Rogue.WinAntiVirus

Post by dolsson on 4th October 2010, 4:32 pm

This morning, my PC was running at 100 percent CPU and I could neither get a browser open nor Control Panel. I managed to get Task Manager open and saw that my Idrive process--online backup system--was maxing out the CPU. Once I close that, the machine ran okay. I checked to see if I had maxed out my Idrive data quota or something, but as far as I can tell, that service is running fine (except that it maxed out my CPU). I don't know if that hase been the trouble all along or whether the resource drain is moving around. I think I'll disable Idrive at startup for the time being, reboot and see what happens.

I had been thinking of doing an XP repair installation, but now I'm A) hoping I won't have to and B) afraid it won't fix the problem.

Anyway, here is the Hijack This log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:23:02 AM, on 10/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\IDrive\IDriveE Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TSSchBkpService.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\IDrive\IDriveETray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\IPSBHO.DLL
O2 - BHO: DeskBandHelper Class - {9E0B5480-4FF0-4FEE-818B-D4DB0F220D64} - C:\Program Files\LexisNexis\PClaw\plietool.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PCLaw Web Timer - {0E1230F8-EA50-42A9-983C-D22ABC2EED4B} - C:\Program Files\LexisNexis\PClaw\plietool.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coIEPlg.dll
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "C:\WINDOWS\stsystra.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files\Brother\ControlCenter3\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [IDriveE Startup] "C:\Program Files\IDrive\IDrvieEStartup.exe" Hide
O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Comcast Universal Caller ID.lnk = C:\Program Files\Comcast Universal Caller ID\Comcast Universal Caller ID.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: IDrive Tray.lnk = C:\Program Files\IDrive\IDriveEReg2ini.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Webpage Capture - {1F958B09-6612-7a0e-9223-4C7324C57B23} - C:\Program Files\Webpage Capture\Webpage Capture.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {91d9cee5-3906-40f7-b51a-9b013b59c826} - C:\Program Files\LexisNexis\PClaw\plietool.dll
O9 - Extra 'Tools' menuitem: PCLaw Web Timer Help - {91d9cee5-3906-40f7-b51a-9b013b59c826} - C:\Program Files\LexisNexis\PClaw\plietool.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9d2169e0-0775-4080-9b4e-90fce9945b4a} - C:\Program Files\LexisNexis\PClaw\plietool.dll
O9 - Extra 'Tools' menuitem: PCLaw Web Timer - {9d2169e0-0775-4080-9b4e-90fce9945b4a} - C:\Program Files\LexisNexis\PClaw\plietool.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O16 - DPF: PLLiveUpWeb - [You must be registered and logged in to see this link.]
O16 - DPF: PLUpdate - [You must be registered and logged in to see this link.]
O16 - DPF: Web-Based Email Tools - [You must be registered and logged in to see this link.]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - [You must be registered and logged in to see this link.]
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} - [You must be registered and logged in to see this link.]
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} - [You must be registered and logged in to see this link.]
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - [You must be registered and logged in to see this link.]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - [You must be registered and logged in to see this link.]
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: IDriveE Service - Pro Softnet Corporation - C:\Program Files\IDrive\IDriveE Service.exe
O23 - Service: IDrivePlugin - Unknown owner - C:\Program Files\IDrive\IDrivePlugin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Security Suite (N360) - Symantec Corporation - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: TimeslipsBackup (TSScheduleBackup) - Unknown owner - C:\WINDOWS\system32\TSSchBkpService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. ([You must be registered and logged in to see this link.] - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

--
End of file - 14256 bytes


PS: I think there are some HP entries above; I once had an HP printer and, I swear, it's next to impossible to clean out all their drivers and software once they're in your machine....

dolsson
Novice
Novice

Posts Posts : 24
Joined Joined : 2010-08-21
OS OS : XP pro SP3
Protection Protection : MacAfee VirusScan Enterprise 7.1/Webroot Spysweeper
Points Points : 23336
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible Malware: Rogue.WinAntiVirus

Post by Belahzur on 4th October 2010, 11:09 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245079
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Possible Malware: Rogue.WinAntiVirus

Post by dolsson on 5th October 2010, 4:16 pm

OTL logfile created on: 10/5/2010 9:03:24 AM - Run 2
OTL by OldTimer - Version 3.2.14.1 Folder = N:\app install files
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 373.00 Mb Available Physical Memory | 39.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): c:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 46.04 Gb Total Space | 13.44 Gb Free Space | 29.20% Space Free | Partition Type: NTFS
Drive D: | 577.14 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive N: | 687.33 Gb Total Space | 472.08 Gb Free Space | 68.68% Space Free | Partition Type: NTFS
Drive O: | 38.74 Gb Total Space | 15.27 Gb Free Space | 39.42% Space Free | Partition Type: NTFS

Computer Name: [deleted by me]
Current User Name: [deleted by me]
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/05 08:50:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- N:\app install files\OTL.exe
PRC - [2010/03/23 13:57:45 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
PRC - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe
PRC - [2009/12/31 10:32:00 | 002,480,048 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2009/11/12 04:49:16 | 000,361,632 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/11/12 04:49:10 | 000,660,664 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/11/12 04:48:30 | 005,106,904 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/11/06 15:19:58 | 006,515,784 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2009/11/06 12:00:22 | 000,165,232 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] -- C:\Program Files\Webroot\Spy Sweeper\SSU.exe
PRC - [2009/04/24 02:57:42 | 001,025,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
PRC - [2008/05/27 08:23:17 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/24 13:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/09 11:02:36 | 000,153,040 | ---- | M] () -- C:\Program Files\IDrive\IDrivePlugin.exe
PRC - [2008/03/28 12:10:44 | 000,579,024 | ---- | M] (Pro Softnet Corporation) -- C:\Program Files\IDrive\IDriveEClsClient.exe
PRC - [2008/03/27 11:42:26 | 001,566,160 | ---- | M] (Pro Softnet Corp.) -- C:\Program Files\IDrive\IDriveETray.exe
PRC - [2008/03/27 10:31:12 | 000,079,312 | ---- | M] (Pro Softnet Corp.) -- C:\Program Files\IDrive\IDriveEReg2ini.exe
PRC - [2008/03/26 16:56:42 | 000,136,656 | ---- | M] (Pro Softnet Corporation) -- C:\Program Files\IDrive\IDriveE Service.exe
PRC - [2007/11/29 16:50:50 | 000,050,744 | ---- | M] ( Pro Softnet Corporation) -- C:\Program Files\IDrive\ClsIdle.exe
PRC - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/02/28 16:45:22 | 000,507,904 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2007/01/29 21:12:14 | 000,030,248 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2006/08/15 07:38:14 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/07/16 19:29:54 | 000,389,120 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2006/05/03 03:12:00 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2006/02/02 16:42:50 | 000,705,024 | ---- | M] () -- C:\WINDOWS\system32\TSSchBkpService.exe
PRC - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe


========== Modules (SafeList) ==========

MOD - [2010/10/05 08:50:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- N:\app install files\OTL.exe
MOD - [2010/05/13 22:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\asoehook.dll
MOD - [2009/07/12 01:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 01:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\microsoft.vc90.crt\msvcp90.dll
MOD - [2008/04/13 17:12:02 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008/04/13 17:12:02 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008/04/13 17:12:02 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008/04/13 17:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2008/04/13 17:12:01 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2008/04/13 17:11:52 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2008/04/13 17:11:51 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
MOD - [2008/04/13 17:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/04/19 14:21:40 | 000,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/23 13:57:45 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/02/25 17:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
SRV - [2009/12/31 10:32:00 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2009/11/12 04:49:10 | 000,660,664 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/04/09 11:02:36 | 000,153,040 | ---- | M] () [Auto | Running] -- C:\Program Files\IDrive\IDrivePlugin.exe -- (IDrivePlugin)
SRV - [2008/03/26 16:56:42 | 000,136,656 | ---- | M] (Pro Softnet Corporation) [Auto | Running] -- C:\Program Files\IDrive\IDriveE Service.exe -- (IDriveE Service)
SRV - [2007/12/12 22:03:47 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/02/02 16:42:50 | 000,705,024 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TSSchBkpService.exe -- (TSScheduleBackup)
SRV - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\DAVIDO~1\LOCALS~1\Temp\f6cB5.sys -- (f6cB5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DarkSpyKernel.sys -- (DarkSpy)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\DAVIDO~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/09/28 17:18:11 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101004.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/09/28 17:18:11 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20101004.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/08/31 15:57:04 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100901.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/08/23 16:53:54 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/08/23 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/08/23 01:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/06/16 18:54:13 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100930.005\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/05 21:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/04/28 22:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 20:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 19:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\N360\0402000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 19:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 17:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\ccHPx86.sys -- (ccHP)
DRV - [2009/12/31 10:32:04 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2009/12/31 10:31:50 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV - [2009/12/31 10:31:46 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/12/31 10:31:17 | 000,158,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. ([You must be registered and logged in to see this link.] [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/10/14 20:50:05 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0402000.00C\SYMDS.SYS -- (SymDS)
DRV - [2008/08/18 15:54:27 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/04/13 11:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 11:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/04 20:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc ([You must be registered and logged in to see this link.] [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2006/12/12 07:43:18 | 000,052,224 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2006/10/22 13:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/09/03 09:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/08/15 07:38:14 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/14 11:29:44 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/06/19 02:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/01/10 10:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2004/10/14 20:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2004/09/10 07:00:00 | 000,084,064 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2004/08/04 03:00:00 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2004/08/04 03:00:00 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2004/08/04 03:00:00 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2004/08/04 03:00:00 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2004/08/04 03:00:00 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2004/08/04 03:00:00 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2004/08/04 03:00:00 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2004/08/04 03:00:00 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2004/08/04 03:00:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2004/08/04 03:00:00 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2004/08/04 03:00:00 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2004/08/04 03:00:00 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2004/08/04 03:00:00 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2004/08/04 03:00:00 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2004/08/04 03:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2004/06/09 07:29:56 | 000,006,977 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DDMI2.sys -- (SDDMI2)
DRV - [2002/08/14 16:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/webhp?rls=ig"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1.2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:2.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.034

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/08/24 18:50:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/08/23 16:55:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox 3.5 Beta 4\components [2010/09/28 16:07:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.5 Beta 4\plugins [2010/09/28 16:07:27 | 000,000,000 | ---D | M]

[2009/06/12 12:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Olsson\Application Data\Mozilla\Extensions
[2010/10/04 09:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Olsson\Application Data\Mozilla\Firefox\Profiles\75x2moca.default\extensions
[2010/04/12 09:16:52 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\David Olsson\Application Data\Mozilla\Firefox\Profiles\75x2moca.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010/04/27 11:12:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\David Olsson\Application Data\Mozilla\Firefox\Profiles\75x2moca.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/24 14:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Olsson\Application Data\Mozilla\Firefox\Profiles\75x2moca.default\extensions\es-MX@dictionaries.addons.mozilla.org
[2010/09/30 10:34:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Olsson\Application Data\Mozilla\Firefox\Profiles\75x2moca.default\extensions\firefox@red-cog.com
[2010/09/30 10:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Olsson\Application Data\Mozilla\Firefox\Profiles\75x2moca.default\extensions\unplug@compunach

O1 HOSTS File: ([2010/09/28 17:14:05 | 000,000,794 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts:
O1 - Hosts: 192.168.0.66 HP000D9D23724F
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (DeskBandHelper Class) - {9E0B5480-4FF0-4FEE-818B-D4DB0F220D64} - C:\Program Files\LexisNexis\PClaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (PCLaw Web Timer) - {0E1230F8-EA50-42A9-983C-D22ABC2EED4B} - C:\Program Files\LexisNexis\PClaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (PCLaw Web Timer) - {0E1230F8-EA50-42A9-983C-D22ABC2EED4B} - C:\Program Files\LexisNexis\PClaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\system32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\system32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [IDriveE Startup] C:\Program Files\IDrive\IDrvieEStartup.exe (Pro Softnet Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\David Olsson\Start Menu\Programs\Startup\Comcast Universal Caller ID.lnk = C:\Program Files\Comcast Universal Caller ID\Comcast Universal Caller ID.exe File not found
O4 - Startup: C:\Documents and Settings\David Olsson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\David Olsson\Start Menu\Programs\Startup\IDrive Tray.lnk = C:\Program Files\IDrive\IDriveEReg2ini.exe (Pro Softnet Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Webpage Capture - {1F958B09-6612-7a0e-9223-4C7324C57B23} - C:\Program Files\Webpage Capture\Webpage Capture.exe (Endicosoft.com)
O9 - Extra 'Tools' menuitem : PCLaw Web Timer Help - {91d9cee5-3906-40f7-b51a-9b013b59c826} - C:\Program Files\LexisNexis\PClaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O9 - Extra 'Tools' menuitem : PCLaw Web Timer - {9d2169e0-0775-4080-9b4e-90fce9945b4a} - C:\Program Files\LexisNexis\PClaw\PLIETool.dll (LexisNexis®, a division of Reed Elsevier Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: valic.com ([www3] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} [You must be registered and logged in to see this link.] (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [You must be registered and logged in to see this link.] (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [You must be registered and logged in to see this link.] (GpcContainer Class)
O16 - DPF: PLLiveUpWeb [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: PLUpdate [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\David Olsson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David Olsson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 15:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/08/17 13:29:12 | 001,070,488 | R--- | M] (Microsoft Corporation) - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/06/04 10:38:36 | 000,000,167 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (a) - File not found
O34 - HKLM BootExecute: (u) - File not found
O34 - HKLM BootExecute: (t) - File not found
O34 - HKLM BootExecute: (o) - File not found
O34 - HKLM BootExecute: (c) - File not found
O34 - HKLM BootExecute: (h) - File not found
O34 - HKLM BootExecute: (k) - File not found
O34 - HKLM BootExecute: (*) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/04 17:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Olsson\Desktop\mrmilos-hotkey-guide-t107_files
[2010/09/30 10:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Olsson\My Documents\Chief Architect Premier X3 Trial Version Data
[2010/09/30 10:32:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Chief Architect Premier X3 Trial Version
[2010/09/30 10:32:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Olsson\Application Data\Chief Architect Premier X3 Trial Version
[2010/09/30 10:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\Chief Architect
[2010/09/30 09:53:01 | 000,000,000 | ---D | C] -- C:\Program Files\Chief Achitect Premier Trial Version
[2010/09/26 06:27:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/24 16:49:12 | 000,767,752 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\David Olsson\Desktop\AutoDetectPkg.exe
[2010/09/23 16:43:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/09/23 16:42:16 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/09/11 17:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Olsson\My Documents\dapple way walls doors windows_archive
[2010/09/11 17:15:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Olsson\My Documents\dapple way walls plain_archive
[2010/09/10 21:05:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David Olsson\My Documents\dapple way_archive
[2010/09/10 20:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\SafeNet Sentinel
[2010/09/10 20:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SafeNet Sentinel
[2010/09/10 19:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\Chief Architect 10
[2007/04/11 18:42:01 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/05 08:57:23 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/10/05 08:57:09 | 000,013,722 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/05 08:55:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/05 08:55:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/05 08:55:00 | 1005,047,808 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/05 08:53:27 | 008,650,752 | ---- | M] () -- C:\Documents and Settings\David Olsson\ntuser.dat
[2010/10/05 08:53:27 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\David Olsson\ntuser.ini
[2010/10/05 08:51:43 | 000,000,783 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/10/05 08:51:43 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/05 08:51:43 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/10/04 17:26:40 | 000,000,467 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2010/10/04 17:25:30 | 000,028,713 | ---- | M] () -- C:\Documents and Settings\David Olsson\Desktop\mrmilos-hotkey-guide-t107.htm
[2010/10/04 10:25:46 | 000,002,654 | ---- | M] () -- C:\Documents and Settings\David Olsson\Desktop\NewMeetingRequestFromEmail.bas
[2010/10/04 10:23:41 | 000,086,980 | ---- | M] () -- C:\Documents and Settings\David Olsson\Desktop\adding-a-vba-macro-to-outlook.aspx
[2010/10/04 09:22:28 | 000,001,998 | ---- | M] () -- C:\Documents and Settings\David Olsson\Desktop\HiJackThis.lnk
[2010/10/02 17:43:59 | 000,001,805 | ---- | M] () -- C:\Documents and Settings\David Olsson\Desktop\Age of Empires III - The Asian Dynasties.lnk
[2010/10/01 15:34:01 | 000,193,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/30 20:43:45 | 000,000,247 | ---- | M] () -- C:\WINDOWS\PLREMOTE.INI
[2010/09/30 14:16:59 | 000,038,720 | ---- | M] () -- C:\Documents and Settings\David Olsson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/30 10:26:52 | 000,002,158 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Chief Architect Premier X3 Trial Version.lnk
[2010/09/28 17:14:05 | 000,000,794 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010/09/28 16:32:13 | 000,487,232 | ---- | M] () -- C:\Documents and Settings\David Olsson\Desktop\cc_20100928_163203.reg
[2010/09/27 13:12:34 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\David Olsson\Desktop\esetsmartinstaller_enu.exe
[2010/09/26 19:33:20 | 000,001,798 | ---- | M] () -- C:\Documents and Settings\David Olsson\Desktop\Age of Empires III.lnk
[2010/09/26 16:26:28 | 000,006,460 | ---- | M] () -- C:\Documents and Settings\David Olsson\My Documents\sp_Seville_homecity.xml
[2010/09/24 16:49:14 | 000,767,752 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\David Olsson\Desktop\AutoDetectPkg.exe
[2010/09/20 14:39:27 | 000,721,609 | -H-- | M] () -- C:\Documents and Settings\David Olsson\My Documents\PP11Thumbs.ptn
[2010/09/20 14:39:27 | 000,000,900 | -H-- | M] () -- C:\Documents and Settings\David Olsson\My Documents\PP11Thumbs.ptn2
[2010/09/20 14:39:11 | 000,064,103 | ---- | M] () -- C:\Documents and Settings\David Olsson\My Documents\Sternwheeler_Scan.pdf
[2010/09/20 14:38:16 | 000,020,934 | ---- | M] () -- C:\Documents and Settings\David Olsson\My Documents\Document.pdf
[2010/09/16 15:18:37 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\David Olsson\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/09/16 15:18:32 | 000,515,884 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/16 15:18:32 | 000,094,922 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/16 15:18:30 | 000,619,098 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/16 08:30:36 | 1005,080,576 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/09/15 03:11:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/14 20:38:12 | 000,003,064 | -H-- | M] () -- C:\Documents and Settings\David Olsson\My Documents\maxdesk.ini2
[2010/09/14 20:34:49 | 000,029,933 | ---- | M] () -- C:\Documents and Settings\David Olsson\My Documents\Sternwheeler Contract.pdf
[2010/09/13 18:04:05 | 000,087,040 | ---- | M] () -- C:\Documents and Settings\David Olsson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/13 12:31:15 | 000,006,035 | ---- | M] () -- C:\Documents and Settings\David Olsson\Application Data\PrimoPDFSet.xml
[2010/09/11 20:08:20 | 000,861,033 | ---- | M] () -- C:\Documents and Settings\David Olsson\My Documents\dapple way walls doors windows.plan
[2010/09/11 17:43:03 | 000,003,023 | ---- | M] () -- C:\Documents and Settings\David Olsson\My Documents\dapple way walls doors windows_p.jpg
[2010/09/11 17:28:03 | 000,842,943 | ---- | M] () -- C:\Documents and Settings\David Olsson\My Documents\dapple way walls plain.plan
[2010/09/11 17:15:55 | 000,003,203 | ---- | M] () -- C:\Documents and Settings\David Olsson\My Documents\dapple way walls plain_p.jpg
[2010/09/11 17:15:24 | 000,840,562 | ---- | M] () -- C:\Documents and Settings\David Olsson\My Documents\dapple way.plan
[2010/09/10 21:05:45 | 000,001,435 | ---- | M] () -- C:\Documents and Settings\David Olsson\My Documents\dapple way_p.jpg
[2010/09/10 20:26:27 | 013,457,696 | ---- | M] () -- C:\Documents and Settings\David Olsson\Desktop\10full08a_h.exe
[2010/09/09 21:11:15 | 009,514,320 | ---- | M] () -- C:\Documents and Settings\David Olsson\My Documents\deleteme-1.pdf
[2010/09/09 17:14:49 | 001,346,828 | ---- | M] () -- C:\Documents and Settings\David Olsson\Desktop\Map of 3240 Dapple Way Eugene, Oregon by MapQuest_1284076950192 copy.tif
[2010/09/09 17:02:35 | 001,812,796 | ---- | M] () -- C:\Documents and Settings\David Olsson\Desktop\Map of 3240 Dapple Way Eugene, Oregon by MapQuest_1284076950192.png
[2010/09/09 16:27:18 | 000,002,880 | ---- | M] () -- C:\Documents and Settings\David Olsson\Desktop\deleteme-1.pdf
[2010/09/08 08:38:57 | 000,015,354 | ---- | M] () -- C:\Quicken_2010_Rental_Property_Manager.torrent
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/05 08:51:42 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\David Olsson\Start Menu\Programs\Startup\Comcast Universal Caller ID.lnk
[2010/10/05 08:51:41 | 000,001,582 | ---- | C] () -- C:\Documents and Settings\David Olsson\Start Menu\Programs\Startup\IDrive Tray.lnk
[2010/10/04 17:25:27 | 000,028,713 | ---- | C] () -- C:\Documents and Settings\David Olsson\Desktop\mrmilos-hotkey-guide-t107.htm
[2010/10/04 10:25:46 | 000,002,654 | ---- | C] () -- C:\Documents and Settings\David Olsson\Desktop\NewMeetingRequestFromEmail.bas
[2010/10/04 10:23:39 | 000,086,980 | ---- | C] () -- C:\Documents and Settings\David Olsson\Desktop\adding-a-vba-macro-to-outlook.aspx
[2010/10/04 09:22:28 | 000,001,998 | ---- | C] () -- C:\Documents and Settings\David Olsson\Desktop\HiJackThis.lnk
[2010/10/02 17:43:59 | 000,001,805 | ---- | C] () -- C:\Documents and Settings\David Olsson\Desktop\Age of Empires III - The Asian Dynasties.lnk
[2010/09/30 10:26:51 | 000,002,158 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Chief Architect Premier X3 Trial Version.lnk
[2010/09/28 17:06:43 | 1005,047,808 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/28 16:32:06 | 000,487,232 | ---- | C] () -- C:\Documents and Settings\David Olsson\Desktop\cc_20100928_163203.reg
[2010/09/27 13:12:21 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\David Olsson\Desktop\esetsmartinstaller_enu.exe
[2010/09/26 19:33:19 | 000,001,798 | ---- | C] () -- C:\Documents and Settings\David Olsson\Desktop\Age of Empires III.lnk
[2010/09/26 19:06:30 | 000,006,460 | ---- | C] () -- C:\Documents and Settings\David Olsson\My Documents\sp_Seville_homecity.xml
[2010/09/20 14:39:10 | 000,064,103 | ---- | C] () -- C:\Documents and Settings\David Olsson\My Documents\Sternwheeler_Scan.pdf
[2010/09/20 14:37:40 | 000,020,934 | ---- | C] () -- C:\Documents and Settings\David Olsson\My Documents\Document.pdf
[2010/09/14 20:34:48 | 000,029,933 | ---- | C] () -- C:\Documents and Settings\David Olsson\My Documents\Sternwheeler Contract.pdf
[2010/09/11 17:43:03 | 000,861,033 | ---- | C] () -- C:\Documents and Settings\David Olsson\My Documents\dapple way walls doors windows.plan
[2010/09/11 17:43:03 | 000,003,023 | ---- | C] () -- C:\Documents and Settings\David Olsson\My Documents\dapple way walls doors windows_p.jpg
[2010/09/11 17:15:55 | 000,842,943 | ---- | C] () -- C:\Documents and Settings\David Olsson\My Documents\dapple way walls plain.plan
[2010/09/11 17:15:55 | 000,003,203 | ---- | C] () -- C:\Documents and Settings\David Olsson\My Documents\dapple way walls plain_p.jpg
[2010/09/10 21:05:45 | 000,840,562 | ---- | C] () -- C:\Documents and Settings\David Olsson\My Documents\dapple way.plan
[2010/09/10 21:05:45 | 000,001,435 | ---- | C] () -- C:\Documents and Settings\David Olsson\My Documents\dapple way_p.jpg
[2010/09/10 20:26:10 | 013,457,696 | ---- | C] () -- C:\Documents and Settings\David Olsson\Desktop\10full08a_h.exe
[2010/09/09 20:55:27 | 009,514,320 | ---- | C] () -- C:\Documents and Settings\David Olsson\My Documents\deleteme-1.pdf
[2010/09/09 17:14:45 | 001,346,828 | ---- | C] () -- C:\Documents and Settings\David Olsson\Desktop\Map of 3240 Dapple Way Eugene, Oregon by MapQuest_1284076950192 copy.tif
[2010/09/09 17:02:34 | 001,812,796 | ---- | C] () -- C:\Documents and Settings\David Olsson\Desktop\Map of 3240 Dapple Way Eugene, Oregon by MapQuest_1284076950192.png
[2010/09/09 16:27:17 | 000,002,880 | ---- | C] () -- C:\Documents and Settings\David Olsson\Desktop\deleteme-1.pdf
[2010/09/08 08:38:55 | 000,015,354 | ---- | C] () -- C:\Quicken_2010_Rental_Property_Manager.torrent
[2010/08/31 16:27:19 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/05/14 10:55:29 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\David Olsson\Local Settings\Application Data\housecall.guid.cache
[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\WINDOWS\System32\wrLZMA.dll
[2009/09/06 14:27:57 | 000,025,842 | ---- | C] () -- C:\Documents and Settings\David Olsson\Application Data\Comma Separated Values (Windows).ADR
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/20 16:26:42 | 000,000,467 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/05/20 16:26:42 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/05/20 16:25:58 | 000,000,395 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009/05/20 16:25:58 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009/05/20 16:21:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2009/05/20 16:21:27 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2009/05/20 16:21:14 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2009/05/20 16:21:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2009/05/20 16:12:01 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/04/02 07:47:00 | 000,022,300 | ---- | C] () -- C:\Documents and Settings\David Olsson\Application Data\Tab Separated Values (DOS).ADR
[2009/04/02 07:43:37 | 000,022,304 | ---- | C] () -- C:\Documents and Settings\David Olsson\Application Data\Tab Separated Values (Windows).ADR
[2009/04/01 09:47:49 | 000,683,801 | ---- | C] () -- C:\Documents and Settings\David Olsson\Application Data\unins000.exe
[2009/04/01 09:47:49 | 000,011,615 | ---- | C] () -- C:\Documents and Settings\David Olsson\Application Data\unins000.dat
[2008/05/30 10:55:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\the.ini
[2008/04/21 12:49:06 | 000,006,035 | ---- | C] () -- C:\Documents and Settings\David Olsson\Application Data\PrimoPDFSet.xml
[2008/04/21 12:49:06 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\David Olsson\Application Data\APUSet.xml
[2008/04/15 14:17:56 | 000,000,611 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2008/01/25 13:32:39 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2008/01/09 16:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/12/12 22:15:28 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2007/10/12 10:30:29 | 000,009,368 | ---- | C] () -- C:\Documents and Settings\David Olsson\Application Data\Comma Separated Values (Windows).EML
[2007/10/07 13:19:36 | 000,034,368 | ---- | C] () -- C:\Program Files\MCj04244600000[1].wmf
[2007/10/07 13:17:47 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/09/13 17:14:15 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2007/09/13 17:11:18 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/09/13 17:11:17 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/06/28 15:39:52 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/04/19 13:17:44 | 000,000,145 | ---- | C] () -- C:\WINDOWS\PLACE32.INI
[2007/04/16 20:06:21 | 000,000,247 | ---- | C] () -- C:\WINDOWS\PLREMOTE.INI
[2007/04/13 12:07:03 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2007/04/11 18:42:25 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\ExportModeller.dll
[2007/04/11 18:42:16 | 000,049,223 | ---- | C] () -- C:\WINDOWS\System32\crtslv.dll
[2007/04/11 18:42:15 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\u25store.dll
[2007/04/11 18:42:01 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\xhbcommdll.dll
[2007/04/11 18:41:59 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll
[2007/04/11 18:41:59 | 000,173,056 | ---- | C] () -- C:\WINDOWS\System32\gteinet.dll
[2007/04/11 18:41:58 | 001,283,072 | ---- | C] () -- C:\WINDOWS\System32\AbacusDB.dll
[2007/04/11 18:41:58 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\crheapalloc.dll
[2007/04/10 09:34:25 | 000,005,299 | ---- | C] () -- C:\WINDOWS\STI.INI
[2007/04/10 09:25:54 | 000,139,776 | ---- | C] () -- C:\WINDOWS\System32\UserEdit.dll
[2007/04/06 11:28:32 | 000,000,577 | ---- | C] () -- C:\WINDOWS\TIMESLIP.INI
[2007/04/06 11:28:13 | 000,244,984 | ---- | C] () -- C:\WINDOWS\System32\tutil32.dll
[2007/04/04 21:16:58 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\regd4e27win83.dll
[2007/01/23 12:58:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2007/01/12 18:41:47 | 000,010,536 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Svclog.log
[2007/01/05 14:39:28 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/26 11:43:54 | 000,087,040 | ---- | C] () -- C:\Documents and Settings\David Olsson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/06 15:49:36 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2006/10/22 13:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 13:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 13:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 13:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/10/07 07:32:32 | 000,001,401 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/10/06 18:42:07 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/10/06 18:42:07 | 000,000,299 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2006/10/06 18:27:26 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/10/06 18:27:26 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\D2178F15B2.sys
[2006/10/06 18:26:47 | 000,016,159 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/10/04 16:08:46 | 000,004,096 | ---- | C] () -- C:\Documents and Settings\David Olsson\Application Data\dvd.bmk
[2006/10/04 16:02:54 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\David Olsson\Local Settings\Application Data\fusioncache.dat
[2006/09/21 19:47:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/21 19:40:42 | 000,004,173 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/21 19:33:50 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/21 19:10:04 | 000,000,302 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 06:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 15:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 15:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/06/12 12:00:56 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2003/01/07 13:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/11/29 09:50:40 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\QTExporter.dll
[1997/06/13 18:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
< End of report >


Let me think There does not seem to be an "extras" report. I searched all of C: and could not find one. Maybe I did something wrong?

dolsson
Novice
Novice

Posts Posts : 24
Joined Joined : 2010-08-21
OS OS : XP pro SP3
Protection Protection : MacAfee VirusScan Enterprise 7.1/Webroot Spysweeper
Points Points : 23336
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Possible Malware: Rogue.WinAntiVirus

Post by dolsson on 5th October 2010, 4:34 pm

I moved OTL to the desktop, which I had not done the first time, reran it and still did not get an extras file. I'm guessing: A. There are no "extras." or B. I did something wrong. Please let me know if I need to change something and run it again.

Thanks.

dolsson
Novice
Novice

Posts Posts : 24
Joined Joined : 2010-08-21
OS OS : XP pro SP3
Protection Protection : MacAfee VirusScan Enterprise 7.1/Webroot Spysweeper
Points Points : 23336
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum