Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google/Firefox Search Redirects


  • Please log in to reply
15 replies to this topic

#1 AprilK

AprilK

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 01 November 2010 - 06:21 AM

Sometimes when I do a search on Google with Firefox it redirects me to another website.

It first happened a number of months ago and I found that Malwarebytes couldn't find it. So I downloaded and installed Microsoft Security Essentials (MSE). I was then able to get rid of the virus with MSE.

A few weeks ago I then got a nasty virus that pretended to be MSE and told me it couldn't clean up the virus and that I should download some other AV. So I did that and realized it was just a virus.

So I had to download and run SUPERAntiSpyware. That dealt with the problem.

However now I'm still having problems with the Google/Firefox redirects. It doesn't happen all the time but to test it I searched for "payday loan" clicked on "www.badcreditgoodsolutions.co.uk/payday-loans.asp" and got sent to "paydaybank.co.uk"

As far as I can tell the problem doesn't happen when using Internet Explorer.

I have tried a number of times to run GMER however it freezes at some point before, during or after the scan so I can't post the results here.

Thanks in advance!
April

DDS (Ver_10-10-21.02) - NTFSx86
Run by April at 15:42:40.54 on 29/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.204 [GMT 1:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TalkTalkSupportCentre\bin\sprtsvc.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TalkTalkSupportCentre\bin\tgsrvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\April\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.mytalktalk.co.uk/
uSearch Page = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
uSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: H - No File
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [ShowLOMControl] 1 (0x1)
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall
mRun: [DSLSTATEXE] c:\program files\d-link\dsl-200\dslstat.exe icon
mRun: [DSLAGENTEXE] c:\program files\d-link\dsl-200\dslagent.exe
mRun: [TalkTalkDA] "c:\program files\talktalksupportcentre\bin\sprtcmd.exe" /P TalkTalkDA
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\progra~1\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?LinkID=39204
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1277905964450
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277905877809
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\april\applic~1\mozilla\firefox\profiles\35rvxepc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.mytalktalk.co.uk
FF - component: c:\documents and settings\april\application data\mozilla\firefox\profiles\35rvxepc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\april\application data\mozilla\firefox\profiles\35rvxepc.default\extensions\twitternotifier@naan.net\platform\winnt\components\nsTwitterFoxSign.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBTEmailConfig.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {0877C73E-1A86-4CC6-B7B5-37F455A4370C} - c:\documents and settings\april\local settings\application data\{0877c73e-1a86-4cc6-b7b5-37f455a4370c}\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
S0 bxyduk;bxyduk; [x]
S2 gupdate1c9936d62cb9fc0;Google Update Service (gupdate1c9936d62cb9fc0);c:\program files\google\update\GoogleUpdate.exe [2009-2-20 133104]

=============== Created Last 30 ================

2010-10-29 14:35:22 6146896 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{f0eb60e3-091d-49e9-b814-4a647d689352}\mpengine.dll
2010-10-21 15:33:45 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-21 15:33:45 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-21 15:33:45 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-10-13 09:01:35 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-13 09:01:35 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 09:01:34 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 09:00:53 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2010-10-01 10:20:56 -------- d-----w- c:\docume~1\april\locals~1\applic~1\Zipeg
2010-09-29 22:03:43 -------- d-----w- c:\program files\Thingamablog
2010-09-29 21:02:27 -------- d-----w- c:\windows\system32\scripting
2010-09-29 21:02:26 -------- d-----w- c:\windows\l2schemas
2010-09-29 21:02:25 -------- d-----w- c:\windows\system32\en
2010-09-29 21:02:25 -------- d-----w- c:\windows\system32\bits
2010-09-29 20:55:15 -------- d-----w- c:\windows\network diagnostic
2010-09-29 20:50:09 -------- d-----w- c:\windows\EHome
2010-09-29 16:32:27 28672 ----a-r- C:\setupSNK.exe
2010-09-29 16:27:53 -------- d-----w- c:\windows\tracing
2010-09-29 16:24:51 -------- d-----w- C:\temp

==================== Find3M ====================

2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-04 12:45:50 6528 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-09-20 14:32:53 0 ----a-w- c:\windows\Vlokerokonib.bin
2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-04-10 15:55:44 73094 ----a-w- c:\program files\uninst_1.exe
2010-04-10 15:55:44 73094 ----a-w- c:\program files\uninst.exe
2009-11-28 08:08:02 28 ----a-w- c:\program files\run_1.bat
2009-11-28 08:08:02 28 ----a-w- c:\program files\run.bat
2009-11-28 08:08:02 166400 ----a-w- c:\program files\tamb_1.exe
2009-11-28 08:08:02 166400 ----a-w- c:\program files\tamb.exe
2009-11-28 08:07:58 411090 ----a-w- c:\program files\xstream-1.3.jar
2009-07-06 12:05:56 336 ----a-w- c:\program files\temp995.bat

============= FINISH: 15:46:03.06 ===============

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:20 PM

Posted 08 November 2010 - 07:50 AM

Hello AprilK

Welcome to BleepingComputer :)
==========================
  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
====================
Please download Rootkit Unhooker and save it to your desktop.
  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 AprilK

AprilK
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 08 November 2010 - 09:23 AM

Thanks for the reply. It seems that rootkit.com is down so I can't download Rootkit Unhooker. So here's the results of the OTL report:-

OTL logfile created on: 08/11/2010 14:06:04 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\April\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

503.00 Mb Total Physical Memory | 135.00 Mb Available Physical Memory | 27.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.17 Gb Total Space | 20.55 Gb Free Space | 60.12% Space Free | Partition Type: NTFS

Computer Name: DELL_INSP | User Name: April | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/08 13:06:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\April\Desktop\OTL.exe
PRC - [2010/10/29 08:58:20 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/29 08:58:08 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/29 08:56:45 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/10/19 08:31:22 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/09/15 03:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/05/10 08:04:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalkSupportCentre\bin\sprtsvc.exe
PRC - [2010/05/10 08:04:18 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalkSupportCentre\bin\tgsrvc.exe
PRC - [2010/05/10 08:04:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalkSupportCentre\bin\sprtcmd.exe
PRC - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/09/27 10:05:58 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/04/16 13:38:39 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2005/12/15 09:44:40 | 000,839,680 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2005/09/09 22:19:34 | 000,393,216 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/09/08 04:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/26 20:19:00 | 000,356,352 | ---- | M] (D-Link, Inc.) -- C:\Program Files\D-Link\DSL-200\DslStat.exe
PRC - [2005/07/26 20:19:00 | 000,016,384 | ---- | M] () -- C:\Program Files\D-Link\DSL-200\dslagent.exe
PRC - [2003/10/29 01:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/09/10 01:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe


========== Modules (SafeList) ==========

MOD - [2010/11/08 13:06:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\April\Desktop\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/05/10 08:04:16 | 000,116,008 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalkSupportCentre\bin\sprthook.dll
MOD - [2008/04/14 00:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/05/10 08:04:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\TalkTalkSupportCentre\bin\sprtsvc.exe -- (sprtsvc_talktalkda) SupportSoft Sprocket Service (talktalkda)
SRV - [2010/05/10 08:04:18 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\TalkTalkSupportCentre\bin\tgsrvc.exe -- (tgsrvc_talktalkda) SupportSoft Repair Service (talktalkda)
SRV - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX)
DRV - [2010/05/10 18:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 18:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/27 16:22:52 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2008/04/13 18:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
DRV - [2008/04/13 18:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2008/04/13 18:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 18:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/04/16 13:38:43 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/04/10 08:46:36 | 000,018,560 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pcasp50.sys -- (PCASp50)
DRV - [2006/03/27 14:02:06 | 000,074,752 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2005/12/01 00:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 00:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 00:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/11/29 03:36:56 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/09/12 02:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/09 22:15:32 | 001,032,472 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 15:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/12 04:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/08/05 02:32:16 | 000,045,312 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/26 20:17:00 | 000,150,369 | ---- | M] (GlobespanVirata Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gwausb.sys -- (wanusb) D-Link DSL-200 USB ADSL Modem(WAN)
DRV - [2005/07/22 02:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsfhwazl.sys -- (HSFHWAZL)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sp/*http://uk.search.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.talktalk.co.uk [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: " http://www.mytalktalk.co.uk"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.7.1
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: beta@linkdiagnosis.com:2.1.43
FF - prefs.js..extensions.enabledItems: rankchecker@seobook.com:1.7.5
FF - prefs.js..extensions.enabledItems: seo4firefox@seobook.com:3.3.8
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.6.6
FF - prefs.js..extensions.enabledItems: {0877C73E-1A86-4CC6-B7B5-37F455A4370C}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22


FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/07 16:24:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{0877C73E-1A86-4CC6-B7B5-37F455A4370C}: C:\Documents and Settings\April\Local Settings\Application Data\{0877C73E-1A86-4CC6-B7B5-37F455A4370C}\ [2010/09/20 14:32:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 08:58:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 08:58:43 | 000,000,000 | ---D | M]

[2009/01/20 21:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\Mozilla\Extensions
[2010/11/06 12:49:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\Mozilla\Firefox\Profiles\35rvxepc.default\extensions
[2010/07/02 09:00:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\April\Application Data\Mozilla\Firefox\Profiles\35rvxepc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/04 07:48:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\April\Application Data\Mozilla\Firefox\Profiles\35rvxepc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/22 09:59:49 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\April\Application Data\Mozilla\Firefox\Profiles\35rvxepc.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010/10/15 14:20:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\April\Application Data\Mozilla\Firefox\Profiles\35rvxepc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/11/18 16:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\Mozilla\Firefox\Profiles\35rvxepc.default\extensions\beta@linkdiagnosis.com
[2009/01/22 11:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\Mozilla\Firefox\Profiles\35rvxepc.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/09/11 09:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\Mozilla\Firefox\Profiles\35rvxepc.default\extensions\rankchecker@seobook.com
[2010/09/14 09:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\Mozilla\Firefox\Profiles\35rvxepc.default\extensions\seo4firefox@seobook.com
[2010/11/03 08:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\Mozilla\Firefox\Profiles\35rvxepc.default\extensions\twitternotifier@naan.net
[2010/11/07 12:56:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/21 15:33:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2008/12/10 09:32:56 | 000,091,520 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\Mozilla Firefox\plugins\npBTEmailConfig.dll
[2010/10/21 15:33:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/04/15 12:40:19 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/09/10 08:52:04 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/10 08:52:04 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/10 08:52:04 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/10 08:52:05 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe ()
O4 - HKLM..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe (D-Link, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ShowLOMControl] Reg Error: Invalid data type. File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TalkTalkDA] C:\Program Files\TalkTalkSupportCentre\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkID=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1277905964450 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277905877809 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/08 13:05:00 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\April\Desktop\OTL.exe
[2010/10/21 15:34:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/21 15:34:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/21 15:33:45 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/10/21 15:33:45 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/21 15:33:45 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/10/21 15:33:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/21 15:33:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/21 15:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/10/13 09:01:35 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010/10/13 09:01:35 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/13 09:01:34 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/13 09:00:53 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/09/29 09:26:05 | 000,411,090 | ---- | C] (Microsoft Corporation) -- C:\Program Files\xstream-1.3.jar
[2010/09/22 19:48:56 | 000,166,400 | ---- | C] (Bob Tantlinger) -- C:\Program Files\tamb.exe
[2010/08/02 14:52:12 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Program Files\tamb_1.exe
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/08 14:05:13 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/11/08 13:38:10 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/08 13:06:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\April\Desktop\OTL.exe
[2010/11/08 12:40:28 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\April\Desktop\BookmarkingDemon 5.lnk
[2010/11/08 10:08:22 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/08 10:07:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2010/11/08 09:59:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/08 09:56:59 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/08 09:56:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/08 09:56:14 | 527,892,480 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/31 10:38:07 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/31 10:38:06 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/29 12:15:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\April\defogger_reenable
[2010/10/21 15:33:21 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/21 15:33:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/10/21 15:33:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/21 15:33:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/21 15:33:20 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/10/19 20:51:33 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/10/19 09:12:35 | 000,000,019 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\CTDChannels_Version.cd27244d.cdf
[2010/10/14 13:31:55 | 000,149,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/13 19:04:09 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/13 09:11:12 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/29 12:15:09 | 000,000,446 | ---- | C] () -- C:\Documents and Settings\April\defogger_disable.log
[2010/10/29 12:15:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\April\defogger_reenable
[2010/10/13 09:11:12 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/09/29 17:37:32 | 000,000,518 | ---- | C] () -- C:\Program Files\Thingamablog
[2010/09/29 10:11:38 | 000,000,061 | ---- | C] () -- C:\Program Files\Thingamablog
[2010/09/29 09:26:07 | 000,730,518 | ---- | C] () -- C:\Program Files\sunsets_and_oceans.zip
[2010/09/29 09:26:07 | 000,243,786 | ---- | C] () -- C:\Program Files\sunshine.zip
[2010/09/29 09:26:07 | 000,076,485 | ---- | C] () -- C:\Program Files\tech_blog.zip
[2010/09/29 09:26:07 | 000,008,413 | ---- | C] () -- C:\Program Files\titanium_gold.zip
[2010/09/29 09:26:07 | 000,000,520 | ---- | C] () -- C:\Program Files\user.xml
[2010/09/29 09:26:06 | 001,345,060 | ---- | C] () -- C:\Program Files\my_thoughts.zip
[2010/09/29 09:26:06 | 000,480,589 | ---- | C] () -- C:\Program Files\nature.zip
[2010/09/29 09:26:06 | 000,267,351 | ---- | C] () -- C:\Program Files\poetry.zip
[2010/09/29 09:26:06 | 000,021,771 | ---- | C] () -- C:\Program Files\kubrick.zip
[2010/09/29 09:26:06 | 000,009,015 | ---- | C] () -- C:\Program Files\slashdot_classic.zip
[2010/09/29 09:26:06 | 000,008,232 | ---- | C] () -- C:\Program Files\mac_stripe.zip
[2010/09/29 09:26:06 | 000,008,023 | ---- | C] () -- C:\Program Files\lovingrey.zip
[2010/09/29 09:26:06 | 000,008,015 | ---- | C] () -- C:\Program Files\plain_jane.zip
[2010/09/29 09:26:05 | 000,206,733 | ---- | C] () -- C:\Program Files\be_green.zip
[2010/09/29 09:26:05 | 000,200,244 | ---- | C] () -- C:\Program Files\inove.zip
[2010/09/29 09:26:05 | 000,100,738 | ---- | C] () -- C:\Program Files\auroral.zip
[2010/09/29 09:26:05 | 000,019,379 | ---- | C] () -- C:\Program Files\bubblegum.zip
[2010/09/29 09:26:05 | 000,008,101 | ---- | C] () -- C:\Program Files\clean.zip
[2010/09/29 09:26:05 | 000,008,095 | ---- | C] () -- C:\Program Files\boxed_green.zip
[2010/09/29 09:26:05 | 000,008,052 | ---- | C] () -- C:\Program Files\gettysburg.zip
[2010/09/29 09:26:05 | 000,008,052 | ---- | C] () -- C:\Program Files\georgia_blue.zip
[2010/09/29 09:26:04 | 001,269,047 | ---- | C] () -- C:\Program Files\swingx-1.0.jar
[2010/09/29 09:26:04 | 000,558,370 | ---- | C] () -- C:\Program Files\userguide.zip
[2010/09/29 09:26:04 | 000,218,623 | ---- | C] () -- C:\Program Files\swingx-beaninfo-1.0.jar
[2010/09/29 09:26:04 | 000,097,005 | ---- | C] () -- C:\Program Files\xmlrpc-2.0.jar
[2010/09/29 09:26:04 | 000,024,956 | ---- | C] () -- C:\Program Files\xpp3_min-1.1.4c.jar
[2010/09/29 09:26:02 | 000,863,551 | ---- | C] () -- C:\Program Files\SHEF.jar
[2010/09/29 09:26:02 | 000,285,275 | ---- | C] () -- C:\Program Files\sam.jar
[2010/09/29 09:26:01 | 000,347,137 | ---- | C] () -- C:\Program Files\mail.jar
[2010/09/29 09:26:01 | 000,219,305 | ---- | C] () -- C:\Program Files\novaworx-syntax-0.0.7.jar
[2010/09/29 09:26:01 | 000,053,561 | ---- | C] () -- C:\Program Files\lang_es.zip
[2010/09/29 09:26:00 | 000,588,596 | ---- | C] () -- C:\Program Files\jhall.jar
[2010/09/29 09:26:00 | 000,249,028 | ---- | C] () -- C:\Program Files\jtidy-8.0.jar
[2010/09/29 09:26:00 | 000,100,875 | ---- | C] () -- C:\Program Files\jsch.jar
[2010/09/29 09:26:00 | 000,076,901 | ---- | C] () -- C:\Program Files\jmyspell-core-1.0.0-beta-2.jar
[2010/09/29 09:26:00 | 000,075,319 | ---- | C] () -- C:\Program Files\jmyspell-swing-1.0.0-beta-2.jar
[2010/09/29 09:26:00 | 000,008,502 | ---- | C] () -- C:\Program Files\jhelpaction.jar
[2010/09/29 09:25:59 | 000,699,936 | ---- | C] () -- C:\Program Files\hsqldb.jar
[2010/09/29 09:25:59 | 000,153,253 | ---- | C] () -- C:\Program Files\jdom.jar
[2010/09/29 09:25:59 | 000,003,434 | ---- | C] () -- C:\Program Files\hypersonic_lic.txt
[2010/09/29 09:25:59 | 000,001,602 | ---- | C] () -- C:\Program Files\hsqldb_lic.txt
[2010/09/29 09:25:58 | 000,166,354 | ---- | C] () -- C:\Program Files\edtftpj.jar
[2010/09/29 09:25:58 | 000,090,556 | ---- | C] () -- C:\Program Files\commons-net-ftp-2.0.0.jar
[2010/09/29 09:25:58 | 000,017,471 | ---- | C] () -- C:\Program Files\datatips.jar
[2010/09/29 09:25:57 | 000,631,281 | ---- | C] () -- C:\Program Files\beansbinding-1.2.1.jar
[2010/09/29 09:25:57 | 000,360,047 | ---- | C] () -- C:\Program Files\commons-net-2.0.0-sources.jar
[2010/09/29 09:25:57 | 000,261,809 | ---- | C] () -- C:\Program Files\commons-lang-2.4.jar
[2010/09/29 09:25:57 | 000,046,725 | ---- | C] () -- C:\Program Files\commons-codec-1.3.jar
[2010/09/29 09:25:56 | 000,264,341 | ---- | C] () -- C:\Program Files\appframework-1.0.3.jar
[2010/09/29 09:25:56 | 000,248,417 | ---- | C] () -- C:\Program Files\en_US.zip
[2010/09/29 09:25:56 | 000,054,829 | ---- | C] () -- C:\Program Files\activation.jar
[2010/09/29 09:25:56 | 000,011,326 | ---- | C] () -- C:\Program Files\apache.txt
[2010/09/29 09:25:55 | 002,587,086 | ---- | C] () -- C:\Program Files\Thingamablog.jar
[2010/09/29 09:25:54 | 000,005,695 | ---- | C] () -- C:\Program Files\license.txt
[2010/09/29 09:25:54 | 000,000,955 | ---- | C] () -- C:\Program Files\README.TXT
[2010/09/22 19:48:58 | 000,000,520 | ---- | C] () -- C:\Program Files\user_1.xml
[2010/09/22 19:48:57 | 000,631,281 | ---- | C] () -- C:\Program Files\beansbinding-1.2.1_1.jar
[2010/09/22 19:48:57 | 000,264,341 | ---- | C] () -- C:\Program Files\appframework-1.0.3_1.jar
[2010/09/22 19:48:57 | 000,261,809 | ---- | C] () -- C:\Program Files\commons-lang-2.4_1.jar
[2010/09/22 19:48:57 | 000,046,725 | ---- | C] () -- C:\Program Files\commons-codec-1.3_1.jar
[2010/09/22 19:48:56 | 002,587,086 | ---- | C] () -- C:\Program Files\Thingamablog_1.jar
[2010/09/22 19:48:56 | 000,248,417 | ---- | C] () -- C:\Program Files\en_US_1.zip
[2010/09/22 19:48:56 | 000,073,094 | ---- | C] () -- C:\Program Files\uninst.exe
[2010/09/22 19:48:56 | 000,054,829 | ---- | C] () -- C:\Program Files\activation_1.jar
[2010/09/22 19:48:56 | 000,011,326 | ---- | C] () -- C:\Program Files\apache_1.txt
[2010/09/22 19:48:56 | 000,000,659 | ---- | C] () -- C:\Program Files\en_US.per
[2010/09/22 19:48:56 | 000,000,212 | ---- | C] () -- C:\Program Files\TAMBL4~1.INI
[2010/09/22 19:48:56 | 000,000,061 | ---- | C] () -- C:\Program Files\Thingamablog_1.url
[2010/09/22 19:48:56 | 000,000,028 | ---- | C] () -- C:\Program Files\run.bat
[2010/08/04 08:04:25 | 000,000,061 | ---- | C] () -- C:\Program Files\Thingamablog_2.url
[2010/08/02 14:52:12 | 000,073,094 | ---- | C] () -- C:\Program Files\uninst_1.exe
[2010/08/02 14:11:44 | 000,000,520 | ---- | C] () -- C:\Program Files\user_2.xml
[2010/08/02 14:11:34 | 000,588,596 | ---- | C] () -- C:\Program Files\jhall_1.jar
[2010/08/02 14:11:33 | 000,699,936 | ---- | C] () -- C:\Program Files\hsqldb_1.jar
[2010/08/02 14:11:30 | 000,631,281 | ---- | C] () -- C:\Program Files\beansbinding-1.2.1_2.jar
[2010/08/02 14:11:30 | 000,264,341 | ---- | C] () -- C:\Program Files\appframework-1.0.3_2.jar
[2010/08/02 14:11:30 | 000,054,829 | ---- | C] () -- C:\Program Files\activation_2.jar
[2010/08/02 14:11:30 | 000,046,725 | ---- | C] () -- C:\Program Files\commons-codec-1.3_2.jar
[2010/08/02 14:11:30 | 000,011,326 | ---- | C] () -- C:\Program Files\apache_2.txt
[2010/08/02 14:11:29 | 002,587,086 | ---- | C] () -- C:\Program Files\Thingamablog_2.jar
[2010/08/02 14:11:29 | 000,248,417 | ---- | C] () -- C:\Program Files\en_US_2.zip
[2010/08/02 14:11:29 | 000,000,659 | ---- | C] () -- C:\Program Files\en_US_1.per
[2010/08/02 14:11:24 | 000,000,212 | ---- | C] () -- C:\Program Files\TAMBL4~1_1.INI
[2010/08/02 14:11:24 | 000,000,028 | ---- | C] () -- C:\Program Files\run_1.bat
[2010/07/15 19:12:15 | 000,096,632 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/08 10:26:45 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\April\Application Data\qcopjv.dat
[2010/04/10 16:05:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\April\Local Settings\Application Data\prvlcl.dat
[2010/01/27 16:22:21 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2010/01/27 16:22:21 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2010/01/27 16:22:20 | 000,002,535 | ---- | C] () -- C:\WINDOWS\System32\bcmwlhom.ini
[2009/10/16 11:14:42 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/10/14 15:13:19 | 003,325,578 | ---- | C] () -- C:\Program Files\bmdoperationguide.pdf
[2009/10/06 22:33:44 | 000,758,239 | ---- | C] () -- C:\Program Files\bmdultimateguide.pdf
[2009/07/06 12:05:56 | 000,000,336 | ---- | C] () -- C:\Program Files\temp995.bat
[2009/04/29 14:00:49 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/04/16 14:11:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2009/04/15 13:55:31 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009/04/15 13:52:15 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/04/15 13:52:13 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/04/08 12:01:48 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\April\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/21 22:42:43 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7J.DLL
[2009/01/20 20:49:25 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\CoInst.dll
[2009/01/20 20:49:21 | 000,016,308 | ---- | C] () -- C:\WINDOWS\wwdslcfg.ini
[2006/11/17 22:24:06 | 000,066,046 | ---- | C] () -- C:\Program Files\Dupe_Free_0_NO_VISTA.ico
[2006/04/27 08:44:52 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/26 18:21:30 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\April\Local Settings\Application Data\fusioncache.dat
[2006/04/26 16:30:23 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\52EA0ECA34.sys
[2006/04/26 16:30:16 | 000,006,528 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/04/16 13:46:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/16 13:42:15 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/16 13:31:04 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/04/16 13:09:20 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/04/16 13:08:44 | 000,000,474 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 11:51:21 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys.bak

========== LOP Check ==========

[2010/06/29 17:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/01/21 22:42:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/07/21 12:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Magic Submitter
[2006/04/26 17:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA3C.tmp
[2010/01/27 16:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2009/04/15 14:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/06/29 08:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/06/28 17:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TalkTalk
[2010/11/03 15:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/04/16 13:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/07/31 10:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WebLogAnalyzer
[2010/09/20 18:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\Apgyu
[2010/05/14 10:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\com.zipeg
[2010/11/03 15:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\FileZilla
[2009/04/15 12:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\Foxit
[2010/07/11 19:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\Foxit Software
[2009/12/22 10:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\gizmotronix
[2009/04/23 16:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\gtk-2.0
[2009/04/16 07:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\KompoZer
[2006/04/26 16:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\Leadertech
[2006/07/17 13:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\Learn2.com
[2010/09/20 18:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\Ogimm
[2009/04/15 13:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\pdf995
[2006/04/26 19:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\Template
[2010/07/15 19:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\ubot
[2010/10/01 10:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\Zipeg
[2010/11/08 10:08:22 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD3AF4B3
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65859BC2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D4307796
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE2B4A65
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BAC320C7

< End of report >

OTL Extras logfile created on: 08/11/2010 14:06:04 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\April\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

503.00 Mb Total Physical Memory | 135.00 Mb Available Physical Memory | 27.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.17 Gb Total Space | 20.55 Gb Free Space | 60.12% Space Free | Partition Type: NTFS

Computer Name: DELL_INSP | User Name: April | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL -- File not found
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\April\Desktop\internet marketing\kompozer-0.7.10-win32\KompoZer 0.7.10\kompozer.exe" = C:\Documents and Settings\April\Desktop\internet marketing\kompozer-0.7.10-win32\KompoZer 0.7.10\kompozer.exe:*:Enabled:Composer -- File not found
"C:\Program Files\wamp\bin\apache\Apache2.2.11\bin\httpd.exe" = C:\Program Files\wamp\bin\apache\Apache2.2.11\bin\httpd.exe:*:Enabled:Apache HTTP Server -- File not found
"C:\Program Files\wamp\bin\apache\Apache2.2.10\bin\httpd.exe" = C:\Program Files\wamp\bin\apache\Apache2.2.10\bin\httpd.exe:*:Enabled:Apache HTTP Server -- File not found
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Alexandr Krulik\Magic Submitter\MagicSubmitter.exe" = C:\Program Files\Alexandr Krulik\Magic Submitter\MagicSubmitter.exe:*:Enabled:MagicSubmitter -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020B98A8-6D1F-491E-B7CF-BD525CAF452F}" = Linkword Italian
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1AFAE2EB-BC93-4B28-9C7C-004BBF974E3C}" = BT Voyager Wireless Utility
"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{27A9D9DD-CF34-4FF3-80D2-090983A72089}" = MyStarterBlog
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{31ACB2BD-3C87-4B56-9CD4-CCA25D98F390}" = GFX Writer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C48C6BB-A6A1-4536-A622-34C1899ECFE3}" = ArticleBot
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50841016-B422-459A-9D92-CEC6A38FAE4F}" = DirectoryBot
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{7387442F-CB81-4775-96FA-C038CF479C3E}" = Magic Tokens Database 2.0
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{91175441-4E5D-4e13-B116-828FD352CDB2}" = Canon MP170
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{BEDE6836-8ED5-4444-B895-CE54968CFC4C}" = Magic Article Rewriter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41F4616-44B6-4E8D-BFC7-4267862A2CE1}" = CinepPlayer 30 Update
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D93E970F-5B4B-4BE6-89CB-E46963E3B1E4}" = DupeFree Pro
"{D980FF5B-AC29-44DE-B0EF-5AFD964965D7}" = RSSBot
"{DA898F5C-4C85-4CF4-825B-E05D07DC39DD}" = BT Email Configuration Tool
"{DB931849-AA24-4EFA-813A-D100617055D0}" = Blog Content Wizard
"{DF62D775-BB7C-4AFA-9CA4-DDA1C4855F28}" = Dell Mobile Broadband Card Utility
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AllSubmitter_is1" = AllSubmitter 6.03
"AnswerAnalyst" = AnswerAnalyst
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"BT Yahoo! Applications" = BT Yahoo! Applications
"BTHomeHub" = BTHomeHub
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"DSL-200 DSL Modem" = DSL-200 DSL Modem
"FileZilla Client" = FileZilla Client 3.3.4.1
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"Free RAR Extract Frog 1.00" = Free RAR Extract Frog 1.00
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PLR Dashboard_is1" = PLR Dashboard 1.0
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TalkTalkSupportCentre_is1" = TalkTalk Support Centre
"Thingamablog" = Thingamablog 1.5.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"Zipeg" = Zipeg

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/10/2010 06:29:06 | Computer Name = DELL_INSP | Source = Google Update | ID = 20
Description =

Error - 07/10/2010 13:30:43 | Computer Name = DELL_INSP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.1.6805.0, P3 timeout, P4 1.1.6201.0, P5 local, P6 unspecified, P7 unspecified,
P8 NIL, P9 NIL, P10 NIL.

Error - 13/10/2010 05:10:56 | Computer Name = DELL_INSP | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 21/10/2010 12:43:08 | Computer Name = DELL_INSP | Source = Application Hang | ID = 1002
Description = Hanging application MagicArticleRewriter.exe, version 1.0.0.3, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 21/10/2010 12:43:23 | Computer Name = DELL_INSP | Source = Application Hang | ID = 1001
Description = Fault bucket 1336959492.

Error - 31/10/2010 08:48:06 | Computer Name = DELL_INSP | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3951, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 04/11/2010 11:24:14 | Computer Name = DELL_INSP | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 08/11/2010 06:02:20 | Computer Name = DELL_INSP | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 08/11/2010 06:28:12 | Computer Name = DELL_INSP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.1.6805.0, P3 timeout, P4 1.1.6301.0, P5 local, P6 unspecified, P7 unspecified,
P8 NIL, P9 NIL, P10 NIL.

Error - 08/11/2010 06:28:45 | Computer Name = DELL_INSP | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.1.6805.0, P3 timeout, P4 1.1.6301.0, P5 local, P6 unspecified, P7 unspecified,
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 04/11/2010 05:54:56 | Computer Name = DELL_INSP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001422A1ACC0 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 04/11/2010 05:56:30 | Computer Name = DELL_INSP | Source = Service Control Manager | ID = 7000
Description = The McciCMService service failed to start due to the following error:
%%3

Error - 04/11/2010 07:36:11 | Computer Name = DELL_INSP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001422A1ACC0 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 04/11/2010 11:07:20 | Computer Name = DELL_INSP | Source = Service Control Manager | ID = 7000
Description = The McciCMService service failed to start due to the following error:
%%3

Error - 05/11/2010 06:34:00 | Computer Name = DELL_INSP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001422A1ACC0 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 05/11/2010 06:35:32 | Computer Name = DELL_INSP | Source = Service Control Manager | ID = 7000
Description = The McciCMService service failed to start due to the following error:
%%3

Error - 06/11/2010 07:57:31 | Computer Name = DELL_INSP | Source = Service Control Manager | ID = 7000
Description = The McciCMService service failed to start due to the following error:
%%3

Error - 07/11/2010 06:30:00 | Computer Name = DELL_INSP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 001422A1ACC0 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 07/11/2010 06:31:30 | Computer Name = DELL_INSP | Source = Service Control Manager | ID = 7000
Description = The McciCMService service failed to start due to the following error:
%%3

Error - 08/11/2010 05:57:57 | Computer Name = DELL_INSP | Source = Service Control Manager | ID = 7000
Description = The McciCMService service failed to start due to the following error:
%%3


< End of report >

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:20 PM

Posted 08 November 2010 - 10:23 AM

Please run this one instead please.
Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 AprilK

AprilK
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 08 November 2010 - 12:09 PM

I've tried to run GMER twice and so far it keeps freezing up.

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:20 PM

Posted 08 November 2010 - 02:15 PM

If it finishes after the intial double click then you can save the log from that run no need to do a full scan if it starts then stops after the quick scan post that please.
If not then do the following:
Please download and run MBR.exe by GMER:

http://www2.gmer.net/mbr/mbr.exe

It will produce a log, mbr.txt in the same directory as the program. Please copy/paste that log here.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 AprilK

AprilK
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 08 November 2010 - 03:11 PM

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: TOSHIBA_MK4032GAX rev.AD102D -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:20 PM

Posted 08 November 2010 - 07:11 PM

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 AprilK

AprilK
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 09 November 2010 - 05:56 AM

ComboFix 10-11-07.A2 - April 09/11/2010 10:14:03.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.214 [GMT 0:00]
Running from: c:\documents and settings\April\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\April\Local Settings\Application Data\{0877C73E-1A86-4CC6-B7B5-37F455A4370C}
c:\documents and settings\April\Local Settings\Application Data\{0877C73E-1A86-4CC6-B7B5-37F455A4370C}\chrome.manifest
c:\documents and settings\April\Local Settings\Application Data\{0877C73E-1A86-4CC6-B7B5-37F455A4370C}\chrome\content\_cfg.js
c:\documents and settings\April\Local Settings\Application Data\{0877C73E-1A86-4CC6-B7B5-37F455A4370C}\chrome\content\overlay.xul
c:\documents and settings\April\Local Settings\Application Data\{0877C73E-1A86-4CC6-B7B5-37F455A4370C}\install.rdf

----- BITS: Possible infected sites -----

hxxp://assist3.talktalk.net
.
((((((((((((((((((((((((( Files Created from 2010-10-09 to 2010-11-09 )))))))))))))))))))))))))))))))
.

2010-11-08 15:29 . 2010-11-08 15:29 296448 ----a-w- C:\jsa767hyuy.exe
2010-11-08 10:17 . 2010-10-07 23:21 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B762497D-371F-4EA7-9271-22C1584C2FC4}\mpengine.dll
2010-10-21 15:34 . 2010-10-21 15:34 -------- d-----w- c:\program files\Common Files\Java
2010-10-21 15:33 . 2010-10-21 15:33 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-21 15:33 . 2010-10-21 15:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-10-21 15:33 . 2010-10-21 15:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-21 15:32 . 2010-10-21 15:32 -------- d-----w- c:\program files\Java
2010-10-13 09:01 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2010-10-13 09:01 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2010-10-13 09:01 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2010-10-13 09:00 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 20:51 . 2010-06-30 16:45 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-07 23:21 . 2010-06-30 16:46 6146896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-09-28 21:56 . 2010-09-28 21:56 95360 ----a-w- c:\windows\system32\drivers\twgtddna.sys
2010-09-28 18:15 . 2010-09-28 18:15 95360 ----a-w- c:\windows\system32\drivers\kqelrjey.sys
2010-09-18 11:23 . 2004-08-10 11:51 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-10 11:51 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-10 11:51 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-10 11:51 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-10 05:58 . 2004-08-10 11:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-10 11:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-10 11:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:51 . 2004-08-10 11:50 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42 . 2004-08-10 11:51 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:02 . 2004-08-10 11:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:57 . 2004-08-10 11:51 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-26 13:39 . 2006-04-16 13:08 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 12:52 . 2010-06-30 14:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-23 16:12 . 2004-08-10 11:50 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-10 11:51 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-10 11:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-04-10 15:55 . 2010-09-22 19:48 73094 ----a-w- c:\program files\uninst.exe
2010-04-10 15:55 . 2010-08-02 14:52 73094 ----a-w- c:\program files\uninst_1.exe
2009-11-28 08:08 . 2010-09-22 19:48 28 ----a-w- c:\program files\run.bat
2009-11-28 08:08 . 2010-09-22 19:48 166400 ----a-w- c:\program files\tamb.exe
2009-11-28 08:08 . 2010-08-02 14:52 166400 ----a-w- c:\program files\tamb_1.exe
2009-11-28 08:08 . 2010-08-02 14:11 28 ----a-w- c:\program files\run_1.bat
2009-11-28 08:07 . 2010-09-29 09:26 411090 ----a-w- c:\program files\xstream-1.3.jar
2009-07-06 12:05 . 2009-07-06 12:05 336 ----a-w- c:\program files\temp995.bat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-13 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-10-29 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShowLOMControl"="1 (0x1)" [X]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-09 393216]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-12-15 839680]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-27 81920]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-04-16 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-16 98304]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"DSLSTATEXE"="c:\program files\D-Link\DSL-200\dslstat.exe" [2005-07-26 356352]
"DSLAGENTEXE"="c:\program files\D-Link\DSL-200\dslagent.exe" [2005-07-26 16384]
"TalkTalkDA"="c:\program files\TalkTalkSupportCentre\bin\sprtcmd.exe" [2010-05-10 206120]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-4-16 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656]
R2 sprtsvc_talktalkda;SupportSoft Sprocket Service (talktalkda);c:\program files\TalkTalkSupportCentre\bin\sprtsvc.exe [29/06/2010 08:33 206120]
R2 tgsrvc_talktalkda;SupportSoft Repair Service (talktalkda);c:\program files\TalkTalkSupportCentre\bin\tgsrvc.exe [29/06/2010 08:33 185640]
S0 bxyduk;bxyduk; [x]
S2 gupdate1c9936d62cb9fc0;Google Update Service (gupdate1c9936d62cb9fc0);c:\program files\Google\Update\GoogleUpdate.exe [20/02/2009 15:10 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-11-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-13 20:35]

2010-11-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 15:10]

2010-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-20 15:10]

2010-11-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mytalktalk.co.uk/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/sb/*http://uk.docs.yahoo.com/info/bt_side.html
uSearchURL,(Default) = hxxp://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/su/*http://uk.search.yahoo.com/
FF - ProfilePath - c:\documents and settings\April\Application Data\Mozilla\Firefox\Profiles\35rvxepc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.mytalktalk.co.uk
FF - component: c:\documents and settings\April\Application Data\Mozilla\Firefox\Profiles\35rvxepc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\April\Application Data\Mozilla\Firefox\Profiles\35rvxepc.default\extensions\twitternotifier@naan.net\platform\WINNT\components\nsTwitterFoxSign.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBTEmailConfig.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-09 10:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2010-11-09 10:33:29
ComboFix-quarantined-files.txt 2010-11-09 10:33

Pre-Run: 22,142,889,984 bytes free
Post-Run: 22,613,782,528 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - BE55A23201BF986FAD1232DEB3DB2A51

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:20 PM

Posted 09 November 2010 - 07:07 AM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Services
    bxyduk
    
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
================================Malwarebytes' Anti-Malware=================================
Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
================================Online scan=================================
* Go here to run an online scannner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Check next options: Remove found threats and Scan unwanted applications.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 AprilK

AprilK
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 09 November 2010 - 11:26 AM

All processes killed
========== SERVICES/DRIVERS ==========
Service bxyduk stopped successfully!
Service bxyduk deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: April
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 13212338 bytes
->Java cache emptied: 18240387 bytes
->FireFox cache emptied: 94497628 bytes
->Flash cache emptied: 123719 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 98438 bytes
->Flash cache emptied: 726 bytes

User: NetworkService
->Temp folder emptied: 2342 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 1278 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 139528 bytes
Windows Temp folder emptied: 1674 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 35876 bytes
RecycleBin emptied: 13974 bytes

Total Files Cleaned = 121.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11092010_122617

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5080

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09/11/2010 16:21:31
mbam-log-2010-11-09 (16-21-31).txt

Scan type: Full scan (C:\|)
Objects scanned: 200366
Time elapsed: 3 hour(s), 32 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:20 PM

Posted 09 November 2010 - 02:13 PM

Looks good please post the Eset scan log when it completes thank you.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 AprilK

AprilK
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 10 November 2010 - 07:34 AM

The first time I ran the scan I forgot to click on remove found threats so I ran it again and removed them

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=0a8934bc704db3409f4fb4d83071c950
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-09 09:53:13
# local_time=2010-11-09 09:53:13 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 18500494 18500494 0 0
# compatibility_mode=5891 16776869 100 100 28105 19786468 0 0
# compatibility_mode=8192 67108863 100 0 4099 4099 0 0
# scanned=82579
# found=4
# cleaned=0
# scan_time=7718
C:\Documents and Settings\All Users\Application Data\WebLogAnalyzer\AllSubmitter\tmp\1170395\1179020.html HTML/ScrInject.B.Gen virus 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\WebLogAnalyzer\AllSubmitter\tmp\1170395\1179278.html HTML/ScrInject.B.Gen virus 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\WebLogAnalyzer\AllSubmitter\tmp\1170395\1193103.html HTML/ScrInject.B.Gen virus 00000000000000000000000000000000 I
C:\Documents and Settings\All Users\Application Data\WebLogAnalyzer\AllSubmitter\tmp\1170395\1193133.html HTML/ScrInject.B.Gen virus 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=0a8934bc704db3409f4fb4d83071c950
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-10 12:08:30
# local_time=2010-11-10 12:08:30 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777215 100 0 18553325 18553325 0 0
# compatibility_mode=5891 16776869 100 100 80936 19839299 0 0
# compatibility_mode=8192 67108863 100 0 56930 56930 0 0
# scanned=82657
# found=4
# cleaned=4
# scan_time=6202
C:\Documents and Settings\All Users\Application Data\WebLogAnalyzer\AllSubmitter\tmp\1170395\1179020.html HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\WebLogAnalyzer\AllSubmitter\tmp\1170395\1179278.html HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\WebLogAnalyzer\AllSubmitter\tmp\1170395\1193103.html HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\WebLogAnalyzer\AllSubmitter\tmp\1170395\1193133.html HTML/ScrInject.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:05:20 PM

Posted 10 November 2010 - 07:53 AM

How are things running?
Any redirects?

Let me know of any remaining issues in detail also open OTL once more and click the Run scan at the top and post the new log that appears.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#15 AprilK

AprilK
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 10 November 2010 - 10:09 AM

Thanks, things are running very well and I'm not getting any redirects.

I have done the OTL scan but it didn't produce the extras.txt file.

OTL logfile created on: 10/11/2010 14:55:41 - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\April\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

503.00 Mb Total Physical Memory | 217.00 Mb Available Physical Memory | 43.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.17 Gb Total Space | 20.93 Gb Free Space | 61.24% Space Free | Partition Type: NTFS

Computer Name: DELL_INSP | User Name: April | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/08 13:06:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\April\Desktop\OTL.exe
PRC - [2010/10/19 08:31:22 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/09/15 03:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/05/10 08:04:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalkSupportCentre\bin\sprtsvc.exe
PRC - [2010/05/10 08:04:18 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalkSupportCentre\bin\tgsrvc.exe
PRC - [2010/05/10 08:04:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalkSupportCentre\bin\sprtcmd.exe
PRC - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/15 11:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/09/27 10:05:58 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/04/16 13:38:39 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2005/12/15 09:44:40 | 000,839,680 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2005/09/09 22:19:34 | 000,393,216 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/09/08 04:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/26 20:19:00 | 000,356,352 | ---- | M] (D-Link, Inc.) -- C:\Program Files\D-Link\DSL-200\DslStat.exe
PRC - [2005/07/26 20:19:00 | 000,016,384 | ---- | M] () -- C:\Program Files\D-Link\DSL-200\dslagent.exe
PRC - [2003/10/29 01:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/09/10 01:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe


========== Modules (SafeList) ==========

MOD - [2010/11/08 13:06:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\April\Desktop\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/05/10 08:04:16 | 000,116,008 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalkSupportCentre\bin\sprthook.dll
MOD - [2008/04/14 00:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/05/10 08:04:18 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\TalkTalkSupportCentre\bin\sprtsvc.exe -- (sprtsvc_talktalkda) SupportSoft Sprocket Service (talktalkda)
SRV - [2010/05/10 08:04:18 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\TalkTalkSupportCentre\bin\tgsrvc.exe -- (tgsrvc_talktalkda) SupportSoft Repair Service (talktalkda)
SRV - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS -- (MRESP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS -- (MREMP50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\April\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX)
DRV - [2010/05/10 18:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 18:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/27 16:22:52 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2008/04/13 18:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
DRV - [2008/04/13 18:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2008/04/13 18:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 18:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 16:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/04/16 13:38:43 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/04/10 08:46:36 | 000,018,560 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pcasp50.sys -- (PCASp50)
DRV - [2006/03/27 14:02:06 | 000,074,752 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2005/12/01 00:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 00:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 00:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/11/29 03:36:56 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/09/12 02:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/09 22:15:32 | 001,032,472 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 15:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/12 04:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/08/05 02:32:16 | 000,045,312 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/26 20:17:00 | 000,150,369 | ---- | M] (GlobespanVirata Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gwausb.sys -- (wanusb) D-Link DSL-200 USB ADSL Modem(WAN)
DRV - [2005/07/22 02:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsfhwazl.sys -- (HSFHWAZL)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.clientapps.yahoo.com/customize/btyahoo/defaults/cs/*http://uk.docs.yahoo.com/info/bt_side.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mytalktalk.co.uk/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: " http://www.mytalktalk.co.uk"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.7.1
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: beta@linkdiagnosis.com:2.1.43
FF - prefs.js..extensions.enabledItems: rankchecker@seobook.com:1.7.5
FF - prefs.js..extensions.enabledItems: seo4firefox@seobook.com:3.3.8
FF - prefs.js..extensions.enabledItems: {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.6.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22


FF - HKLM\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/07 16:24:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 08:58:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 08:58:43 | 000,000,000 | ---D | M]

[2009/01/20 21:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\Mozilla\Extensions
[2010/11/09 14:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\Mozilla\Firefox\Profiles\35rvxepc.default\extensions
[2010/07/02 09:00:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\April\Application Data\Mozilla\Firefox\Profiles\35rvxepc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/04 07:48:12 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\April\Application Data\Mozilla\Firefox\Profiles\35rvxepc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/22 09:59:49 | 000,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\April\Application Data\Mozilla\Firefox\Profiles\35rvxepc.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2010/10/15 14:20:26 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\April\Application Data\Mozilla\Firefox\Profiles\35rvxepc.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/11/18 16:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\Mozilla\Firefox\Profiles\35rvxepc.default\extensions\beta@linkdiagnosis.com
[2009/01/22 11:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\Mozilla\Firefox\Profiles\35rvxepc.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010/09/11 09:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\Mozilla\Firefox\Profiles\35rvxepc.default\extensions\rankchecker@seobook.com
[2010/09/14 09:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\Mozilla\Firefox\Profiles\35rvxepc.default\extensions\seo4firefox@seobook.com
[2010/11/03 08:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\Mozilla\Firefox\Profiles\35rvxepc.default\extensions\twitternotifier@naan.net
[2010/11/09 14:05:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/21 15:33:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2008/12/10 09:32:56 | 000,091,520 | ---- | M] (British Telecommunications Plc) -- C:\Program Files\Mozilla Firefox\plugins\npBTEmailConfig.dll
[2010/10/21 15:33:22 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/04/15 12:40:19 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/09/10 08:52:04 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/10 08:52:04 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/10 08:52:04 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/10 08:52:05 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/11/09 10:27:32 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe ()
O4 - HKLM..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe (D-Link, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ShowLOMControl] Reg Error: Invalid data type. File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TalkTalkDA] C:\Program Files\TalkTalkSupportCentre\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?LinkID=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1277905964450 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1277905877809 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/10 14:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\April\Desktop\logs
[2010/11/09 19:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/09 12:26:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/09 11:16:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/09 10:10:54 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/09 10:06:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/09 10:06:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/09 10:06:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/09 10:06:06 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/09 10:05:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/11/09 10:05:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/08 13:05:00 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\April\Desktop\OTL.exe
[2010/10/21 15:34:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/21 15:34:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/21 15:33:45 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/10/21 15:33:45 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/21 15:33:45 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/10/21 15:33:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/21 15:33:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/21 15:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/10/13 09:01:35 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40.dll
[2010/10/13 09:01:35 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/13 09:01:34 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/13 09:00:53 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/09/29 09:26:05 | 000,411,090 | ---- | C] (Microsoft Corporation) -- C:\Program Files\xstream-1.3.jar
[2010/09/22 19:48:56 | 000,166,400 | ---- | C] (Bob Tantlinger) -- C:\Program Files\tamb.exe
[2010/08/02 14:52:12 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Program Files\tamb_1.exe
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/10 14:53:35 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/11/10 14:45:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/10 14:43:30 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/11/10 14:43:14 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/10 14:42:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/10 14:42:35 | 527,892,480 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/10 12:38:05 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/09 18:43:31 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\April\Desktop\BookmarkingDemon 5.lnk
[2010/11/09 10:27:32 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/09 10:11:13 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/09 09:51:04 | 003,906,043 | R--- | M] () -- C:\Documents and Settings\April\Desktop\ComboFix.exe
[2010/11/08 19:53:56 | 000,089,088 | ---- | M] () -- C:\Documents and Settings\April\Desktop\mbr.exe
[2010/11/08 15:29:18 | 000,296,448 | ---- | M] () -- C:\jsa767hyuy.exe
[2010/11/08 13:06:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\April\Desktop\OTL.exe
[2010/11/08 10:07:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/10/31 10:38:07 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/31 10:38:06 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/29 12:15:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\April\defogger_reenable
[2010/10/21 15:33:21 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/21 15:33:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/10/21 15:33:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/21 15:33:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/21 15:33:20 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/10/19 20:51:33 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/10/19 09:12:35 | 000,000,019 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\CTDChannels_Version.cd27244d.cdf
[2010/10/14 13:31:55 | 000,149,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/13 19:04:09 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/10/13 09:11:12 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[1 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/09 10:11:13 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/11/09 10:11:04 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/09 10:06:06 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/09 10:06:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/09 10:06:06 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/09 10:06:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/09 10:06:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/09 10:01:51 | 003,906,043 | R--- | C] () -- C:\Documents and Settings\April\Desktop\ComboFix.exe
[2010/11/08 20:04:11 | 000,089,088 | ---- | C] () -- C:\Documents and Settings\April\Desktop\mbr.exe
[2010/11/08 15:29:13 | 000,296,448 | ---- | C] () -- C:\jsa767hyuy.exe
[2010/10/29 12:15:09 | 000,000,446 | ---- | C] () -- C:\Documents and Settings\April\defogger_disable.log
[2010/10/29 12:15:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\April\defogger_reenable
[2010/10/13 09:11:12 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/09/29 17:37:32 | 000,000,518 | ---- | C] () -- C:\Program Files\Thingamablog
[2010/09/29 10:11:38 | 000,000,061 | ---- | C] () -- C:\Program Files\Thingamablog
[2010/09/29 09:26:07 | 000,730,518 | ---- | C] () -- C:\Program Files\sunsets_and_oceans.zip
[2010/09/29 09:26:07 | 000,243,786 | ---- | C] () -- C:\Program Files\sunshine.zip
[2010/09/29 09:26:07 | 000,076,485 | ---- | C] () -- C:\Program Files\tech_blog.zip
[2010/09/29 09:26:07 | 000,008,413 | ---- | C] () -- C:\Program Files\titanium_gold.zip
[2010/09/29 09:26:07 | 000,000,520 | ---- | C] () -- C:\Program Files\user.xml
[2010/09/29 09:26:06 | 001,345,060 | ---- | C] () -- C:\Program Files\my_thoughts.zip
[2010/09/29 09:26:06 | 000,480,589 | ---- | C] () -- C:\Program Files\nature.zip
[2010/09/29 09:26:06 | 000,267,351 | ---- | C] () -- C:\Program Files\poetry.zip
[2010/09/29 09:26:06 | 000,021,771 | ---- | C] () -- C:\Program Files\kubrick.zip
[2010/09/29 09:26:06 | 000,009,015 | ---- | C] () -- C:\Program Files\slashdot_classic.zip
[2010/09/29 09:26:06 | 000,008,232 | ---- | C] () -- C:\Program Files\mac_stripe.zip
[2010/09/29 09:26:06 | 000,008,023 | ---- | C] () -- C:\Program Files\lovingrey.zip
[2010/09/29 09:26:06 | 000,008,015 | ---- | C] () -- C:\Program Files\plain_jane.zip
[2010/09/29 09:26:05 | 000,206,733 | ---- | C] () -- C:\Program Files\be_green.zip
[2010/09/29 09:26:05 | 000,200,244 | ---- | C] () -- C:\Program Files\inove.zip
[2010/09/29 09:26:05 | 000,100,738 | ---- | C] () -- C:\Program Files\auroral.zip
[2010/09/29 09:26:05 | 000,019,379 | ---- | C] () -- C:\Program Files\bubblegum.zip
[2010/09/29 09:26:05 | 000,008,101 | ---- | C] () -- C:\Program Files\clean.zip
[2010/09/29 09:26:05 | 000,008,095 | ---- | C] () -- C:\Program Files\boxed_green.zip
[2010/09/29 09:26:05 | 000,008,052 | ---- | C] () -- C:\Program Files\gettysburg.zip
[2010/09/29 09:26:05 | 000,008,052 | ---- | C] () -- C:\Program Files\georgia_blue.zip
[2010/09/29 09:26:04 | 001,269,047 | ---- | C] () -- C:\Program Files\swingx-1.0.jar
[2010/09/29 09:26:04 | 000,558,370 | ---- | C] () -- C:\Program Files\userguide.zip
[2010/09/29 09:26:04 | 000,218,623 | ---- | C] () -- C:\Program Files\swingx-beaninfo-1.0.jar
[2010/09/29 09:26:04 | 000,097,005 | ---- | C] () -- C:\Program Files\xmlrpc-2.0.jar
[2010/09/29 09:26:04 | 000,024,956 | ---- | C] () -- C:\Program Files\xpp3_min-1.1.4c.jar
[2010/09/29 09:26:02 | 000,863,551 | ---- | C] () -- C:\Program Files\SHEF.jar
[2010/09/29 09:26:02 | 000,285,275 | ---- | C] () -- C:\Program Files\sam.jar
[2010/09/29 09:26:01 | 000,347,137 | ---- | C] () -- C:\Program Files\mail.jar
[2010/09/29 09:26:01 | 000,219,305 | ---- | C] () -- C:\Program Files\novaworx-syntax-0.0.7.jar
[2010/09/29 09:26:01 | 000,053,561 | ---- | C] () -- C:\Program Files\lang_es.zip
[2010/09/29 09:26:00 | 000,588,596 | ---- | C] () -- C:\Program Files\jhall.jar
[2010/09/29 09:26:00 | 000,249,028 | ---- | C] () -- C:\Program Files\jtidy-8.0.jar
[2010/09/29 09:26:00 | 000,100,875 | ---- | C] () -- C:\Program Files\jsch.jar
[2010/09/29 09:26:00 | 000,076,901 | ---- | C] () -- C:\Program Files\jmyspell-core-1.0.0-beta-2.jar
[2010/09/29 09:26:00 | 000,075,319 | ---- | C] () -- C:\Program Files\jmyspell-swing-1.0.0-beta-2.jar
[2010/09/29 09:26:00 | 000,008,502 | ---- | C] () -- C:\Program Files\jhelpaction.jar
[2010/09/29 09:25:59 | 000,699,936 | ---- | C] () -- C:\Program Files\hsqldb.jar
[2010/09/29 09:25:59 | 000,153,253 | ---- | C] () -- C:\Program Files\jdom.jar
[2010/09/29 09:25:59 | 000,003,434 | ---- | C] () -- C:\Program Files\hypersonic_lic.txt
[2010/09/29 09:25:59 | 000,001,602 | ---- | C] () -- C:\Program Files\hsqldb_lic.txt
[2010/09/29 09:25:58 | 000,166,354 | ---- | C] () -- C:\Program Files\edtftpj.jar
[2010/09/29 09:25:58 | 000,090,556 | ---- | C] () -- C:\Program Files\commons-net-ftp-2.0.0.jar
[2010/09/29 09:25:58 | 000,017,471 | ---- | C] () -- C:\Program Files\datatips.jar
[2010/09/29 09:25:57 | 000,631,281 | ---- | C] () -- C:\Program Files\beansbinding-1.2.1.jar
[2010/09/29 09:25:57 | 000,360,047 | ---- | C] () -- C:\Program Files\commons-net-2.0.0-sources.jar
[2010/09/29 09:25:57 | 000,261,809 | ---- | C] () -- C:\Program Files\commons-lang-2.4.jar
[2010/09/29 09:25:57 | 000,046,725 | ---- | C] () -- C:\Program Files\commons-codec-1.3.jar
[2010/09/29 09:25:56 | 000,264,341 | ---- | C] () -- C:\Program Files\appframework-1.0.3.jar
[2010/09/29 09:25:56 | 000,248,417 | ---- | C] () -- C:\Program Files\en_US.zip
[2010/09/29 09:25:56 | 000,054,829 | ---- | C] () -- C:\Program Files\activation.jar
[2010/09/29 09:25:56 | 000,011,326 | ---- | C] () -- C:\Program Files\apache.txt
[2010/09/29 09:25:55 | 002,587,086 | ---- | C] () -- C:\Program Files\Thingamablog.jar
[2010/09/29 09:25:54 | 000,005,695 | ---- | C] () -- C:\Program Files\license.txt
[2010/09/29 09:25:54 | 000,000,955 | ---- | C] () -- C:\Program Files\README.TXT
[2010/09/22 19:48:58 | 000,000,520 | ---- | C] () -- C:\Program Files\user_1.xml
[2010/09/22 19:48:57 | 000,631,281 | ---- | C] () -- C:\Program Files\beansbinding-1.2.1_1.jar
[2010/09/22 19:48:57 | 000,264,341 | ---- | C] () -- C:\Program Files\appframework-1.0.3_1.jar
[2010/09/22 19:48:57 | 000,261,809 | ---- | C] () -- C:\Program Files\commons-lang-2.4_1.jar
[2010/09/22 19:48:57 | 000,046,725 | ---- | C] () -- C:\Program Files\commons-codec-1.3_1.jar
[2010/09/22 19:48:56 | 002,587,086 | ---- | C] () -- C:\Program Files\Thingamablog_1.jar
[2010/09/22 19:48:56 | 000,248,417 | ---- | C] () -- C:\Program Files\en_US_1.zip
[2010/09/22 19:48:56 | 000,073,094 | ---- | C] () -- C:\Program Files\uninst.exe
[2010/09/22 19:48:56 | 000,054,829 | ---- | C] () -- C:\Program Files\activation_1.jar
[2010/09/22 19:48:56 | 000,011,326 | ---- | C] () -- C:\Program Files\apache_1.txt
[2010/09/22 19:48:56 | 000,000,659 | ---- | C] () -- C:\Program Files\en_US.per
[2010/09/22 19:48:56 | 000,000,212 | ---- | C] () -- C:\Program Files\TAMBL4~1.INI
[2010/09/22 19:48:56 | 000,000,061 | ---- | C] () -- C:\Program Files\Thingamablog_1.url
[2010/09/22 19:48:56 | 000,000,028 | ---- | C] () -- C:\Program Files\run.bat
[2010/08/04 08:04:25 | 000,000,061 | ---- | C] () -- C:\Program Files\Thingamablog_2.url
[2010/08/02 14:52:12 | 000,073,094 | ---- | C] () -- C:\Program Files\uninst_1.exe
[2010/08/02 14:11:44 | 000,000,520 | ---- | C] () -- C:\Program Files\user_2.xml
[2010/08/02 14:11:34 | 000,588,596 | ---- | C] () -- C:\Program Files\jhall_1.jar
[2010/08/02 14:11:33 | 000,699,936 | ---- | C] () -- C:\Program Files\hsqldb_1.jar
[2010/08/02 14:11:30 | 000,631,281 | ---- | C] () -- C:\Program Files\beansbinding-1.2.1_2.jar
[2010/08/02 14:11:30 | 000,264,341 | ---- | C] () -- C:\Program Files\appframework-1.0.3_2.jar
[2010/08/02 14:11:30 | 000,054,829 | ---- | C] () -- C:\Program Files\activation_2.jar
[2010/08/02 14:11:30 | 000,046,725 | ---- | C] () -- C:\Program Files\commons-codec-1.3_2.jar
[2010/08/02 14:11:30 | 000,011,326 | ---- | C] () -- C:\Program Files\apache_2.txt
[2010/08/02 14:11:29 | 002,587,086 | ---- | C] () -- C:\Program Files\Thingamablog_2.jar
[2010/08/02 14:11:29 | 000,248,417 | ---- | C] () -- C:\Program Files\en_US_2.zip
[2010/08/02 14:11:29 | 000,000,659 | ---- | C] () -- C:\Program Files\en_US_1.per
[2010/08/02 14:11:24 | 000,000,212 | ---- | C] () -- C:\Program Files\TAMBL4~1_1.INI
[2010/08/02 14:11:24 | 000,000,028 | ---- | C] () -- C:\Program Files\run_1.bat
[2010/07/15 19:12:15 | 000,096,632 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/08 10:26:45 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\April\Application Data\qcopjv.dat
[2010/04/10 16:05:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\April\Local Settings\Application Data\prvlcl.dat
[2010/01/27 16:22:21 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2010/01/27 16:22:21 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2010/01/27 16:22:20 | 000,002,535 | ---- | C] () -- C:\WINDOWS\System32\bcmwlhom.ini
[2009/10/16 11:14:42 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/10/14 15:13:19 | 003,325,578 | ---- | C] () -- C:\Program Files\bmdoperationguide.pdf
[2009/10/06 22:33:44 | 000,758,239 | ---- | C] () -- C:\Program Files\bmdultimateguide.pdf
[2009/07/06 12:05:56 | 000,000,336 | ---- | C] () -- C:\Program Files\temp995.bat
[2009/04/29 14:00:49 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/04/16 14:11:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2009/04/15 13:55:31 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009/04/15 13:52:15 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/04/15 13:52:13 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/04/08 12:01:48 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\April\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/21 22:42:43 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7J.DLL
[2009/01/20 20:49:25 | 000,037,376 | ---- | C] () -- C:\WINDOWS\System32\CoInst.dll
[2009/01/20 20:49:21 | 000,016,308 | ---- | C] () -- C:\WINDOWS\wwdslcfg.ini
[2006/11/17 22:24:06 | 000,066,046 | ---- | C] () -- C:\Program Files\Dupe_Free_0_NO_VISTA.ico
[2006/04/27 08:44:52 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/04/26 18:21:30 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\April\Local Settings\Application Data\fusioncache.dat
[2006/04/26 16:30:23 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\52EA0ECA34.sys
[2006/04/26 16:30:16 | 000,006,528 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/04/16 13:46:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/16 13:42:15 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/16 13:31:04 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/04/16 13:09:20 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/04/16 13:08:44 | 000,000,474 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 12:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 11:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 11:51:21 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys.bak

========== LOP Check ==========

[2010/06/29 17:22:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/01/21 22:42:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/07/21 12:51:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Magic Submitter
[2006/04/26 17:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MCA3C.tmp
[2010/01/27 16:24:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2009/04/15 14:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2010/06/29 08:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/06/28 17:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TalkTalk
[2010/11/03 15:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/04/16 13:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/07/31 10:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WebLogAnalyzer
[2010/09/20 18:49:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\Apgyu
[2010/05/14 10:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\com.zipeg
[2010/11/03 15:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\FileZilla
[2009/04/15 12:40:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\Foxit
[2010/07/11 19:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\Foxit Software
[2009/12/22 10:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\gizmotronix
[2009/04/23 16:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\gtk-2.0
[2009/04/16 07:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\KompoZer
[2006/04/26 16:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\Leadertech
[2006/07/17 13:37:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\Learn2.com
[2010/09/20 18:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\Ogimm
[2009/04/15 13:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\pdf995
[2006/04/26 19:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\Template
[2010/07/15 19:08:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\ubot
[2010/10/01 10:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\April\Application Data\Zipeg
[2010/11/10 14:53:35 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DD3AF4B3
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65859BC2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D4307796
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FE2B4A65
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BAC320C7

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users