Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Generic Rootkit Trojan, autorun.inf recurring infections,

Started by Liquesence , Mar 16 2009 02:24 PM

  • Please log in to reply

#1
Liquesence
Posted 16 March 2009 - 02:24 PM

Liquesence

    New Member

  • Member
  • Pip
  • 7 posts
Have read the malware guide, and followed the instructions.

Downloaded something, which turned out to be a trojan. I found out about this when i did a search on google, and nothing was found. I tried several searches, such as "ham" and it came back saying there is nothing on the web about "ham," so i knew something was up. I tried to access F: and C: through "my computer," and access was denied, with the error message "windows cannot find recycler\s-9-3-18...." Eventually downloaded and ran a program (i can't recall which one it was, it might have been NTREGOPT) which fixed the problem of being unable to access C:

Ran McAfee. McAfee found three things: a generic rootkit trojan (ntoskrnl-hook), C:autorun.inf trojan and F:autorun.inf trojan. McAfee said that the rootkit trojan was fixed, and that the other two were quarantined. But, the problem was not fixed.

Same things above happening over and over. Decided to scan with AVG free, and it found nothing. Got the internet working, and was able to download Avast. Scan found c:autorun and F: autorun infections, but it could not clean them, nor could it repair them. Ran McAfee again, found the generic rootkit trojan, which it said it had cleaned before, but it did not find the autorun trojans.

Now, i am having malware redirecting my browser whenever i click on stuff, and i am not able to do searches.

Again, i have gone through the malware cleaning guide as mentined on this site, and i still have the infection.

I was able to download malwarebytes, but it will not open/execute, so i can't use it.

Am not able to update windows.

Most everything else works, just having trouble with the internet/searches/browser redirect. Also, certain programs simplt will not open (spybot s&d, mozilla).

OTList.txt

OTListIt logfile created on: 3/16/2009 3:47:53 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.5.2 Folder = C:\Documents and Settings\DAVAwter\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 100.09 Mb Available Physical Memory | 19.62% Memory free
1.22 Gb Paging File | 0.42 Gb Available in Paging File | 34.50% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.26 Gb Total Space | 58.79 Gb Free Space | 82.49% Space Free | Partition Type: NTFS
Drive D: | 7.13 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
Drive F: | 931.51 Gb Total Space | 824.43 Gb Free Space | 88.50% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D9LJN661
Current User Name: DAVAwter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\svcnost.exe (Microsoft Corporation)
PRC - C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
PRC - C:\WINDOWS\system32\LEXPPS.EXE (Lexmark International, Inc.)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()
PRC - C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - c:\Program Files\McAfee\VirusScan\mcvsshld.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\AVG\AVG8\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()
PRC - C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Opera\opera.exe (Opera Software)
PRC - C:\Documents and Settings\DAVAwter\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Stopped]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (avg8emc [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CCALib8 [Auto | Running]) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (InCDsrv [Auto | Running]) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (InCDsrvR [Auto | Stopped]) -- C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (KodakCCS [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company)
SRV - (LexBceS [Auto | Running]) -- C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
SRV - (MBackMonitor [On_Demand | Stopped]) -- C:\Program Files\McAfee\MBK\MBackMonitor.exe (McAfee)
SRV - (McAfee SiteAdvisor Service [Auto | Running]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Running]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Running]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Running]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Running]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSK80Service [Auto | Running]) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (Aspi32 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (AvgLdx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DcCam [System | Running]) -- C:\WINDOWS\system32\DRIVERS\DcCam.sys (Eastman Kodak Company)
DRV - (DcFpoint [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\DcFpoint.sys (Eastman Kodak Company)
DRV - (DCFS2K [Auto | Running]) -- C:\WINDOWS\system32\drivers\dcfs2k.sys (Eastman Kodak Company)
DRV - (DcLps [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\DcLps.sys (Eastman Kodak Company)
DRV - (DcPTP [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\DcPTP.sys (Eastman Kodak Company)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (Exportit [System | Stopped]) -- C:\WINDOWS\system32\DRIVERS\exportit.sys (Eastman Kodak Company)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (InCDfs [Disabled | Running]) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Nero AG)
DRV - (InCDPass [System | Running]) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys (Nero AG)
DRV - (incdrm [System | Running]) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Nero AG)
DRV - (IntelC51 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\IntelC51.sys (Intel Corporation)
DRV - (IntelC52 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\IntelC52.sys (Intel Corporation)
DRV - (IntelC53 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\IntelC53.sys (Intel Corporation)
DRV - (mfeavfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (mohfilt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\mohfilt.sys (Intel Corporation)
DRV - (MPFP [System | Running]) -- C:\WINDOWS\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci [System | Running]) -- C:\WINDOWS\system32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (senfilt [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (sisagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (wsvad_driver [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\VirtualAudio.sys (Wondershare)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://search.orbitd...downloader.com"
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {d51d388b-f5dc-471a-a1ce-5e2d671091c0}:1.5.46.5
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.7.2.6
FF - prefs.js..extensions.enabledItems: {47d1d620-5e5b-11da-8cd6-0800200c9a66}:2.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.0.5
FF - prefs.js..extensions.enabledItems: {66871bd1-5ba2-4739-b485-2a15f5969bd8}:2.081108
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.0.4


FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\COMPONENTS [2009/03/06 20:39:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\PLUGINS [2009/03/06 20:39:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2009/02/12 10:23:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/15 10:22:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/15 10:22:31 | 00,000,000 | ---D | M]

[2008/09/03 13:27:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DAVAwter\Application Data\mozilla\Extensions
[2008/09/03 13:27:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DAVAwter\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/15 14:41:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DAVAwter\Application Data\mozilla\Firefox\Profiles\gnkm7vdo.default\extensions
[2008/09/26 15:11:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DAVAwter\Application Data\mozilla\Firefox\Profiles\gnkm7vdo.default\extensions\{47d1d620-5e5b-11da-8cd6-0800200c9a66}
[2009/02/19 11:43:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DAVAwter\Application Data\mozilla\Firefox\Profiles\gnkm7vdo.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/11/22 13:06:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DAVAwter\Application Data\mozilla\Firefox\Profiles\gnkm7vdo.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2008/09/30 13:57:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DAVAwter\Application Data\mozilla\Firefox\Profiles\gnkm7vdo.default\extensions\{66871bd1-5ba2-4739-b485-2a15f5969bd8}
[2009/01/15 13:33:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DAVAwter\Application Data\mozilla\Firefox\Profiles\gnkm7vdo.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2009/03/15 14:21:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DAVAwter\Application Data\mozilla\Firefox\Profiles\gnkm7vdo.default\extensions\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}
[2008/12/31 23:26:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DAVAwter\Application Data\mozilla\Firefox\Profiles\gnkm7vdo.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2009/03/15 14:41:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DAVAwter\Application Data\mozilla\Firefox\Profiles\gnkm7vdo.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2008/09/03 13:25:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/15 10:22:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/15 10:22:20 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/15 10:22:20 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/07/02 12:31:38 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/07/02 12:31:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/07/02 12:31:38 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/26 16:38:03 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/07/02 12:31:38 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/07/02 12:31:38 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/07/02 12:31:38 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (302504 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 10429 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HelpCenter4.1] C:\Program Files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe /P HelpCenter4.1 File not found
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide (McAfee, Inc.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto (Microsoft Corporation)
O4 - HKLM..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()
O4 - HKLM..\RunOnceEx: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1220117172203 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.91,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{7A87307E-C6BF-49D5-B007-E1D971177037}\\NameServer = 85.255.112.91,85.255.112.85
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (C:\WINDOWS\system32\svcnost.exe) - C:\WINDOWS\system32\svcnost.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\system32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/03/16 15:46:29 | 00,499,712 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\DAVAwter\Desktop\OTListIt2.exe
[2009/03/16 15:41:43 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/16 15:40:09 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\DAVAwter\Desktop\Rooter.exe
[2009/03/16 10:48:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/16 10:47:46 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\DAVAwter\Desktop\NTREGOPT.lnk
[2009/03/16 10:47:46 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\DAVAwter\Desktop\ERUNT.lnk
[2009/03/16 10:47:44 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/03/16 10:46:04 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\DOCUME~1\DAVAwter\Desktop\erunt_setup.exe
[2009/03/16 10:42:50 | 00,000,000 | ---D | C] -- C:\DOCUME~1\DAVAwter\Desktop\SysRestorePoint_v13
[2009/03/16 10:16:09 | 00,001,734 | ---- | C] () -- C:\DOCUME~1\DAVAwter\Desktop\HijackThis.lnk
[2009/03/16 10:16:08 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/15 22:13:14 | 00,001,709 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\avast! Antivirus.lnk
[2009/03/15 22:13:12 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/03/15 22:13:12 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/03/15 22:13:11 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/03/15 22:13:09 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/03/15 22:13:06 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/03/15 22:13:06 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/03/15 22:13:05 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/03/15 22:13:05 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/03/15 22:12:37 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/03/15 22:12:37 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/03/15 22:12:33 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/03/15 22:05:53 | 31,262,848 | ---- | C] () -- C:\DOCUME~1\DAVAwter\Desktop\setupeng.exe
[2009/03/15 18:03:02 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/15 18:03:02 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/15 18:03:00 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/15 18:02:58 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/15 18:02:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/15 13:53:23 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\svcnost.exe
[2009/03/15 13:26:39 | 00,020,608 | ---- | C] (Wondershare) -- C:\WINDOWS\System32\drivers\VirtualAudio.sys
[2009/03/15 12:32:01 | 00,000,000 | ---D | C] -- C:\Program Files\GSpot
[2009/03/15 12:30:59 | 00,000,000 | ---D | C] -- C:\DOCUME~1\DAVAwter\Desktop\Misc Progs
[2009/03/14 20:20:00 | 04,153,472 | ---- | C] () -- C:\DOCUME~1\DAVAwter\My Documents\07_Badfinger_-_Suitcase_(Straight_Up) (1).mp3
[2009/03/14 17:19:15 | 02,109,656 | ---- | C] () -- C:\DOCUME~1\DAVAwter\My Documents\03_Badfinger_-_Money_(Straight_Up) (1).mp3
[2009/03/14 17:18:32 | 00,923,824 | ---- | C] () -- C:\DOCUME~1\DAVAwter\My Documents\02_Badfinger_-_Baby_Blue_(Straight_Up) (1).mp3
[2009/03/14 17:12:43 | 05,171,328 | ---- | C] () -- C:\DOCUME~1\DAVAwter\My Documents\18_Badfinger_-_Baby_Blue_(Straight_Up).mp3
[2009/03/14 17:12:30 | 05,988,648 | ---- | C] () -- C:\DOCUME~1\DAVAwter\My Documents\17_Badfinger_-_Perfection_(Straight_Up).mp3
[2009/03/14 17:11:42 | 04,814,976 | ---- | C] () -- C:\DOCUME~1\DAVAwter\My Documents\16_Badfinger_-_Suitcase_(Straight_Up).mp3
[2009/03/14 17:11:32 | 06,412,416 | ---- | C] () -- C:\DOCUME~1\DAVAwter\My Documents\15_Badfinger_-_Name_Of_The_Game_(Straight_Up).mp3
[2009/03/14 17:11:18 | 03,502,208 | ---- | C] () -- C:\DOCUME~1\DAVAwter\My Documents\14_Badfinger_-_Flying_(Straight_Up).mp3
[2009/03/14 17:10:37 | 06,260,864 | ---- | C] () -- C:\DOCUME~1\DAVAwter\My Documents\13_Badfinger_-_Money_(Straight_Up).mp3
[2009/03/14 17:10:07 | 05,138,560 | ---- | C] () -- C:\DOCUME~1\DAVAwter\My Documents\12_Badfinger_-_It's_Over_(Straight_Up).mp3
[2009/03/14 17:09:32 | 07,389,312 | ---- | C] () -- C:\DOCUME~1\DAVAwter\My Documents\11_Badfinger_-_Perfection_(Straight_Up).mp3
[2009/03/14 17:09:25 | 04,239,488 | ---- | C] () -- C:\DOCUME~1\DAVAwter\My Documents\10_Badfinger_-_Sometimes_(Straight_Up).mp3
[2009/03/14 17:08:16 | 04,558,976 | ---- | C] () -- C:\DOCUME~1\DAVAwter\My Documents\09_Badfinger_-_Day_After_Day_(Straight_Up).mp3
[2009/03/14 17:04:59 | 03,639,424 | ---- | C] () -- C:\DOCUME~1\DAVAwter\My Documents\08_Badfinger_-_Sweet_Tuesday_Morning_(Straight_Up).mp3
[2009/03/14 17:04:58 | 07,671,936 | ---- | C] () -- C:\DOCUME~1\DAVAwter\My Documents\06_Badfinger_-_Name_Of_The_Game_(Straight_Up).mp3
[2009/03/14 17:04:56 | 00,712,336 | ---- | C] () -- C:\DOCUME~1\DAVAwter\My Documents\07_Badfinger_-_Suitcase_(Straight_Up).mp3
[2009/03/14 17:04:53 | 03,688,576 | ---- | C] () -- C:\DOCUME~1\DAVAwter\My Documents\05_Badfinger_-_I'd_Die_Babe_(Straight_Up).mp3
[2009/03/14 17:04:50 | 03,803,264 | ---- | C] () -- C:\DOCUME~1\DAVAwter\My Documents\04_Badfinger_-_Flying_(Straight_Up).mp3
[2009/03/14 17:04:44 | 00,906,368 | ---- | C] () -- C:\DOCUME~1\DAVAwter\My Documents\03_Badfinger_-_Money_(Straight_Up).mp3
[2009/03/14 17:04:36 | 01,045,376 | ---- | C] () -- C:\DOCUME~1\DAVAwter\My Documents\02_Badfinger_-_Baby_Blue_(Straight_Up).mp3
[2009/03/14 17:03:57 | 01,261,128 | ---- | C] () -- C:\DOCUME~1\DAVAwter\My Documents\01_Badfinger_-_Take_It_All_(Straight_Up) (2).mp3
[2009/03/14 17:03:39 | 00,301,496 | ---- | C] () -- C:\DOCUME~1\DAVAwter\My Documents\01_Badfinger_-_Take_It_All_(Straight_Up) (1).mp3
[2009/03/14 17:03:20 | 00,301,496 | ---- | C] () -- C:\DOCUME~1\DAVAwter\My Documents\01_Badfinger_-_Take_It_All_(Straight_Up).mp3
[2009/03/14 12:34:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DAVAwter\Application Data\NCH Software
[2009/03/14 12:29:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2009/03/14 12:27:49 | 00,000,000 | ---D | C] -- C:\Program Files\Canon
[2009/03/14 12:25:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2009/03/14 12:25:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon
[2009/03/14 12:23:37 | 00,000,000 | ---D | C] -- C:\Program Files\NCH Swift Sound
[2009/03/14 12:14:38 | 00,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2009/03/11 10:32:29 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Opera.lnk
[2009/03/10 11:39:32 | 41,062,389 | ---- | C] () -- C:\DOCUME~1\DAVAwter\Desktop\Nightmare At Elm Manor [Horror Nudie Cutie Short].rar
[2009/03/06 20:39:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DAVAwter\Local Settings\Application Data\eMusic
[2009/03/06 20:39:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DAVAwter\Application Data\eMusic
[2009/03/06 20:39:16 | 00,000,000 | --SD | C] -- C:\DOCUME~1\DAVAwter\Desktop\My eMusic
[2009/03/06 20:38:52 | 00,000,000 | ---D | C] -- C:\Program Files\eMusic Download Manager
[2009/03/04 13:11:34 | 05,825,446 | ---- | C] () -- C:\DOCUME~1\DAVAwter\My Documents\W Film guide.pdf
[2009/03/03 15:05:53 | 00,067,990 | ---- | C] () -- C:\WINDOWS\UNNVEContent.cfg
[2009/03/03 13:29:50 | 00,030,734 | ---- | C] () -- C:\DOCUME~1\DAVAwter\Desktop\deep red subs.zip
[2009/03/02 21:04:33 | 00,000,000 | ---D | C] -- C:\Program Files\Nero
[2009/03/01 16:30:14 | 04,108,019 | ---- | C] () -- C:\EasyShare.dmp
[2009/03/01 16:27:39 | 00,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.DAVAwter.ini
[2009/03/01 12:28:16 | 00,000,000 | ---D | C] -- C:\DOCUME~1\DAVAwter\My Documents\NeroVision
[2009/03/01 12:22:13 | 00,000,000 | ---D | C] -- C:\DOCUME~1\DAVAwter\My Documents\CyberLink
[2009/03/01 12:18:25 | 19,333,112 | ---- | C] (DivX, Inc.) -- C:\DOCUME~1\DAVAwter\Desktop\DivXInstaller.exe
[2009/02/28 18:34:26 | 00,000,000 | ---D | C] -- C:\DOCUME~1\DAVAwter\My Documents\eMule Downloads
[2009/02/28 18:34:20 | 00,000,722 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\eMule.lnk
[2009/02/28 18:34:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DAVAwter\Application Data\eMule
[2009/02/28 18:33:44 | 00,000,000 | ---D | C] -- C:\Program Files\eMule
[2009/02/27 18:06:49 | 00,000,000 | ---D | C] -- C:\DOCUME~1\DAVAwter\My Documents\Azureus Downloads
[2009/02/27 17:32:25 | 00,000,000 | ---D | C] -- C:\DOCUME~1\DAVAwter\My Documents\My eBooks
[2009/02/26 19:06:48 | 00,000,000 | ---D | C] -- C:\DOCUME~1\DAVAwter\My Documents\dvd
[2009/02/26 10:25:14 | 00,000,000 | ---D | C] -- C:\downloads
[2009/02/15 12:19:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DAVAwter\Local Settings\Application Data\Yahoo
[2009/02/15 12:17:09 | 00,000,812 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Yahoo! Messenger.lnk

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[2 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/03/16 15:46:32 | 00,499,712 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\DAVAwter\Desktop\OTListIt2.exe
[2009/03/16 15:40:09 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\DAVAwter\Desktop\Rooter.exe
[2009/03/16 15:38:17 | 00,000,611 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/03/16 15:38:17 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/03/16 15:38:17 | 00,000,211 | RHS- | M] () -- C:\BOOT.INI
[2009/03/16 11:47:22 | 00,024,407 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2009/03/16 11:43:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/16 11:43:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/03/16 10:51:13 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/16 10:47:46 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\DAVAwter\Desktop\NTREGOPT.lnk
[2009/03/16 10:47:46 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\DAVAwter\Desktop\ERUNT.lnk
[2009/03/16 10:46:09 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\DOCUME~1\DAVAwter\Desktop\erunt_setup.exe
[2009/03/16 10:16:09 | 00,001,734 | ---- | M] () -- C:\DOCUME~1\DAVAwter\Desktop\HijackThis.lnk
[2009/03/15 22:13:14 | 00,001,709 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\avast! Antivirus.lnk
[2009/03/15 22:13:06 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/03/15 22:11:31 | 31,262,848 | ---- | M] () -- C:\DOCUME~1\DAVAwter\Desktop\setupeng.exe
[2009/03/15 18:00:24 | 00,000,363 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2009/03/15 13:53:23 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svcnost.exe
[2009/03/15 01:21:35 | 00,000,346 | ---- | M] () -- C:\WINDOWS\tasks\McDefragTask.job
[2009/03/14 20:57:33 | 01,143,808 | R--- | M] () -- C:\DOCUME~1\ALLUSE~1\Documents\ESBK.mbb
[2009/03/14 20:57:33 | 00,852,992 | R--- | M] () -- C:\DOCUME~1\ALLUSE~1\Documents\ESBK.mb
[2009/03/14 20:49:06 | 00,002,137 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\iTunes.lnk
[2009/03/14 20:33:28 | 05,988,648 | ---- | M] () -- C:\DOCUME~1\DAVAwter\My Documents\17_Badfinger_-_Perfection_(Straight_Up).mp3
[2009/03/14 20:31:03 | 04,814,976 | ---- | M] () -- C:\DOCUME~1\DAVAwter\My Documents\16_Badfinger_-_Suitcase_(Straight_Up).mp3
[2009/03/14 20:30:08 | 05,171,328 | ---- | M] () -- C:\DOCUME~1\DAVAwter\My Documents\18_Badfinger_-_Baby_Blue_(Straight_Up).mp3
[2009/03/14 20:28:31 | 06,412,416 | ---- | M] () -- C:\DOCUME~1\DAVAwter\My Documents\15_Badfinger_-_Name_Of_The_Game_(Straight_Up).mp3
[2009/03/14 20:26:43 | 04,153,472 | ---- | M] () -- C:\DOCUME~1\DAVAwter\My Documents\07_Badfinger_-_Suitcase_(Straight_Up) (1).mp3
[2009/03/14 20:21:15 | 03,502,208 | ---- | M] () -- C:\DOCUME~1\DAVAwter\My Documents\14_Badfinger_-_Flying_(Straight_Up).mp3
[2009/03/14 20:20:54 | 04,558,976 | ---- | M] () -- C:\DOCUME~1\DAVAwter\My Documents\09_Badfinger_-_Day_After_Day_(Straight_Up).mp3
[2009/03/14 20:20:09 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/14 20:14:43 | 07,389,312 | ---- | M] () -- C:\DOCUME~1\DAVAwter\My Documents\11_Badfinger_-_Perfection_(Straight_Up).mp3
[2009/03/14 20:13:48 | 06,260,864 | ---- | M] () -- C:\DOCUME~1\DAVAwter\My Documents\13_Badfinger_-_Money_(Straight_Up).mp3
[2009/03/14 20:13:33 | 07,671,936 | ---- | M] () -- C:\DOCUME~1\DAVAwter\My Documents\06_Badfinger_-_Name_Of_The_Game_(Straight_Up).mp3
[2009/03/14 20:13:29 | 05,138,560 | ---- | M] () -- C:\DOCUME~1\DAVAwter\My Documents\12_Badfinger_-_It's_Over_(Straight_Up).mp3
[2009/03/14 20:04:07 | 03,639,424 | ---- | M] () -- C:\DOCUME~1\DAVAwter\My Documents\08_Badfinger_-_Sweet_Tuesday_Morning_(Straight_Up).mp3
[2009/03/14 20:02:57 | 03,803,264 | ---- | M] () -- C:\DOCUME~1\DAVAwter\My Documents\04_Badfinger_-_Flying_(Straight_Up).mp3
[2009/03/14 20:02:37 | 03,688,576 | ---- | M] () -- C:\DOCUME~1\DAVAwter\My Documents\05_Badfinger_-_I'd_Die_Babe_(Straight_Up).mp3
[2009/03/14 19:59:33 | 04,239,488 | ---- | M] () -- C:\DOCUME~1\DAVAwter\My Documents\10_Badfinger_-_Sometimes_(Straight_Up).mp3
[2009/03/14 17:27:46 | 02,109,656 | ---- | M] () -- C:\DOCUME~1\DAVAwter\My Documents\03_Badfinger_-_Money_(Straight_Up) (1).mp3
[2009/03/14 17:22:15 | 00,923,824 | ---- | M] () -- C:\DOCUME~1\DAVAwter\My Documents\02_Badfinger_-_Baby_Blue_(Straight_Up) (1).mp3
[2009/03/14 17:09:56 | 01,261,128 | ---- | M] () -- C:\DOCUME~1\DAVAwter\My Documents\01_Badfinger_-_Take_It_All_(Straight_Up) (2).mp3
[2009/03/14 17:09:30 | 00,906,368 | ---- | M] () -- C:\DOCUME~1\DAVAwter\My Documents\03_Badfinger_-_Money_(Straight_Up).mp3
[2009/03/14 17:09:21 | 01,045,376 | ---- | M] () -- C:\DOCUME~1\DAVAwter\My Documents\02_Badfinger_-_Baby_Blue_(Straight_Up).mp3
[2009/03/14 17:08:14 | 00,712,336 | ---- | M] () -- C:\DOCUME~1\DAVAwter\My Documents\07_Badfinger_-_Suitcase_(Straight_Up).mp3
[2009/03/14 17:03:39 | 00,301,496 | ---- | M] () -- C:\DOCUME~1\DAVAwter\My Documents\01_Badfinger_-_Take_It_All_(Straight_Up) (1).mp3
[2009/03/14 17:03:35 | 00,301,496 | ---- | M] () -- C:\DOCUME~1\DAVAwter\My Documents\01_Badfinger_-_Take_It_All_(Straight_Up).mp3
[2009/03/14 16:31:29 | 34,058,980 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/03/13 18:29:18 | 00,008,704 | ---- | M] () -- C:\Documents and Settings\DAVAwter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/13 09:37:42 | 00,037,735 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/03/12 20:21:08 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/11 10:32:29 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Opera.lnk
[2009/03/11 06:42:27 | 00,000,654 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Raptor.lnk
[2009/03/11 03:16:12 | 00,473,400 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/11 03:16:12 | 00,402,406 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/03/11 03:16:12 | 00,063,016 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/03/11 03:11:29 | 00,221,632 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/11 03:01:55 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/10 12:28:17 | 41,062,389 | ---- | M] () -- C:\DOCUME~1\DAVAwter\Desktop\Nightmare At Elm Manor [Horror Nudie Cutie Short].rar
[2009/03/04 13:11:36 | 05,825,446 | ---- | M] () -- C:\DOCUME~1\DAVAwter\My Documents\W Film guide.pdf
[2009/03/03 13:47:58 | 19,333,112 | ---- | M] (DivX, Inc.) -- C:\DOCUME~1\DAVAwter\Desktop\DivXInstaller.exe
[2009/03/03 13:29:50 | 00,030,734 | ---- | M] () -- C:\DOCUME~1\DAVAwter\Desktop\deep red subs.zip
[2009/03/03 12:57:30 | 00,001,577 | ---- | M] () -- C:\DOCUME~1\DAVAwter\Desktop\DVD Flick.lnk
[2009/03/01 16:30:18 | 04,108,019 | ---- | M] () -- C:\EasyShare.dmp
[2009/03/01 16:27:39 | 00,000,022 | ---- | M] () -- C:\WINDOWS\kodakpcd.DAVAwter.ini
[2009/03/01 02:00:54 | 00,000,338 | ---- | M] () -- C:\WINDOWS\tasks\McQcTask.job
[2009/02/28 18:34:20 | 00,000,722 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\eMule.lnk
[2009/02/27 12:53:26 | 00,000,630 | ---- | M] () -- C:\DOCUME~1\DAVAwter\Desktop\µTorrent.lnk
[2009/02/26 22:13:01 | 00,302,504 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2009/02/26 18:58:42 | 00,297,286 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20090226-211301.backup
[2009/02/25 12:55:00 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/02/19 18:31:26 | 00,401,372 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/02/15 12:17:09 | 00,000,812 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Yahoo! Messenger.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

OTList Extras:

OTListIt Extras logfile created on: 3/16/2009 3:47:53 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.5.2 Folder = C:\Documents and Settings\DAVAwter\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 100.09 Mb Available Physical Memory | 19.62% Memory free
1.22 Gb Paging File | 0.42 Gb Available in Paging File | 34.50% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.26 Gb Total Space | 58.79 Gb Free Space | 82.49% Space Free | Partition Type: NTFS
Drive D: | 7.13 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
Drive F: | 931.51 Gb Total Space | 824.43 Gb Free Space | 88.50% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: D9LJN661
Current User Name: DAVAwter
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL (America Online, Inc.)
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL (America Online, Inc)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL (America Online, Inc.)
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL (America Online, Inc)
C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe (AVG Technologies CZ, s.r.o.)
C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe (AVG Technologies CZ, s.r.o.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server File not found
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM (AOL LLC)
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 (America Online, Inc.)
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare ()
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent (McAfee, Inc.)
C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit (Orbitdownloader.com)
C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit (Orbitdownloader.com)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{33BEE6F3-9987-4F98-A069-97A64EC8321A}" = Microsoft Works Suite Add-in for Microsoft Word
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{42AD318E-C3FD-4445-8BCA-BE14368C634A}_is1" = Raptor 1.04b
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{8704D51E-25B7-4F23-81E7-AA4F54790210}" = Microsoft Streets and Trips 2004
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}" = Opera 9.64
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B9966F27-9678-4620-9579-925E3084647E}" = Microsoft Works
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{E2B64929-B616-4235-B10E-D26D686296F9}" = GiPo@FileUtilities 3.2
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"avast!" = avast! Antivirus
"AVG8Uninstall" = AVG Free 8.0
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CSCLIB" = Canon Camera Support Core Library
"Dell Photo Printer 720" = Dell Photo Printer 720
"DVD Audio Ripper" = DVD Audio Ripper
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Flick_is1" = DVD Flick 1.3.0.6
"eMule" = eMule
"eMusic Download Manager" = eMusic Download Manager 4.1.1
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"ExpressBurn" = Express Burn
"FlashLynx" = FlashLynx Video Download Software
"GSpot" = GSpot Codec Information Appliance
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mininova-Vuze Toolbar" = Mininova-Vuze Toolbar
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVEContent!UninstallKey" = NeroVision Express Content
"Orbit_is1" = Orbit Downloader
"PhotoStitch" = Canon Utilities PhotoStitch
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"Pixillion" = Pixillion Image Converter
"Prism" = Prism Video Converter
"RadialpointClientGateway_is1" = BellSouth Internet Security - Alert Manager 1.5.11
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer Basic
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Shockwave" = Shockwave
"SpywareBlaster_is1" = SpywareBlaster 4.1
"StreetPlugin" = Learn2 Player (Uninstall Only)
"VideoPad" = VideoPad Video Editor
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2004Setup" = Microsoft Works 2004 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/12/2009 4:57:34 AM | Computer Name = D9LJN661 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 4476 (0x117c) Thread address : 0x1206CC72 Thread message : Build VSCORE.14.0.0.384
/ 5300.2777 Object being scanned = \Device\HarddiskVolume2\WINDOWS\system32\drivers\wa301a.sys

by C:\WINDOWS\system32\MRT.exe 4(2031)(0) 4(2031)(0) 7200(2031)(0) 7595(2031)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 2/12/2009 10:27:55 AM | Computer Name = D9LJN661 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 3148 (0xc4c) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.384
/ 5300.2777 Object being scanned = \Device\HarddiskVolume2\Program Files\iPod\iPod
Updater 2006-01-10\iPod Updater 2006-01-10.exe by C:\WINDOWS\Explorer.EXE 4(0)(0)

4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 2/15/2009 8:20:10 PM | Computer Name = D9LJN661 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 4676 (0x1244) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.384
/ 5300.2777 Object being scanned = \Device\HarddiskVolume2\Documents and Settings\DAVAwter\Local
Settings\Application Data\Opera\Opera\profile\cache4\opr0C3M2 by C:\Program Files\Opera\opera.exe

4(47)(0) 4(47)(0) 7200(47)(0) 7595(47)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 2/15/2009 9:05:43 PM | Computer Name = D9LJN661 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 2/15/2009 9:06:06 PM | Computer Name = D9LJN661 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 2/15/2009 11:20:10 PM | Computer Name = D9LJN661 | Source = McLogEvent | ID = 5046
Description = The McShield scanning service cannot find any configuration in the
registry

Error - 2/20/2009 11:17:19 PM | Computer Name = D9LJN661 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 4240 (0x1090) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.384
/ 5300.2777 Object being scanned = \Device\HarddiskVolume2\Documents and Settings\DAVAwter\Local
Settings\Application Data\Opera\Opera\profile\cache4\opr0CGQ4 by C:\Program Files\Opera\opera.exe

4(125)(0) 4(125)(0) 7200(125)(0) 7595(125)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0)
5004(0)(0)

Error - 2/20/2009 11:17:19 PM | Computer Name = D9LJN661 | Source = McLogEvent | ID = 5019
Description = Exception in McShield.Exe! Exception details follow : VSCORE.14.0.0.384
Exception
Code : 0XC0000005 Exception Address : 0X0040808C Exception Parameters :
2 Param 1 = 0X00000001 Param 2 = 0X00000014 More information : ScanRequest : NTName
is \Device\HarddiskVolume2\Documents and Settings\DAVAwter\Application Data\Azureus\logs\Friends_1.log.


Error - 2/21/2009 1:33:01 AM | Computer Name = D9LJN661 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 4664 (0x1238) Thread address : 0x7C90E4F4 Thread message : Build VSCORE.14.0.0.384
/ 5300.2777 Object being scanned = \Device\HarddiskVolume2\Documents and Settings\DAVAwter\Local
Settings\Application Data\Opera\Opera\profile\cache4\opr0CGT1 by C:\Program Files\Opera\opera.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 2/21/2009 12:19:04 PM | Computer Name = D9LJN661 | Source = McLogEvent | ID = 5051
Description = A thread in process C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 4832 (0x12e0) Thread address : 0x12121B05 Thread message : Build VSCORE.14.0.0.384
/ 5300.2777 Object being scanned = \Device\HarddiskVolume2\Program Files\Vuze\Azureus.exe

by C:\WINDOWS\Explorer.EXE 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0)

5006(0)(0) 5004(0)(0)

[ System Events ]
Error - 3/16/2009 11:48:53 AM | Computer Name = D9LJN661 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 3/16/2009 11:48:53 AM | Computer Name = D9LJN661 | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 3/16/2009 11:49:26 AM | Computer Name = D9LJN661 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 3/16/2009 11:49:26 AM | Computer Name = D9LJN661 | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 3/16/2009 11:49:56 AM | Computer Name = D9LJN661 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 3/16/2009 11:49:56 AM | Computer Name = D9LJN661 | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 3/16/2009 11:50:27 AM | Computer Name = D9LJN661 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 3/16/2009 11:50:27 AM | Computer Name = D9LJN661 | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 3/16/2009 11:50:54 AM | Computer Name = D9LJN661 | Source = Service Control Manager | ID = 7034
Description = The avast! Web Scanner service terminated unexpectedly. It has done
this 1 time(s).

Error - 3/16/2009 11:52:09 AM | Computer Name = D9LJN661 | Source = Service Control Manager | ID = 7034
Description = The McAfee Scanner service terminated unexpectedly. It has done this
1 time(s).


< End of report >

Rooter.txt

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:72974 Mo/Free:2855 Mo)
D:\ [CD-Rom] (Total:7296 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [Fixed] - NTFS - (Total:953867 Mo/Free:438 Mo)

Mon 03/16/2009|16:08

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svcnost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Ahead\InCD\InCDsrv.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashServ.exe
---------- C:\WINDOWS\system32\LEXBCES.EXE
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\LEXPPS.EXE
---------- C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
---------- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
---------- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\PROGRA~1\AVG\AVG8\avgrsx.exe
---------- C:\PROGRA~1\AVG\AVG8\avgnsx.exe
---------- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
---------- C:\Program Files\McAfee\MPF\MPFSrv.exe
---------- C:\Program Files\McAfee\MSK\MskSrver.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Viewpoint\Common\ViewpointService.exe
---------- C:\PROGRA~1\AVG\AVG8\avgemc.exe
---------- C:\Program Files\AVG\AVG8\avgcsrvx.exe
---------- C:\Program Files\Canon\CAL\CALMAIN.exe
---------- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
---------- C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
---------- C:\Program Files\Dell\Media Experience\PCMService.exe
---------- C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
---------- C:\WINDOWS\system32\hkcmd.exe
---------- C:\PROGRA~1\AVG\AVG8\avgtray.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
---------- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
---------- c:\PROGRA~1\mcafee.com\agent\mcagent.exe
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
---------- c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
---------- C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\Explorer.EXE
---------- c:\PROGRA~1\mcafee.com\agent\mcagent.exe
---------- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
---------- C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
---------- C:\Program Files\Dell\Media Experience\PCMService.exe
---------- C:\WINDOWS\system32\hkcmd.exe
---------- C:\PROGRA~1\AVG\AVG8\avgtray.exe
---------- C:\Program Files\Opera\opera.exe
---------- C:\Documents and Settings\DAVAwter\Desktop\OTListIt2.exe
---------- C:\WINDOWS\notepad.exe
---------- C:\WINDOWS\notepad.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.91,85.255.112.85
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.91,85.255.112.85
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
NameServer REG_SZ 85.255.112.91,85.255.112.85
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\..\{7A87307E-C6BF-49D5-B007-E1D971177037}]
NameServer REG_SZ 85.255.112.91,85.255.112.85
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\..\{7A87307E-C6BF-49D5-B007-E1D971177037}]
NameServer REG_SZ 85.255.112.91,85.255.112.85
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\..\{7A87307E-C6BF-49D5-B007-E1D971177037}]
NameServer REG_SZ 85.255.112.91,85.255.112.85
==> WAREOUT <==

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Mon 03/16/2009|15:43
2 - "C:\Rooter$\Rooter_2.txt" - Mon 03/16/2009|16:09

----------------------\\ Scan completed at 16:09



Any Help appreciated. THANK YOU!!!
  • 0

Advertisements

#2
Liquesence
Posted 18 March 2009 - 03:59 PM

Liquesence

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Update:

Having looked at the rooter.exe log, i saw that there was a "wareout" trojan. I downloaded Combofix, ran that; it found and fixed many things (bogus trojan drivers [gaopdx...] and whatever else), not to mention it wiped out my browser cache and most of my settings, which is ok, considering... After i ran that, i was finally able to run malwarebytes. It also found some stuff, and i removed them (also other trojans and malware cookies, autorun.inf, etc) . Was also able to finally run Spybot again, nothing was found with that, though. Also, the AVG updates work now again.

I think the problem is fixed; i am able to browse the web without embedded porn/viagra adverts, there are no browser redirects that i have encountered yet, google searches work like they should.

Would still like feedback to make sure it is all gone, if someone would please to look at some of my logs.

Just advise me which logs to post. I want to be certain that my pc is clean.

Thanks.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP