1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

HTTP Tideserv Request

Discussion in 'Virus & Other Malware Removal' started by chunkylover53, Apr 10, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. chunkylover53

    chunkylover53 Thread Starter

    Joined:
    Apr 10, 2010
    Messages:
    102
    Basically I get constant attacks (one per half min) on my computer from some random people in Hong Kong according to a whois check and IP checker. This also causes one of my processes svchost.exe to be very high in system usage avg around 60 percent when it hasnt before when I did'nt get attacked. I have installed various anti virus software and done scans in safe mode but to no avail. I have also restored my wireless router for all its worth as well. Sometimes my browser redirects traffic and since the attacks Google Chrome has stopped working even with reinstalling and complete deletions etc. Thank you in advance

    Below is the log file from HijackThis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:10:39, on 10/04/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    C:\WINDOWS\System32\ezSharedSvcHost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\TalkTalk\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\DOCUME~1\Janahan\LOCALS~1\Temp\clclean.0001
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\NetMeter\NetMeter.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
    C:\WINDOWS\msagent\AgentSvr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
    O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.1.0.32\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.1.0.32\IPSBHO.DLL
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.1.0.32\coIEPlg.dll
    O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
    O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe
    O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.mcafee.com
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} (LogMeIn Rescue Technician Console) - https://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
    O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
    O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} -
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138647720713
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://static.photobox.co.uk/sg/common/uploader_uni.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} (GoPets Control) - http://secure.gopetslive.com/dev/gopets.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15108/CTPID.cab
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - http://secure.gopetslive.com/dev/GoPetsWeb.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O23 - Service: McAfee Application Installer Cleanup (0106431238092849) (0106431238092849mcinstcleanup) - Unknown owner - C:\DOCUME~1\Janahan\LOCALS~1\Temp\010643~1.EXE (file missing)
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    O23 - Service: Easybits Services for Windows (ezSharedSvc) - Teknum Systems AS - C:\WINDOWS\System32\ezSharedSvcHost.exe
    O23 - Service: Google Update Service (gupdate1c98d3d7115abb0) (gupdate1c98d3d7115abb0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
    O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
    O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe

    --
    End of file - 14600 bytes


    Just to reiterate I want to stop the constant attacks on my PC and get it running as it used to.
    Thank you again.
     
  2. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Please download DDS from either of these links

    LINK 1
    LINK 2

    and save it to your desktop.
    • Disable any script blocking protection
    • Double click dds.pif to run the tool.
    • When done, two DDS.txt's will open.
    • Save both reports to your desktop.
    ---------------------------------------------------
    Please include the contents of the following in your next reply:

    DDS.txt
    Attach.txt.


    NEXT


    [​IMG]
    Download GMER Rootkit Scanner from here or here.
    • Extract the contents of the zipped file to desktop.
    • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

      [​IMG]
      Click the image to enlarge it
    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
    • Save it where you can easily find it, such as your desktop, and post it in your next reply.

    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
     
  3. chunkylover53

    chunkylover53 Thread Starter

    Joined:
    Apr 10, 2010
    Messages:
    102
    Hiya thanks for the quick reply
    So far I am able to do step 1 : DDS because I have tried the gmer program but every time is locks up. Therefore I have decided to attach the DDS files you require and will leave the PC running overnight specially for gmer and if it is successful I will upload the results in the morning as soon as possible.

    Here as per the instructions of the program is the DDS file:
    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Janahan at 16:33:22.76 on 11/04/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1694 [GMT 1:00]

    AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    ============== Running Processes ===============

    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    C:\WINDOWS\System32\ezSharedSvcHost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\TalkTalk\bin\sprtsvc.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\NetMeter\NetMeter.exe
    C:\DOCUME~1\Janahan\LOCALS~1\Temp\clclean.0001
    C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Documents and Settings\Janahan\My Documents\Downloads\dds.com

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://uk.yahoo.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = <local>;*.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    mWinlogon: Userinit=c:\windows\system32\userinit.exe
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
    BHO: Click-to-Call BHO: {5c255c8a-e604-49b4-9d64-90988571cecb} - c:\program files\windows live\messenger\wlchtc.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\4.1.0.32\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\4.1.0.32\IPSBHO.DLL
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\4.1.0.32\coIEPlg.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
    EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
    EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    uRun: [SetDefaultMIDI] MIDIDef.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [c:\program files\netmeter\netmeter.exe] c:\program files\netmeter\NetMeter.exe
    uRun: [Taskbar Shuffle] c:\program files\taskbar shuffle\taskbarshuffle.exe
    mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
    mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    dRunOnce: [RunNarrator] Narrator.exe
    mPolicies-system: HideFastUserSwitching = 0 (0x0)
    IE: &eBay Search - c:\program files\ebay\ebay toolbar2\eBayTb.dll/RCSearch.html
    IE: &Search
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    Trusted Zone: tvcatchup.com
    Trusted Zone: tvcatchup.com
    DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.euro.dell.com/systemprofiler/SysPro.CAB
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cab
    DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
    DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
    DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab
    DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA}
    DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab
    DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.systemrequirementslab.com/sysreqlab2.cab
    DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138647720713
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
    DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} - hxxp://www.systemrequirementslab.com/sysreqlab.cab
    DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} - hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} - hxxp://static.photobox.co.uk/sg/common/uploader_uni.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
    DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} - hxxp://secure.gopetslive.com/dev/gopets.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15108/CTPID.cab
    DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxp://secure.gopetslive.com/dev/GoPetsWeb.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\janahan\applic~1\mozilla\firefox\profiles\3n616apq.default\
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-4-6 64288]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0401000.020\symds.sys [2010-4-7 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0401000.020\symefa.sys [2010-4-7 172592]
    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-6 11608]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100324.001\BHDrvx86.sys [2010-3-30 536112]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0401000.020\cchpx86.sys [2010-4-7 501888]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0401000.020\ironx86.sys [2010-4-7 116784]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-6 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-6 267432]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-6 60936]
    R2 ezSharedSvc;Easybits Services for Windows;c:\windows\system32\ezSharedSvcHost.exe [2009-11-30 512696]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1265264]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 N360;Norton 360;c:\program files\norton 360\engine\4.1.0.32\ccsvchst.exe [2010-4-7 126392]
    R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\talktalk\bin\sprtsvc.exe [2007-10-12 202016]
    R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\common files\supportsoft\bin\tgsrvc.exe [2007-8-2 148768]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-8-30 102448]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100402.001\IDSXpx86.sys [2010-4-6 329592]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100410.020\NAVENG.SYS [2010-4-11 84912]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100410.020\NAVEX15.SYS [2010-4-11 1324720]
    S2 0106431238092849mcinstcleanup;McAfee Application Installer Cleanup (0106431238092849);c:\docume~1\janahan\locals~1\temp\010643~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\janahan\locals~1\temp\010643~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
    S2 gupdate1c98d3d7115abb0;Google Update Service (gupdate1c98d3d7115abb0);c:\program files\google\update\GoogleUpdate.exe [2009-2-12 133104]
    S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [2006-12-20 20608]
    S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [2010-2-27 219264]
    S3 cpuz130;cpuz130;\??\c:\docume~1\janahan\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\janahan\locals~1\temp\cpuz130\cpuz_x32.sys [?]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2010-1-21 17149]
    S3 dump_wmimmc;dump_wmimmc;\??\c:\windows\system32\drivers\dump_wmimmc.sys --> c:\windows\system32\drivers\dump_wmimmc.sys [?]
    S3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [2008-8-29 29696]
    S3 INQ1usbser;INQ1 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\INQ1usbser.sys [2009-4-29 103680]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
    S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2006-8-2 30464]
    S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2006-8-2 12672]
    S3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\drivers\stppp.sys [2006-8-2 32000]
    S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2010-1-21 384608]
    S3 ZD1211BU(MAYFLASH);WIFI LINK IEEE 802.11 b+g Wireless LAN Driver (USB)(MAYFLASH);c:\windows\system32\drivers\ZD1211BU.sys [2006-12-20 402432]

    =============== Created Last 30 ================

    2010-04-10 18:19:12 0 d-----w- c:\program files\TVCatchup Ltd
    2010-04-08 19:39:37 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2010-04-08 19:39:16 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2010-04-06 20:42:52 0 d-----w- c:\docume~1\janahan\applic~1\Avira
    2010-04-06 18:56:21 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-04-06 18:38:17 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-04-06 18:38:04 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-04-06 18:35:16 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    2010-04-06 18:22:25 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-04-06 18:22:23 0 d-----w- c:\program files\Avira
    2010-04-06 18:22:23 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
    2010-04-06 15:06:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
    2010-04-02 19:47:31 0 d-----w- c:\documents and settings\janahan\.jenny
    2010-03-20 14:05:22 1024 ----a-w- C:\.rnd
    2010-03-18 23:07:36 47408 ----a-r- c:\windows\system32\drivers\SymIM.sys

    ==================== Find3M ====================

    2010-03-29 23:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-29 23:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-21 21:04:04 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
    2010-03-21 21:04:04 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
    2010-03-21 21:04:04 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-03-21 21:04:04 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-02-25 10:54:36 11070976 ----a-w- c:\windows\system32\dllcache\ieframe.dll
    2010-02-24 09:54:25 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
    2010-02-12 10:03:03 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-01-25 11:58:06 462848 ----a-w- c:\windows\system32\ractrlkeyhook.dll
    2010-01-20 18:49:58 69361 ----a-w- c:\windows\Huawei ModemsUninstall.exe
    2006-01-21 21:40:28 251 -c----w- c:\program files\wt3d.ini
    2006-06-11 10:18:29 104 --sh--r- c:\windows\system32\C110D9D760.sys
    2006-06-11 10:18:33 5852 --sh--w- c:\windows\system32\KGyGaAvL.sys
    2008-10-23 15:44:46 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102320081024\index.dat

    ============= FINISH: 16:36:10.45 ===============

    I have attached the "attach" file produced by DDS as per the instructions on the program and will post gmer tommorow. Thank you a lot for your help :)
     

    Attached Files:

  4. chunkylover53

    chunkylover53 Thread Starter

    Joined:
    Apr 10, 2010
    Messages:
    102
    Sorry mate I have tried 8/9 times and every time its either locked up or come with the blue screen of death for the gmer program. Is there any other alternative?

    Thanks
     
  5. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Please run the following:


    Download ComboFix from one of the following locations:
    Link 1
    Link 2

    VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

    * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
    • Double click on ComboFix.exe & follow the prompts.
    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    • Click on Yes, to continue scanning for malware.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
     
  6. chunkylover53

    chunkylover53 Thread Starter

    Joined:
    Apr 10, 2010
    Messages:
    102
    Thanks for the quick reply, here is the combofix log:

    ComboFix 10-04-12.01 - Janahan 12/04/2010 23:03:10.3.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2307 [GMT 1:00]
    Running from: c:\documents and settings\Janahan\Desktop\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton 360 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\docume~1\Janahan\LOCALS~1\Temp\clclean.0001.dir.0000\~df394b.tmp
    c:\documents and settings\Janahan\Local Settings\temp\clclean.0001.dir.0000\~df394b.tmp
    c:\windows\Downloaded Program Files\x64
    c:\windows\Downloaded Program Files\x64\racodec.ax
    c:\windows\Downloaded Program Files\x86
    c:\windows\Downloaded Program Files\x86\racodec.ax
    c:\windows\ModemLog_INQ1 USB Modem .txt

    .
    ((((((((((((((((((((((((( Files Created from 2010-03-12 to 2010-04-12 )))))))))))))))))))))))))))))))
    .

    2010-04-12 17:50 . 2010-03-12 01:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100412.003\NAVENG.SYS
    2010-04-12 17:50 . 2010-03-12 01:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100412.003\NAVENG32.DLL
    2010-04-12 17:50 . 2010-03-12 01:00 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100412.003\NAVEX32A.DLL
    2010-04-12 17:50 . 2010-03-12 01:00 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100412.003\NAVEX15.SYS
    2010-04-12 17:50 . 2010-03-12 01:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100412.003\EECTRL.SYS
    2010-04-12 17:50 . 2010-03-12 01:00 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100412.003\ERASER.SYS
    2010-04-12 17:50 . 2010-03-12 01:00 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100412.003\CCERASER.DLL
    2010-04-12 17:50 . 2010-03-12 01:00 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20100412.003\ECMSVR32.DLL
    2010-04-10 18:19 . 2010-04-10 18:19 -------- d-----w- c:\program files\TVCatchup Ltd
    2010-04-10 12:37 . 2010-04-10 12:37 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
    2010-04-08 19:39 . 2001-08-17 21:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2010-04-08 19:39 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2010-04-08 11:45 . 2010-04-08 11:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-04-08 11:44 . 2010-04-08 11:44 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2010-04-07 13:34 . 2010-04-07 13:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-04-06 22:44 . 2010-04-06 22:44 -------- d-----w- c:\documents and settings\LocalService\Application Data\Avira
    2010-04-06 20:42 . 2010-04-06 20:42 -------- d-----w- c:\documents and settings\Janahan\Application Data\Avira
    2010-04-06 18:56 . 2010-04-06 18:37 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-04-06 18:38 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-04-06 18:38 . 2010-04-06 18:38 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2010-04-06 18:38 . 2010-04-06 18:38 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
    2010-04-06 18:38 . 2010-04-06 18:38 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
    2010-04-06 18:35 . 2010-04-06 18:35 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    2010-04-06 18:35 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
    2010-04-06 18:22 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-04-06 18:22 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-04-06 18:22 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-04-06 18:22 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-04-06 18:22 . 2010-04-06 18:22 -------- d-----w- c:\program files\Avira
    2010-04-06 18:22 . 2010-04-06 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2010-04-06 15:06 . 2010-04-06 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-04-06 14:57 . 2009-11-17 00:51 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100402.001\Scxpx86.dll
    2010-04-06 14:57 . 2009-11-17 00:51 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100402.001\IDSxpx86.dll
    2010-04-06 14:57 . 2009-11-17 00:51 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100402.001\IDSvix86.sys
    2010-04-06 14:57 . 2009-11-17 00:51 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100402.001\IDSviA64.sys
    2010-04-06 14:57 . 2009-11-17 00:51 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100402.001\IDSXpx86.sys
    2010-04-05 19:16 . 2010-04-05 19:16 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2010-04-05 10:32 . 2010-04-05 10:32 -------- d-----w- c:\documents and settings\Divyah\Tracing
    2010-04-02 19:47 . 2010-04-02 19:47 -------- d-----w- c:\documents and settings\Janahan\.jenny
    2010-03-30 16:09 . 2010-03-24 20:38 536112 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys
    2010-03-30 16:09 . 2010-03-24 20:38 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHRules.dll
    2010-03-30 16:09 . 2010-03-24 20:38 1407888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHEngine.dll
    2010-03-30 16:09 . 2010-03-24 20:38 678960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx64.sys
    2010-03-30 16:09 . 2010-03-24 20:38 611216 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\bbRGen.dll
    2010-03-29 15:01 . 2010-03-29 15:01 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
    2010-03-28 22:53 . 2010-03-28 22:53 -------- d-----w- c:\documents and settings\Janahan\Local Settings\Application Data\ABBYY
    2010-03-20 14:05 . 2010-03-20 14:05 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ICS
    2010-03-20 14:03 . 2010-03-20 14:03 -------- d-----w- c:\documents and settings\Janahan\Local Settings\Application Data\Deployment
    2010-03-18 23:07 . 2009-12-03 06:09 47408 ----a-r- c:\windows\system32\drivers\SymIM.sys
    2010-03-18 16:04 . 2010-03-18 16:04 79488 ----a-w- c:\documents and settings\Janahan\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2010-03-18 16:01 . 2010-03-25 23:29 786800 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
    2010-03-18 16:01 . 2009-11-17 00:51 164216 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-12 21:46 . 2009-05-07 16:57 -------- d-----w- c:\program files\Taskbar Shuffle
    2010-04-12 18:00 . 2009-12-24 02:52 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-04-10 18:30 . 2009-04-28 15:32 -------- d-----w- c:\program files\NortonInstaller
    2010-04-10 18:30 . 2009-03-26 18:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
    2010-04-10 14:46 . 2009-03-29 16:43 -------- d-----w- c:\program files\MediaMonkey
    2010-04-10 14:41 . 2009-11-27 18:51 -------- d-----w- c:\program files\AviSynth 2.5
    2010-04-10 14:36 . 2007-03-26 19:22 -------- d-----w- c:\program files\Lavasoft
    2010-04-07 18:09 . 2009-03-06 22:36 -------- d-----w- c:\program files\18 Wheels of Steel Haulin
    2010-04-06 22:15 . 2007-01-07 16:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-04-06 21:06 . 2007-03-25 15:58 -------- d-----w- c:\program files\SpywareBlaster
    2010-04-06 18:38 . 2010-04-06 18:37 885736 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
    2010-04-06 15:06 . 2007-07-14 09:43 -------- d-----w- c:\program files\Alwil Software
    2010-04-05 19:24 . 2009-09-04 21:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-04-03 12:17 . 2007-03-03 14:06 -------- d-----w- c:\documents and settings\Janahan\Application Data\SopCast
    2010-03-31 16:47 . 2006-05-28 22:16 -------- d-----w- c:\documents and settings\Janahan\Application Data\Apple Computer
    2010-03-29 23:46 . 2009-09-04 21:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-03-29 23:45 . 2009-09-04 21:36 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-03-29 19:19 . 2008-10-17 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2010-03-28 20:14 . 2008-10-04 12:08 -------- d-----w- c:\documents and settings\All Users\Application Data\OrbNetworks
    2010-03-21 21:04 . 2009-04-28 15:33 -------- d-----w- c:\program files\Symantec
    2010-03-21 21:04 . 2009-04-28 15:33 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
    2010-03-21 21:04 . 2009-04-28 15:33 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
    2010-03-21 21:04 . 2009-04-28 15:33 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-03-21 21:04 . 2009-04-28 15:33 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-03-09 16:21 . 2008-05-10 11:54 -------- d-----w- c:\program files\SpeedFan
    2010-03-04 23:27 . 2009-05-26 20:15 -------- d-----w- c:\documents and settings\Janahan\Application Data\LogMeIn Rescue
    2010-02-25 06:24 . 2005-08-16 04:18 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-14 23:26 . 2010-02-14 23:26 15849560 ----a-w- c:\documents and settings\Janahan\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airinstaller1x0\airinstaller1x0.exe
    2010-02-12 10:03 . 2010-02-25 16:27 293376 ------w- c:\windows\system32\browserchoice.exe
    2010-02-01 21:21 . 2010-02-01 21:21 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
    2010-01-25 11:58 . 2008-10-13 10:44 462848 ----a-w- c:\windows\system32\ractrlkeyhook.dll
    2010-01-23 17:54 . 2009-11-30 15:40 56 ---ha-w- c:\windows\system32\ezsidmv.dat
    2010-01-21 16:39 . 2010-01-21 16:39 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
    2010-01-20 18:49 . 2010-01-20 18:49 69361 ----a-w- c:\windows\Huawei ModemsUninstall.exe
    2006-01-21 21:40 . 2006-01-21 21:40 251 -c----w- c:\program files\wt3d.ini
    2006-06-11 10:18 . 2006-01-20 08:57 104 --sh--r- c:\windows\system32\C110D9D760.sys
    2006-06-11 10:18 . 2006-01-20 08:57 5852 --sh--w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SetDefaultMIDI"="MIDIDef.exe" [2004-12-22 24576]
    "c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264]
    "Taskbar Shuffle"="c:\program files\Taskbar Shuffle\taskbarshuffle.exe" [2008-04-17 818176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MBMon"="CTMBHA.DLL" [2005-05-19 1345520]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "HideFastUserSwitching"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ \0lsdelete

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MozyHome Status.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk
    backup=c:\windows\pss\MozyHome Status.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Janahan^Start Menu^Programs^Startup^Mozy Status.lnk]
    path=c:\documents and settings\Janahan\Start Menu\Programs\Startup\Mozy Status.lnk
    backup=c:\windows\pss\Mozy Status.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2008-01-11 21:16 39792 ------w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ContentTransferWMDetector.exe]
    2008-07-11 17:51 423200 ------w- c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
    2004-12-02 18:23 102400 ------w- c:\program files\Creative\MediaSource\Detector\CTDetect.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    2006-04-06 09:51 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-01-22 19:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    2007-09-20 08:51 1836328 ------w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-03-01 14:57 153136 ------w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-11-10 23:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2008-06-10 03:27 144784 ------w- c:\program files\Java\jre1.6.0_07\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TalkTalk]
    2007-10-12 07:33 202016 ------w- c:\program files\TalkTalk\bin\sprtcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
    2005-09-19 07:42 1159168 ------w- c:\program files\Creative\VoiceCenter\AndreaVC.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\WINDOWS\\system32\\rtcshare.exe"=
    "c:\\Program Files\\NetMeeting\\conf.exe"=
    "c:\\WINDOWS\\system32\\fxsclnt.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Documents and Settings\\Janahan\\Application Data\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=
    "c:\\Program Files\\Common Files\\Supportsoft\\bin\\tgsrvc.exe"=
    "c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=
    "c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=
    "c:\\Program Files\\iPod\\bin\\iPodService.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
    "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
    "c:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
    "c:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "12386:TCP"= 12386:TCP:*:Disabled:BitComet 12386 TCP
    "12386:UDP"= 12386:UDP:*:Disabled:BitComet 12386 UDP
    "3389:TCP"= 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [06/04/2010 19:38 64288]
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0401000.020\symds.sys [07/04/2010 00:32 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0401000.020\symefa.sys [07/04/2010 00:32 172592]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [30/03/2010 17:09 536112]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0401000.020\cchpx86.sys [07/04/2010 00:32 501888]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0401000.020\ironx86.sys [07/04/2010 00:32 116784]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [06/04/2010 19:22 135336]
    R2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [30/11/2009 16:38 512696]
    R2 N360;Norton 360;c:\program files\Norton 360\Engine\4.1.0.32\ccsvchst.exe [07/04/2010 00:30 126392]
    R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 08:33 202016]
    R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\Supportsoft\bin\tgsrvc.exe [02/08/2007 13:42 148768]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [30/08/2009 21:00 102448]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100402.001\IDSXpx86.sys [06/04/2010 15:57 329592]
    S2 0106431238092849mcinstcleanup;McAfee Application Installer Cleanup (0106431238092849);c:\docume~1\Janahan\LOCALS~1\Temp\010643~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\Janahan\LOCALS~1\Temp\010643~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
    S2 gupdate1c98d3d7115abb0;Google Update Service (gupdate1c98d3d7115abb0);c:\program files\Google\Update\GoogleUpdate.exe [12/02/2009 19:12 133104]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04/02/2010 16:52 1265264]
    S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\drivers\BTCamDrv.sys [27/02/2010 23:44 219264]
    S3 cpuz130;cpuz130;\??\c:\docume~1\Janahan\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Janahan\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [21/01/2010 17:39 17149]
    S3 dump_wmimmc;dump_wmimmc;\??\c:\windows\system32\drivers\dump_wmimmc.sys --> c:\windows\system32\drivers\dump_wmimmc.sys [?]
    S3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [29/08/2008 09:56 29696]
    S3 INQ1usbser;INQ1 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\INQ1usbser.sys [29/04/2009 18:37 103680]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [17/06/2009 13:20 12648]
    S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [02/08/2006 21:17 30464]
    S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [02/08/2006 21:17 12672]
    S3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\drivers\stppp.sys [02/08/2006 21:17 32000]
    S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [21/01/2010 17:39 384608]
    S3 ZD1211BU(MAYFLASH);WIFI LINK IEEE 802.11 b+g Wireless LAN Driver (USB)(MAYFLASH);c:\windows\system32\drivers\ZD1211BU.sys [20/12/2006 19:29 402432]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-04-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 18:37]

    2010-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 18:12]

    2010-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 18:12]

    2010-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-686171329-3316862781-2187220801-1007Core.job
    - c:\documents and settings\Divyah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-17 07:04]

    2010-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-686171329-3316862781-2187220801-1007UA.job
    - c:\documents and settings\Divyah\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-17 07:04]

    2009-08-03 c:\windows\Tasks\Microsoft_Hardware_Launch_IType_exe.job
    - c:\program files\Microsoft IntelliType Pro\itype.exe [2009-06-01 12:43]

    2010-04-05 c:\windows\Tasks\SmartDefrag.job
    - c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-08-22 08:22]

    2010-04-12 c:\windows\Tasks\User_Feed_Synchronization-{6C1EB989-A76E-4BA0-BBF1-EAE4A1B6D84B}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]

    2010-04-12 c:\windows\Tasks\User_Feed_Synchronization-{9C01F1A6-D4DE-472C-B16E-C4B6574C3850}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://uk.yahoo.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = <local>;*.local
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    Trusted Zone: internet
    Trusted Zone: mcafee.com
    Trusted Zone: tvcatchup.com
    Trusted Zone: tvcatchup.com
    DPF: {254AA86E-5655-4518-AA87-185D7CC41801} - hxxps://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cab
    DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA}
    DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} - hxxp://secure.gopetslive.com/dev/gopets.cab
    DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxp://secure.gopetslive.com/dev/GoPetsWeb.cab
    FF - ProfilePath - c:\documents and settings\Janahan\Application Data\Mozilla\Firefox\Profiles\3n616apq.default\
    FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
    FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file)
    MSConfigStartUp-Google Update - c:\documents and settings\Janahan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    MSConfigStartUp-McAfee Backup - c:\program files\McAfee\MBK\McAfeeDataBackup.exe
    MSConfigStartUp-OpwareSE2 - c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
    AddRemove-Rockstar Custom Tracks - c:\program files\Rockstar Custom Tracks\uninst.exe
    AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-04-12 23:17
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x8B02EAC8]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
    \Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
    \Driver\atapi -> atapi.sys @ 0xb9f11852
    IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
    \Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
    NDIS: -> SendCompleteHandler -> 0x0
    PacketIndicateHandler -> 0x0
    SendHandler -> 0x0
    user & kernel MBR OK

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\N360]
    "ImagePath"="\"c:\program files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.1.0.32\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-686171329-3316862781-2187220801-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9CEEB925-2C47-EB23-D82A-92BC71177E8F}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "iacfkncdmjgojkoopp"=hex:6a,61,67,6d,62,64,62,6a,61,63,6d,62,64,62,6b,6e,6d,6d,
    6a,67,00,02
    "hameennbkmjfhffp"=hex:6a,61,67,6d,62,64,62,6a,61,63,6d,62,64,62,6b,6e,6d,6d,
    6a,67,00,02
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(936)
    c:\windows\system32\WININET.dll

    - - - - - - - > 'lsass.exe'(996)
    c:\windows\system32\WININET.dll
    .
    Completion time: 2010-04-12 23:24:29
    ComboFix-quarantined-files.txt 2010-04-12 22:24
    ComboFix2.txt 2008-12-10 16:53
    ComboFix3.txt 2008-12-09 14:20

    Pre-Run: 4,614,365,184 bytes free
    Post-Run: 4,728,311,808 bytes free

    - - End Of File - - 8E445E0FEF7A385B503A6F2F3572CEA9
     
  7. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Please do the following:


    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under the Custom Scan box paste this in


      c:\windows\system32\drivers\*.sys /90

    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your next reply.
     
  8. chunkylover53

    chunkylover53 Thread Starter

    Joined:
    Apr 10, 2010
    Messages:
    102
    This is the 1st OTL Log File:
    OTL logfile created on: 13/04/2010 12:01:32 - Run 1
    OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Janahan\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 69.79 Gb Total Space | 4.43 Gb Free Space | 6.34% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    Drive F: | 465.76 Gb Total Space | 308.65 Gb Free Space | 66.27% Space Free | Partition Type: NTFS
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: WINDOWSXP
    Current User Name: Janahan
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Minimal
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Janahan\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    PRC - C:\Program Files\Norton 360\Engine\4.1.0.32\ccsvchst.exe (Symantec Corporation)
    PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
    PRC - C:\WINDOWS\system32\ezSharedSvcHost.exe (Teknum Systems AS)
    PRC - C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
    PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
    PRC - C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
    PRC - C:\Program Files\TalkTalk\bin\sprtsvc.exe (SupportSoft, Inc.)
    PRC - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe (SupportSoft, Inc.)
    PRC - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\Janahan\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\Program Files\Norton 360\Engine\4.1.0.32\asoehook.dll (Symantec Corporation)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll (Microsoft Corporation)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (0106431238092849mcinstcleanup) McAfee Application Installer Cleanup (0106431238092849) -- File not found
    SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
    SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
    SRV - (N360) -- C:\Program Files\Norton 360\Engine\4.1.0.32\ccSvcHst.exe (Symantec Corporation)
    SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
    SRV - (ezSharedSvc) -- C:\WINDOWS\system32\ezSharedSvcHost.exe (Teknum Systems AS)
    SRV - (MSSQL$MICROSOFTSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
    SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
    SRV - (sprtsvc_TalkTalk) SupportSoft Sprocket Service (TalkTalk) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe (SupportSoft, Inc.)
    SRV - (SupportSoft RemoteAssist) -- C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe (SupportSoft, Inc.)
    SRV - (tgsrvc_TalkTalk) SupportSoft Repair Service (TalkTalk) -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe (SupportSoft, Inc.)
    SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
    SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
    SRV - (Creative Labs Licensing Service) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe (Creative Labs)
    SRV - (SQLAgent$MICROSOFTSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://uk.search.yahoo.com/ [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
    IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
    FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6

    FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2010/03/18 17:01:22 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2010/03/18 17:01:36 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/06 18:57:35 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/06 18:57:19 | 000,000,000 | ---D | M]

    [2010/04/06 18:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\Mozilla\Extensions
    [2010/04/12 23:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\Mozilla\Firefox\Profiles\3n616apq.default\extensions
    [2010/04/06 22:01:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Janahan\Application Data\Mozilla\Firefox\Profiles\3n616apq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/04/10 18:55:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/04/01 17:56:49 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
    [2010/04/01 17:56:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
    [2010/04/01 17:56:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
    [2010/04/01 17:56:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2008/12/10 17:43:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Click-to-Call BHO) - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll (Microsoft Corporation)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.1.0.32\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.1.0.32\ipsbho.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.1.0.32\coieplg.dll (Symantec Corporation)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.1.0.32\coieplg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [MBMon] C:\WINDOWS\System32\CTMBHA.DLL ()
    O4 - HKCU..\Run: [C:\Program Files\NetMeter\NetMeter.exe] C:\Program Files\NetMeter\NetMeter.exe ()
    O4 - HKCU..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
    O4 - HKCU..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe (Jay Elaraj)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
    O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
    O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKLM\..Trusted Domains: tvcatchup.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
    O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
    O15 - HKCU\..Trusted Domains: tvcatchup.com ([]* in Trusted sites)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab (Checkers Class)
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.euro.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/E/3/9/E39C664F-A8E3-4F69-A109-1AE9849204EE/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class)
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} https://secure.logmeinrescue.com/US/TechConsole/x86/RescueControl.cab (LogMeIn Rescue Technician Console)
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab (Minesweeper Flags Class)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
    O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab (Symantec Script Runner Class)
    O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab ()
    O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} Reg Error: Key error. (Reg Error: Value error.)
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-GB/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (System Requirements Lab Class)
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138647720713 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab (MessengerStatsClient Class)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} http://www.systemrequirementslab.com/sysreqlab.cab (System Requirements Lab Class)
    O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} http://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab (IPSUploader4 Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
    O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} http://static.photobox.co.uk/sg/common/uploader_uni.cab (PB_Uploader Class)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
    O16 - DPF: {E85362EF-40D4-4E5D-BE07-D6B036CCA277} http://secure.gopetslive.com/dev/gopets.cab (GoPets Control)
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15108/CTPID.cab (Creative Software AutoUpdate Support Package)
    O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} http://secure.gopetslive.com/dev/GoPetsWeb.cab (GoPetsWeb Control)
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Janahan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Janahan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 14 Days ==========

    [2010/04/13 11:59:14 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Janahan\Desktop\OTL.exe
    [2010/04/10 19:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\TVCatchup Ltd
    [2010/04/10 13:35:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
    [2010/04/07 14:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2010/04/07 14:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/04/06 23:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Avira
    [2010/04/06 21:42:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janahan\Application Data\Avira
    [2010/04/06 19:38:17 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
    [2010/04/06 19:38:04 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/04/06 19:35:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    [2010/04/06 19:22:30 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2010/04/06 19:22:25 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2010/04/06 19:22:25 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2010/04/06 19:22:25 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
    [2010/04/06 19:22:25 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
    [2010/04/06 19:22:23 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2010/04/06 19:22:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
    [2010/04/06 18:57:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2010/04/06 16:06:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/04/06 16:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2010/04/06 12:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2010/04/05 19:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/04/02 20:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Janahan\.jenny
    [2010/03/29 16:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
    [2010/03/20 15:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\ICS
    [2010/01/08 21:29:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
    [2009/09/12 15:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Downloaded Installations
    [2009/03/16 19:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
    [2009/02/17 10:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
    [2009/02/12 19:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
    [2008/05/23 20:06:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
    [2008/04/28 19:56:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
    [2008/04/28 19:56:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
    [2008/04/19 11:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
    [2007/05/03 17:52:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
    [2006/01/24 22:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
    [2006/01/20 16:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2004/11/24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
    [4 C:\Documents and Settings\Janahan\My Documents\*.tmp files -> C:\Documents and Settings\Janahan\My Documents\*.tmp -> ]
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 14 Days ==========

    [2010/04/13 12:05:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9C01F1A6-D4DE-472C-B16E-C4B6574C3850}.job
    [2010/04/13 11:59:15 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Janahan\Desktop\OTL.exe
    [2010/04/13 11:26:03 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/04/13 11:17:00 | 000,000,980 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-686171329-3316862781-2187220801-1007UA.job
    [2010/04/13 06:52:21 | 000,666,230 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0401000.020\Cat.DB
    [2010/04/13 06:43:59 | 000,000,396 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6C1EB989-A76E-4BA0-BBF1-EAE4A1B6D84B}.job
    [2010/04/12 23:24:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/04/12 23:18:21 | 000,000,243 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/04/12 22:54:32 | 003,912,873 | R--- | M] () -- C:\Documents and Settings\Janahan\Desktop\ComboFix.exe
    [2010/04/12 22:53:55 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2010/04/12 22:47:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/04/12 22:44:38 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/04/12 22:43:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/04/12 22:43:56 | 3219,279,872 | -HS- | M] () -- C:\hiberfil.sys
    [2010/04/12 22:42:24 | 013,107,200 | ---- | M] () -- C:\Documents and Settings\Janahan\NTUSER.DAT
    [2010/04/12 22:42:24 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Janahan\ntuser.ini
    [2010/04/12 22:42:04 | 005,824,656 | -H-- | M] () -- C:\Documents and Settings\Janahan\Local Settings\Application Data\IconCache.db
    [2010/04/12 19:00:56 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/04/12 15:17:05 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-686171329-3316862781-2187220801-1007Core.job
    [2010/04/07 19:14:38 | 000,001,900 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
    [2010/04/06 19:38:01 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2010/04/06 19:37:59 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
    [2010/04/06 19:35:15 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
    [2010/04/06 19:22:53 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2010/04/06 19:03:32 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/04/06 18:57:25 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/03/31 19:11:21 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/03/31 00:40:15 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Janahan\Desktop\Microsoft Office Publisher 2003.lnk
    [2010/03/31 00:31:58 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Janahan\Desktop\Microsoft Office Excel 2003.lnk
    [4 C:\Documents and Settings\Janahan\My Documents\*.tmp files -> C:\Documents and Settings\Janahan\My Documents\*.tmp -> ]
    [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/04/12 22:58:37 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/04/12 22:58:36 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/04/12 22:54:20 | 003,912,873 | R--- | C] () -- C:\Documents and Settings\Janahan\Desktop\ComboFix.exe
    [2010/04/12 22:43:56 | 3219,279,872 | -HS- | C] () -- C:\hiberfil.sys
    [2010/04/06 19:56:21 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
    [2010/04/06 19:39:38 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
    [2010/04/06 19:35:15 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
    [2010/04/06 19:22:53 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2010/04/06 18:57:25 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/02/25 17:45:19 | 000,000,632 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
    [2010/01/20 19:51:23 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\mdvrmng.sys
    [2009/12/10 21:16:28 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/11/27 19:53:19 | 000,000,555 | ---- | C] () -- C:\Documents and Settings\Janahan\Application Data\AutoGK.ini
    [2009/06/04 18:23:03 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2009/05/28 20:18:34 | 000,002,807 | ---- | C] () -- C:\Documents and Settings\Janahan\.recently-used.xbel
    [2009/05/07 21:49:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Janahan\GPInstall.log
    [2009/04/29 21:54:48 | 000,000,023 | ---- | C] () -- C:\WINDOWS\System32\PCSuiteConfigFile.ini
    [2009/04/29 21:54:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\PCSuiteShareFile.ini
    [2009/04/29 21:54:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\PCSuiteParamFile.ini
    [2009/03/01 15:20:08 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
    [2009/02/21 08:25:20 | 000,691,592 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
    [2009/02/14 20:40:46 | 000,001,228 | ---- | C] () -- C:\Documents and Settings\Janahan\Local Settings\Application Data\FASTWiz.html
    [2009/02/14 20:13:13 | 000,151,150 | ---- | C] () -- C:\Documents and Settings\Janahan\Local Settings\Application Data\FASTWiz.log
    [2009/01/25 22:10:48 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009/01/09 00:01:22 | 000,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2008/12/19 16:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
    [2008/12/17 18:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
    [2008/12/17 18:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
    [2008/12/17 18:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2008/12/17 18:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
    [2008/12/17 17:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
    [2008/12/15 19:00:14 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\Janahan\Sean Heslops departure.doc
    [2008/12/11 12:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
    [2008/10/13 11:44:54 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
    [2008/08/29 11:24:33 | 000,000,750 | ---- | C] () -- C:\WINDOWS\{D084B1A9-153B-409D-AEBF-C40FCEF925EA}_WiseFW.ini
    [2008/08/29 09:56:51 | 000,019,302 | ---- | C] () -- C:\WINDOWS\wwdslcfg.ini
    [2008/08/09 13:52:35 | 000,008,192 | -HS- | C] () -- C:\Documents and Settings\Janahan\Thumbs.db
    [2008/07/10 21:02:36 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Janahan\jagex_runescape_preferences.dat
    [2008/07/03 10:53:22 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\UKCpInfo.sys
    [2008/06/04 15:23:53 | 000,000,029 | ---- | C] () -- C:\WINDOWS\ae2kinst.ini
    [2008/06/04 15:23:39 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
    [2008/03/14 22:54:42 | 000,061,224 | ---- | C] () -- C:\Documents and Settings\Janahan\GoToAssistDownloadHelper.exe
    [2008/03/04 19:52:34 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
    [2007/10/31 10:39:54 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
    [2007/07/30 13:16:02 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
    [2007/05/17 14:58:10 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
    [2007/03/15 21:00:41 | 000,007,424 | ---- | C] () -- C:\WINDOWS\System32\drivers\SIODRV.SYS
    [2007/03/10 20:18:15 | 000,002,822 | ---- | C] () -- C:\Documents and Settings\Janahan\Gens.cfg
    [2007/03/10 20:17:14 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\Janahan\language.dat
    [2007/02/05 22:03:19 | 000,000,084 | ---- | C] () -- C:\WINDOWS\disney.ini
    [2007/01/08 18:23:35 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Janahan\default.pls
    [2007/01/07 23:05:04 | 000,000,182 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
    [2007/01/07 17:24:21 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv9869p3now.sys
    [2007/01/07 16:58:27 | 000,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv208325p1now.sys
    [2007/01/06 15:01:17 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
    [2007/01/06 15:01:17 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
    [2006/12/20 19:29:20 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
    [2006/12/20 19:29:20 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
    [2006/09/24 15:51:16 | 000,000,209 | ---- | C] () -- C:\Documents and Settings\Janahan\Application Data\BonsaiErrorLog.txt
    [2006/09/14 20:27:28 | 000,007,763 | R--- | C] () -- C:\WINDOWS\AmvPlayer.ini
    [2006/09/14 20:27:27 | 000,008,802 | R--- | C] () -- C:\WINDOWS\AmvTransform.ini
    [2006/09/14 20:27:27 | 000,007,207 | R--- | C] () -- C:\WINDOWS\Disktool.INI
    [2006/09/14 20:27:27 | 000,006,565 | R--- | C] () -- C:\WINDOWS\fwupgrade.ini
    [2006/09/14 20:27:27 | 000,003,677 | R--- | C] () -- C:\WINDOWS\SoundCon.INI
    [2006/05/28 23:17:08 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2006/05/16 19:32:42 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2006/05/05 10:17:18 | 000,005,606 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
    [2006/03/21 19:46:31 | 000,103,424 | ---- | C] () -- C:\Documents and Settings\Janahan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/02/08 18:28:25 | 000,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
    [2006/01/28 21:26:29 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\Janahan\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
    [2006/01/22 14:51:29 | 000,000,015 | ---- | C] () -- C:\WINDOWS\qtw.ini
    [2006/01/21 22:40:28 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
    [2006/01/21 22:08:16 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
    [2006/01/20 23:16:35 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6f.DLL
    [2006/01/20 17:04:08 | 004,194,441 | ---- | C] () -- C:\Documents and Settings\Janahan\Application Data\sdi.db
    [2006/01/20 09:57:26 | 000,005,852 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
    [2006/01/20 09:57:26 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\C110D9D760.sys
    [2006/01/19 22:09:43 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Janahan\Local Settings\Application Data\fusioncache.dat
    [2006/01/19 22:09:42 | 013,107,200 | ---- | C] () -- C:\Documents and Settings\Janahan\NTUSER.DAT
    [2006/01/19 22:09:42 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Janahan\ntuser.dat.LOG
    [2006/01/19 22:09:42 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Janahan\ntuser.ini
    [2006/01/19 22:09:21 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
    [2006/01/19 22:09:21 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
    [2006/01/17 12:13:10 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/01/17 12:03:27 | 000,000,605 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/01/17 12:02:11 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/01/17 11:57:41 | 000,005,811 | R--- | C] () -- C:\WINDOWS\System32\CTSBMB.INI
    [2006/01/17 11:34:34 | 000,004,969 | ---- | C] () -- C:\WINDOWS\System32\Sigfilt.ini
    [2006/01/17 11:34:34 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2006/01/17 11:34:18 | 001,345,520 | ---- | C] () -- C:\WINDOWS\System32\CTMBHA.DLL
    [2006/01/17 11:33:32 | 000,000,402 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/08/16 05:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2005/05/29 02:45:43 | 000,647,168 | ---- | C] () -- C:\WINDOWS\System32\pqdvdb.dll
    [2005/04/27 13:40:30 | 000,002,572 | ---- | C] () -- C:\WINDOWS\WINDVDBOOTRECDOE.sys
    [2005/04/09 18:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/10/03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/10/15 23:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

    ========== LOP Check ==========

    [2009/08/07 21:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
    [2010/04/06 16:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2007/10/11 19:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
    [2008/04/28 19:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
    [2010/01/20 22:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Birdstep Technology
    [2010/01/30 21:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
    [2007/12/31 14:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
    [2010/01/06 14:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Chat Republic Games
    [2009/07/26 22:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX
    [2005/08/16 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
    [2009/09/05 15:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
    [2007/02/09 20:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
    [2008/06/29 13:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
    [2008/10/28 16:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    [2009/04/18 21:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MillieSoft
    [2006/03/20 20:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
    [2009/05/17 16:54:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
    [2010/03/28 21:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OrbNetworks
    [2006/01/21 10:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
    [2006/11/02 21:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
    [2008/06/15 17:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
    [2008/12/21 18:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
    [2008/08/22 16:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2010/04/06 23:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/04/06 19:35:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
    [2009/10/27 23:25:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/09/12 15:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
    [2009/07/10 19:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2009/08/07 21:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\Acronis
    [2008/04/09 18:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\AutoTransfer
    [2008/04/28 18:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\AVG7
    [2008/08/13 19:56:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\Birdstep Technology
    [2006/12/29 21:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\BitTorrent
    [2010/01/30 21:47:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\blg
    [2009/04/08 13:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\Bump Technologies, Inc
    [2007/07/15 18:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\Canon
    [2009/05/31 15:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\CoCreate
    [2009/10/11 23:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\EPSON
    [2006/10/20 10:58:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\eurotalk
    [2009/04/07 19:34:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\Foxit
    [2009/04/21 18:57:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\GreenPrint
    [2009/05/06 22:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\gtk-2.0
    [2009/04/09 22:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\IObit
    [2006/01/20 12:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\Leadertech
    [2008/12/13 15:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\LimeWire
    [2010/03/05 00:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\LogMeIn Rescue
    [2006/12/09 22:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\MatchWare
    [2009/08/27 18:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\MSNInstaller
    [2009/05/17 16:53:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\NCH Swift Sound
    [2009/09/04 17:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\Opera
    [2006/01/21 10:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\Otto
    [2006/11/02 21:44:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\PlayFirst
    [2007/11/03 10:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\Softplicity
    [2009/05/25 11:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\Sony
    [2009/10/28 23:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\SystemRequirementsLab
    [2007/02/10 12:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\temp
    [2008/10/13 12:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\uTorrent
    [2008/08/12 09:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\Viewpoint
    [2006/11/09 22:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\WholeSecurity
    [2009/11/30 17:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Janahan\Application Data\_MDLogs
    [2010/04/12 22:53:55 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
    [2010/04/13 06:43:59 | 000,000,396 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6C1EB989-A76E-4BA0-BBF1-EAE4A1B6D84B}.job
    [2010/04/13 12:05:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{9C01F1A6-D4DE-472C-B16E-C4B6574C3850}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < c:\windows\system32\drivers\*.sys /90 >
    [2010/01/21 17:39:42 | 000,021,275 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys
    [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntflt.sys
    [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys
    [2010/02/04 16:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\drivers\Lbd.sys
    [2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
    [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    [2010/04/06 19:38:01 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\system32\drivers\SBREDrv.sys
    [2010/03/21 22:04:04 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 236 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F67AAFC5
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3B71D0B4
    < End of report >

    Extras report following....
     
  9. chunkylover53

    chunkylover53 Thread Starter

    Joined:
    Apr 10, 2010
    Messages:
    102
    This is the extras report :

    OTL Extras logfile created on: 13/04/2010 12:01:32 - Run 1
    OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Janahan\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 69.79 Gb Total Space | 4.43 Gb Free Space | 6.34% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    Drive F: | 465.76 Gb Total Space | 308.65 Gb Free Space | 66.27% Space Free | Partition Type: NTFS
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: WINDOWSXP
    Current User Name: Janahan
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 14 Days
    Output = Minimal
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "3389:TCP" = 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "12386:TCP" = 12386:TCP:*:Disabled:BitComet 12386 TCP
    "12386:UDP" = 12386:UDP:*:Disabled:BitComet 12386 UDP
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "3389:TCP" = 3389:TCP:*:Disabled:mad:xpsp2res.dll,-22009

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc)
    "C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation)
    "C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
    "C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
    "C:\Documents and Settings\Janahan\Application Data\SopCast\adv\SopAdver.exe" = C:\Documents and Settings\Janahan\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- (America Online, Inc)
    "C:\Program Files\TalkTalk\agent\bin\bcont.exe" = C:\Program Files\TalkTalk\agent\bin\bcont.exe:*:Enabled:bcont.exe -- (SupportSoft, Inc.)
    "C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe" = C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe:*:Enabled:tgsrvc.exe -- (SupportSoft, Inc.)
    "C:\Program Files\TalkTalk\agent\bin\bcont_nm.exe" = C:\Program Files\TalkTalk\agent\bin\bcont_nm.exe:*:Enabled:bcont_nm.exe -- (SupportSoft, Inc.)
    "C:\Program Files\TalkTalk\bin\sprtcmd.exe" = C:\Program Files\TalkTalk\bin\sprtcmd.exe:*:Enabled:sprtcmd.exe -- (SupportSoft, Inc.)
    "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
    "C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
    "C:\Program Files\Orb Networks\Orb\bin\Orb.exe" = C:\Program Files\Orb Networks\Orb\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.)
    "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" = C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks)
    "C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe" = C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks)
    "C:\Program Files\Orb Networks\Orb\bin\xmltv.exe" = C:\Program Files\Orb Networks\Orb\bin\xmltv.exe:*:Enabled:OrbTVGuide -- ()
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe" = C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
    "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{141048B3-B8BB-11D3-9411-0000F87E1467}" = PTC ProDESKTOP 2000i2
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1A103D70-5C9B-4E1A-B306-5106C68F9914}" = Microsoft Plus! Dancer LE
    "{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
    "{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{328687A2-2504-49FA-AE3E-08B0DEDB51EC}" = MSRedist
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
    "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{4513F51E-3D1B-4791-B652-4C8B263ACD07}" = Samsung PC Studio 2.0 PIM & File Manager
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
    "{582E9125-32B6-4CBA-AB48-3E33CE3DB389}" = NETGEAR RangeMax(TM) Wireless USB 2.0 Adapter WPN111
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
    "{65F6D129-8EB6-4DC1-A5C0-E5EB1C6755AB}" = INQ1 Modem
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.9
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
    "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel(R) PROSet for Wired Connections
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8D2AE3F6-79DF-423C-91CB-389F6FB5837B}" = Andrea VoiceCenter
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
    "{94A065E8-455D-41C1-AF1F-F0C1AF8F50F3}" = Microsoft IntelliType Pro 7.0
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
    "{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
    "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
    "{99E16265-E162-43E7-B3C5-D28640E23AE9}" = PSP ISO Shrink
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A899DA1F-D626-401C-8651-F2921E3B4CB3}" = 3Connect
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
    "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
    "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B944FA21-81AF-4A77-8328-CE4F4CC51033}" = Nero 8 Demo
    "{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
    "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C9E9625A-47B5-4DED-A851-B394B51279FA}" = MatchWare OpenMind 2.0 Demo
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
    "{D084B1A9-153B-409D-AEBF-C40FCEF925EA}" = TalkTalk Assist & Go
    "{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
    "{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = SpeedTouch USB Software
    "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
    "{DA2D4D11-1811-4A24-B719-BF9F048C6106}" = Windows XP Creativity Fun Packs - Windows Movie Maker 2
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E80BB1C5-0BD7-4FEB-9C98-976BFC808552}" = ConnectGoV5UpdateVer2
    "{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio USB Driver Installer
    "{ECE2CA88-0A90-4D2B-A2CA-7BA8F2D34268}" = TVCatchup MCE Plugin
    "{EF87DAE1-6E6D-4255-9D01-9D2EEC9817FC}" = Mi Digi World PC Link
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
    "18 Wheels of Steel: Haulin'" = 18 Wheels of Steel: Haulin' (remove only)
    "3448AA55E35CFBCE2DBCEED25E4046660049CDBD" = Windows Driver Package - Amoi Incorporated (INQ1usbser) Ports (01/01/2007 2.0.5.0)
    "75F6C4F084A18C2A71179397570DD3BE34BA2679" = Windows Driver Package - Amoi Incorporated (INQ1usbser) Modem (01/01/2007 2.0.5.0)
    "7-Zip" = 7-Zip 4.57
    "Ad-Aware" = Ad-Aware
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11
    "All ATI Software" = ATI - Software Uninstall Utility
    "ATI Display Driver" = ATI Display Driver
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
    "BFGC" = Big Fish Games: Game Manager
    "BFG-Spa Mania" = Spa Mania
    "Bus Driver" = Bus Driver 1.0
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
    "DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "Easy-WebPrint" = Easy-WebPrint
    "EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
    "Encyclopaedia Britannica 2007 Ultimate Reference Suite" = Encyclopaedia Britannica 2007 Ultimate Reference Suite
    "EPSON Scanner" = EPSON Scan
    "EPSON Stylus SX200_SX400_TX200_TX400 User&#8217;s Guide" = EPSON Stylus SX200_SX400_TX200_TX400 Manual
    "EPSON Stylus SX400 Series" = EPSON Stylus SX400 Series Printer Uninstall
    "ESPNMotion" = ESPNMotion
    "ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
    "Foxit Reader" = Foxit Reader
    "HijackThis" = HijackThis 2.0.2
    "Huawei Modems" = Huawei Modems
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "Key Stage Maths Invaders V1.0_is1" = Key Stage Maths Invaders V1.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Messenger Plus! Live" = Messenger Plus! Live
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Monopoly Junior" = Monopoly Junior
    "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MT882" = MT882
    "N360" = Norton 360
    "NetMeter_is1" = NetMeter 1.1.3
    "Network Stumbler" = Network Stumbler 0.4.0 (remove only)
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Orb" = Orb
    "PE Builder_is1" = PE Builder 3.1.10a
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "PSP Grader" = PSP Grader v006 - Lite
    "PSP Video 9" = PSP Video 9 2.25
    "SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
    "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
    "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
    "Secunia PSI" = Secunia PSI
    "Shockwave" = Shockwave
    "Smart Defrag_is1" = Smart Defrag 1.20
    "SopCast" = SopCast 1.1.2
    "SopCore" = SopCore 1.0.1
    "Sound Blaster Audigy ADVANCED MB Product Registration" = Sound Blaster Audigy ADVANCED MB Product Registration
    "SpeedFan" = SpeedFan (remove only)
    "SpywareBlaster_is1" = SpywareBlaster 4.2
    "StreetPlugin" = Learn2 Player (Uninstall Only)
    "SystemRequirementsLab" = System Requirements Lab
    "TagScanner_is1" = TagScanner 5.1 build 555
    "Taskbar Shuffle_is1" = Taskbar Shuffle version 2.5
    "VobSub" = VobSub v2.23 (Remove Only)
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Wii Video 9" = Wii Video 9 2.25
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XP Codec Pack" = XP Codec Pack
    "XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
    "Yahoo! Widget Engine" = Yahoo! Widgets

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/04/2010 12:57:09 | Computer Name = WINDOWSXP | Source = ESENT | ID = 455
    Description = wuaueng.dll (3064) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
    occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

    Error - 12/04/2010 12:58:38 | Computer Name = WINDOWSXP | Source = ESENT | ID = 489
    Description = wuauclt (2060) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
    for read only access failed with system error 32 (0x00000020): "The process cannot
    access the file because it is being used by another process. ". The open file
    operation will fail with error -1032 (0xfffffbf8).

    Error - 12/04/2010 12:58:38 | Computer Name = WINDOWSXP | Source = ESENT | ID = 455
    Description = wuaueng.dll (2060) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
    occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

    Error - 12/04/2010 12:58:49 | Computer Name = WINDOWSXP | Source = ESENT | ID = 489
    Description = wuauclt (2060) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
    for read only access failed with system error 32 (0x00000020): "The process cannot
    access the file because it is being used by another process. ". The open file
    operation will fail with error -1032 (0xfffffbf8).

    Error - 12/04/2010 12:58:49 | Computer Name = WINDOWSXP | Source = ESENT | ID = 455
    Description = wuaueng.dll (2060) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
    occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

    Error - 12/04/2010 13:00:08 | Computer Name = WINDOWSXP | Source = ESENT | ID = 489
    Description = wuauclt (1692) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
    for read only access failed with system error 32 (0x00000020): "The process cannot
    access the file because it is being used by another process. ". The open file
    operation will fail with error -1032 (0xfffffbf8).

    Error - 12/04/2010 13:00:08 | Computer Name = WINDOWSXP | Source = ESENT | ID = 455
    Description = wuaueng.dll (1692) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
    occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

    Error - 12/04/2010 13:00:19 | Computer Name = WINDOWSXP | Source = ESENT | ID = 489
    Description = wuauclt (1692) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
    for read only access failed with system error 32 (0x00000020): "The process cannot
    access the file because it is being used by another process. ". The open file
    operation will fail with error -1032 (0xfffffbf8).

    Error - 12/04/2010 13:00:19 | Computer Name = WINDOWSXP | Source = ESENT | ID = 455
    Description = wuaueng.dll (1692) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
    occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

    Error - 12/04/2010 17:49:45 | Computer Name = WINDOWSXP | Source = VSS | ID = 5013
    Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
    called routine OpenNtmsSessionW which failed with status 0x80070422 (converted
    to 0x800423f4).

    [ OSession Events ]
    Error - 19/05/2007 09:37:07 | Computer Name = WINDOWSXP | Source = Microsoft Office 12 Sessions | ID = 7001
    Description =

    [ System Events ]
    Error - 12/04/2010 15:43:29 | Computer Name = WINDOWSXP | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 12/04/2010 17:42:22 | Computer Name = WINDOWSXP | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 12/04/2010 17:46:33 | Computer Name = WINDOWSXP | Source = DCOM | ID = 10005
    Description = DCOM got error "%1053" attempting to start the service COMSysApp with
    arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}

    Error - 12/04/2010 17:46:49 | Computer Name = WINDOWSXP | Source = Service Control Manager | ID = 7000
    Description = The npkcrypt service failed to start due to the following error: %%2

    Error - 12/04/2010 17:46:49 | Computer Name = WINDOWSXP | Source = Service Control Manager | ID = 7000
    Description = The SIODRV service failed to start due to the following error: %%2001

    Error - 12/04/2010 17:46:49 | Computer Name = WINDOWSXP | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the COM+ System Application
    service to connect.

    Error - 12/04/2010 17:46:49 | Computer Name = WINDOWSXP | Source = Service Control Manager | ID = 7000
    Description = The COM+ System Application service failed to start due to the following
    error: %%1053

    Error - 12/04/2010 17:49:39 | Computer Name = WINDOWSXP | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service ntmssvc with
    arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}

    Error - 12/04/2010 17:56:58 | Computer Name = WINDOWSXP | Source = Service Control Manager | ID = 7031
    Description = The Apple Mobile Device service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
    Restart the service.

    Error - 12/04/2010 17:57:01 | Computer Name = WINDOWSXP | Source = Service Control Manager | ID = 7034
    Description = The Creative Labs Licensing Service service terminated unexpectedly.
    It has done this 1 time(s).


    < End of report >


    Thank you in advance
     
  10. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    You still have a rootkit infected driver on your system,

    now that some of the malware has been removed, I'd like you to retry GMER to properly identify the infected driver.

    please uncheck beside IAT/EAT, files and show all.

    try it in safe mode if it continues to crash.

    Try and save the initial scan that GMER runs, or note the driver name in the window for anything that says "suspicious modification"
     
  11. chunkylover53

    chunkylover53 Thread Starter

    Joined:
    Apr 10, 2010
    Messages:
    102
    hi thanks for the swift reply, I will try and get something posted asap. THanks in advance
     
  12. chunkylover53

    chunkylover53 Thread Starter

    Joined:
    Apr 10, 2010
    Messages:
    102
    Hi, below is the GMER file which ran well in safe mode completing first time:

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-04-14 13:49:03
    Windows 5.1.2600 Service Pack 3
    Running: gmer.exe; Driver: C:\DOCUME~1\Janahan\LOCALS~1\Temp\uwlyypog.sys


    ---- System - GMER 1.0.15 ----

    SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF764787E]
    SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7647BFE]

    ---- Kernel code sections - GMER 1.0.15 ----

    ? SYMDS.SYS The system cannot find the file specified. !
    ? SYMEFA.SYS The system cannot find the file specified. !
    .rsrc C:\WINDOWS\system32\DRIVERS\redbook.sys entry point in ".rsrc" section [0xF76A2F94]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\svchost.exe[676] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0099000A
    .text C:\WINDOWS\system32\svchost.exe[676] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009A000A
    .text C:\WINDOWS\system32\svchost.exe[676] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0098000C
    .text C:\WINDOWS\Explorer.EXE[1112] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B6000A
    .text C:\WINDOWS\Explorer.EXE[1112] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C0000A
    .text C:\WINDOWS\Explorer.EXE[1112] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B5000C

    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device B9BBED20

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device -> \Driver\atapi \Device\Harddisk0\DR0 8AF80AC8

    ---- Registry - GMER 1.0.15 ----

    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9CEEB925-2C47-EB23-D82A-92BC71177E8F}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9CEEB925-2C47-EB23-D82A-92BC71177E8F}@iacfkncdmjgojkoopp 0x6A 0x61 0x67 0x6D ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9CEEB925-2C47-EB23-D82A-92BC71177E8F}@hameennbkmjfhffp 0x6A 0x61 0x67 0x6D ...

    ---- Files - GMER 1.0.15 ----

    File C:\WINDOWS\system32\DRIVERS\redbook.sys suspicious modification
    File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

    ---- EOF - GMER 1.0.15 ----


    Thanks in advance
     
  13. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Please do the following;

    Very Important! - Delete the copy of ComboFix that you have on your desktop and download a fresh copy


    Link 1

    Now do the following:

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
    • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    Copy/paste the text inside the Codebox below into notepad:

    Here's how to do that:
    Click Start > Run type Notepad click OK.
    This will open an empty notepad file:

    Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

    Code:
    TDL::
    C:\WINDOWS\system32\DRIVERS\redbook.sys 
    
    Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

    Save this file to your desktop, Save this as "CFScript"

    Here's how to do that:

    1.Click File;
    2.Click Save As... Change the directory to your desktop;
    3.Change the Save as type to "All Files";
    4.Type in the file name: CFScript
    5.Click Save ...

    [​IMG]

    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you.
    • Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
     
  14. chunkylover53

    chunkylover53 Thread Starter

    Joined:
    Apr 10, 2010
    Messages:
    102
    Well basically I ran the exact instructions which resulted in 2 restarts after the combofix program said a rootkit was detected. Then after it had probably been cleaned it said not to open any programs while it was preparing a log report. I left it on overnight but when I checked on it in the morning there was a error box stating that the registry editor was unavailable due to disk removal etc. Thus the combofix program never prepared a log file. Shall I attach another log report from combofix or use other programs?

    Thank you in advance

    EDIT : I still have 9 svchost.exe processes running
     
  15. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    svchost.exe is a generic process used by other legit programs too, I have seven running at the moment, so that in itself, is not a concern.

    How is the computer behaving:

    Please look in C:\combofix.txt and see if a log was generated.


    If not, run combofix again, without the script this time, and wait till a log is generated.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/916013

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice