Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Intermittent slow browsing


  • This topic is locked This topic is locked
21 replies to this topic

#1 mpartrid

mpartrid

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 31 October 2011 - 03:37 PM

Hello

I am experiencing some issues when browsing the internet using Firefox. Everything will be OK and intermittently things will run slowly. Pages will open OK at first and then suddenly the next page will take 30 seconds to open, then everything will be OK for a few minutes and then the same thing happens again. I do not think there is an issue with my broadband connection, I have done a number of speed checks and regularly get 20MB, the PC is also fairly high spec (quad core).

I have attached the DDS and GMER logs.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Matt at 18:27:53 on 2011-10-31
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2455 [GMT 0:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Online Armor Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Online Armor\OAcat.exe
C:\Program Files\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Online Armor\oaui.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ASRock Utility\IES\AsrIes.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe
C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: RoboForm BHO: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ASRock IES] c:\program files\asrock utility\ies\AsrIes.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Openwares LiveUpdate] c:\program files\liveupdate\LiveUpdate.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [@OnlineArmor GUI] "c:\program files\online armor\oaui.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\matt\startm~1\programs\startup\samsun~3.lnk - c:\program files\clarus\samsung auto backup\ISFGuage.exe
StartupFolder: c:\docume~1\matt\startm~1\programs\startup\samsun~2.lnk - c:\program files\clarus\samsung auto backup\ISFRealTimeD.exe
StartupFolder: c:\docume~1\matt\startm~1\programs\startup\samsun~1.lnk - c:\program files\clarus\samsung auto backup\ISFTimerD.exe
StartupFolder: c:\docume~1\matt\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
StartupFolder: c:\docume~1\matt\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249674514057
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249674819328
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{62138E2A-0C9F-466C-89A4-161A59E5624D} : DhcpNameServer = 194.168.4.100 194.168.8.100
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\online~2\oaevent.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\matt\application data\mozilla\firefox\profiles\95ed3kyt.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.co.uk
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\downloader\npdd.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl079adc39;MpKsl079adc39;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7793de44-288c-4e33-adfe-5a96b31bb1e1}\MpKsl079adc39.sys [2011-10-31 28752]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-11-26 202064]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2010-11-26 38856]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-11-26 25000]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2010-11-26 29272]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2010-11-26 380784]
R2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2010-11-26 3652696]
R3 IesDrv;IesDrv;\??\c:\windows\system32\drivers\iesdrv.sys --> c:\windows\system32\drivers\IesDrv.sys [?]
S2 AviraUpgradeService;Avira Upgrade Service;"c:\windows\temp\avsetup_4eaae617\avupgsvc.exe" /tempstart:""c:\windows\temp\avsetup_4eaae617\setup.exe" /notempcleanup /crossupgrade" --> c:\windows\temp\avsetup_4eaae617\avupgsvc.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-8 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-8 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2010-4-10 266544]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]
.
=============== Created Last 30 ================
.
2011-10-31 18:25:43 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7793de44-288c-4e33-adfe-5a96b31bb1e1}\MpKsl079adc39.sys
2011-10-31 18:25:38 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7793de44-288c-4e33-adfe-5a96b31bb1e1}\offreg.dll
2011-10-31 18:04:32 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{7793de44-288c-4e33-adfe-5a96b31bb1e1}\mpengine.dll
2011-10-31 18:02:29 98816 ----a-w- c:\windows\sed.exe
2011-10-31 18:02:29 518144 ----a-w- c:\windows\SWREG.exe
2011-10-31 18:02:29 256000 ----a-w- c:\windows\PEV.exe
2011-10-31 18:02:29 208896 ----a-w- c:\windows\MBR.exe
2011-10-31 18:00:41 -------- d-s---w- C:\ComboFix
2011-10-28 17:44:08 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-10-28 17:42:22 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-10-28 17:39:54 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-20 20:28:07 -------- d-----w- c:\documents and settings\matt\local settings\application data\Nero_AG
2011-10-20 18:23:21 -------- d-----w- c:\documents and settings\all users\application data\LightScribe
2011-10-20 18:08:18 -------- d-----w- c:\documents and settings\all users\application data\Nero
2011-10-20 18:00:22 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-10-20 18:00:21 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2011-10-20 18:00:20 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2011-10-20 18:00:19 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2011-10-20 18:00:17 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-10-20 17:59:49 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-10-20 17:59:34 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
.
==================== Find3M ====================
.
2011-10-20 18:01:42 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 10:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 10:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 10:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 16:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 18:30:18.56 ===============



Thanks

Matt

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:41 AM

Posted 05 November 2011 - 07:02 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 mpartrid

mpartrid
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 05 November 2011 - 09:51 AM

Hello m0le

Yes I am here. Thanks for picking this up.


Matt

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:41 AM

Posted 05 November 2011 - 09:59 AM

I haven't seen anything obvious up to now so please run SAS

Download Superantispyware
  • Load Superantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log onto the forum.

Posted Image
m0le is a proud member of UNITE

#5 mpartrid

mpartrid
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 05 November 2011 - 11:06 AM

Here is the logfile





SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/05/2011 at 04:03 PM

Application Version : 5.0.1134

Core Rules Database Version : 7904
Trace Rules Database Version: 5716

Scan type : Complete Scan
Total Scan Time : 00:48:59

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 484
Memory threats detected : 0
Registry items scanned : 36643
Registry threats detected : 0
File items scanned : 32613
File threats detected : 107

Adware.Tracking Cookie
C:\Documents and Settings\Matt\Cookies\WKA63F6C.txt [ /tracking.dc-storm.com ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ANGE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BM9KZM2G.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ANGE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BM9KZM2G.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ANGE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BM9KZM2G.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\ANGE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BM9KZM2G.DEFAULT\COOKIES.SQLITE ]
tracking.dc-storm.com [ C:\DOCUMENTS AND SETTINGS\ANGE\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BM9KZM2G.DEFAULT\COOKIES.SQLITE ]
cdn1.image.freeporn.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\B5QQ2EAA ]
ia.media-imdb.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\B5QQ2EAA ]
media.buto.tv [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\B5QQ2EAA ]
promo.elitetvonline.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\B5QQ2EAA ]
www.adultwork.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.youporn.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.youporngay.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.youporngay.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.youporn.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.youporn.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.teensexyvirgins.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.teensexyvirgins.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
www.youngpornvideos.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.youngpornvideos.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.youngpornvideos.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
www.ypmadserver.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.uk.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.e-2dj6whkiwpdpgko.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
www.advert-rotator.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.xiti.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
www.ist-track.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.adtech.staticwhich.co.uk [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.amazon-adsystem.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.geobanner.bleepbookhookups.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.amateurteenmovies.net [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.amateurteenmovies.net [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.adtech.staticwhich.co.uk [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
tracking.dc-storm.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
tracking.dc-storm.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.uk.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.aimfar.solution.weborama.fr [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.dmtracker.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.solvemedia.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
www.find-game.co.uk [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.find-game.co.uk [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.find-game.co.uk [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
my-account.edfenergy.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
my-account.edfenergy.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.geobanner.bleepbookhookups.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.geobanner.bleepbookhookups.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.geobanner.bleepbookhookups.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.geobanner.bleepbookhookups.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.geobanner.bleepbookhookups.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.promo.elitetvonline.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.promo.elitetvonline.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
www.webtrafficonline.co.uk [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
www.adultwork.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.adultwork.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.adultwork.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
www.bustyteensfan.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.alldirtyteens.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.alldirtyteens.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
workaway.virginmedia.co.uk [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
workaway.virginmedia.co.uk [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.freeporn.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.freeporn.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.track.gridlockparadise.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.track.gridlockparadise.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
www.porntube.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.porntube.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.porntube.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.porntube.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
www.porntube.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
www.porntube.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
www.porntube.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
www.porntube.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
www.porntube.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
www.porntube.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
www.porntube.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
www.porntube.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
www.porntube.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
www.porntube.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
www.porntube.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
www.porntube.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
tracking.dc-storm.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
tracking.dc-storm.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.uk.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.uk.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.e-2dj6wnlywpczgaq.stats.esomniture.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.uk.at.atwola.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
tracking.dc-storm.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
ads2.welovewinning.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
www.finalteens.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.finalteens.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.finalteens.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.finalteens.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]
.finalteens.com [ C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\COOKIES.SQLITE ]

Adware.CouponBar
C:\WINDOWS\SYSTEM32\CPNPRT2.CID

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:41 AM

Posted 05 November 2011 - 11:08 AM

Please scan with ESET

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE

#7 mpartrid

mpartrid
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 05 November 2011 - 01:48 PM

Here is the EST log




ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1d4bbdab306f9f4fb2befb3c7b857951
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-11-05 06:02:16
# local_time=2011-11-05 06:02:16 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5891 16776533 42 87 4264 17381063 0 0
# compatibility_mode=6401 16777213 66 100 1239533 32387447 0 0
# compatibility_mode=8192 67108863 100 0 3771 3771 0 0
# scanned=83699
# found=1
# cleaned=1
# scan_time=5943
C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\95ed3kyt.default\prefs.js.BAK Win32/Agent.RQD.Gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:41 AM

Posted 05 November 2011 - 05:06 PM

Something hanging around in Firefox. Has the browsing improved?
Posted Image
m0le is a proud member of UNITE

#9 mpartrid

mpartrid
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 06 November 2011 - 04:00 AM

Hello

It was OK for about the first 10 minutes, then the same thing happened again, it took 25 seconds to open up these 2 links: -

http://www.ehow.com/how_5070683_play-files-windows-media-player.html

http://www.comfypillow.co.uk/index.php?route=product/product&path=38&product_id=52


Matt

#10 mpartrid

mpartrid
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 06 November 2011 - 12:47 PM

Much the same experience throughout the rest of the day as well, no clear pattern just goes slow after a while. A couple of times it has seemed to hang completely (page has not opened up after 60 seconds) but if I shut Firefox down and open a new window the same page opens up straight away.


Matt

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:41 AM

Posted 06 November 2011 - 12:51 PM

Let's take a closer look at the browser

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#12 mpartrid

mpartrid
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 06 November 2011 - 04:11 PM

Hello

Thanks for your help so far.

Here is the OTL.Txt

OTL logfile created on: 11/6/2011 20:48:56 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.61 Gb Available Physical Memory | 80.25% Memory free
5.09 Gb Paging File | 4.51 Gb Available in Paging File | 88.70% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 379.53 Gb Free Space | 81.49% Space Free | Partition Type: NTFS

Computer Name: MATTHEW-EWT1YM2 | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Matt\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Online Armor\oasrv.exe (Emsi Software GmbH)
PRC - C:\Program Files\Online Armor\oaui.exe (Emsi Software GmbH)
PRC - C:\Program Files\Online Armor\oahlp.exe (Emsi Software GmbH)
PRC - C:\Program Files\Online Armor\oacat.exe (Emsi Software GmbH)
PRC - C:\Program Files\Secunia\PSI\psi.exe (Secunia)
PRC - C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.)
PRC - C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.)
PRC - C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.)
PRC - C:\Program Files\ASRock Utility\IES\AsrIes.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
PRC - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
PRC - C:\Program Files\SpywareGuard\sgmain.exe ()
PRC - C:\Program Files\SpywareGuard\sgbhp.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Program Files\Secunia\PSI\psires.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\WINDOWS\system32\pdf995mon.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\ASRock Utility\IES\AsrIes.exe ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
MOD - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
MOD - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll ()
MOD - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll ()
MOD - C:\Program Files\SpywareGuard\sgmain.exe ()
MOD - C:\Program Files\SpywareGuard\sgbhp.exe ()
MOD - C:\Program Files\SpywareGuard\spywareguard.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (AviraUpgradeService) -- File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (SvcOnlineArmor) -- C:\Program Files\Online Armor\oasrv.exe (Emsi Software GmbH)
SRV - (OAcat) -- C:\Program Files\Online Armor\OAcat.exe (Emsi Software GmbH)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (IesDrv) -- File not found
DRV - (MpKsl9502d01f) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3329F468-3A07-4CDD-8832-3EB89062EAED}\MpKsl9502d01f.sys (Microsoft Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (oahlpXX) -- C:\WINDOWS\system32\drivers\oahlp32.sys ()
DRV - (OADevice) -- C:\WINDOWS\system32\drivers\OADriver.sys ()
DRV - (OAnet) -- C:\WINDOWS\system32\drivers\OAnet.sys (Emsisoft)
DRV - (OAmon) -- C:\WINDOWS\system32\drivers\OAmon.sys (Emsisoft)
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nvsmu) -- C:\WINDOWS\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Amazon.co.uk"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.3.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files\Downloader\npdd.dll (Metaboli)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/11 11:03:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/11/27 16:25:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2011/10/17 15:57:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/19 15:50:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/19 07:44:27 | 000,000,000 | ---D | M]

[2009/10/23 16:45:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matt\Application Data\Mozilla\Extensions
[2009/08/08 07:54:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matt\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/23 16:45:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matt\Application Data\Mozilla\Extensions\home2@tomtom.com
[2011/10/30 10:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\95ed3kyt.default\extensions
[2010/04/28 16:17:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\95ed3kyt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/11 09:17:09 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\95ed3kyt.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011/06/30 16:51:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/19 15:50:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/11 14:31:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/08/12 06:58:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/11/14 08:33:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/11/27 16:25:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/16 16:05:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/02/20 12:34:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/30 16:51:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MATT\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\95ED3KYT.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI
[2010/11/27 16:25:33 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/19 15:50:13 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/10 16:07:58 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2009/11/10 16:07:59 | 000,126,360 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2009/11/10 16:08:07 | 000,046,408 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\atmccli.dll
[2009/11/10 16:08:11 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2007/04/10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/11/10 16:07:57 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2008/06/18 05:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/07/16 20:15:58 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/06/07 11:35:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2011/10/19 15:50:08 | 000,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2011/03/09 07:20:20 | 000,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2011/10/19 15:50:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/03/09 07:20:21 | 000,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2011/10/19 15:50:08 | 000,001,131 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2011/10/19 15:50:08 | 000,002,364 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2011/10/19 15:50:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2011/10/19 15:50:08 | 000,001,096 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/09/21 16:23:07 | 000,623,403 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net #[server down?]
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net #[server down?]
O1 - Hosts: 127.0.0.1 ad.a8.net #[server down?]
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16450 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Online Armor\oaui.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Openwares LiveUpdate] C:\Program Files\LIVEUPDATE\LiveUpdate.exe (Openwares)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ASRock IES] C:\Program Files\ASRock Utility\IES\AsrIes.exe ()
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Samsung Auto Backup Guage.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe (Clarus, Inc.)
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Samsung Auto Backup Real-Time Daemon.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe (Clarus, Inc.)
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Samsung Auto Backup Scheduler.lnk = C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe (Clarus, Inc.)
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249674514057 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1249674819328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62138E2A-0C9F-466C-89A4-161A59E5624D}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) -C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) -C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") -C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - (%SystemRoot%\System32\dimsntfy.dll) - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Online Armor\oaevent.dll (Emsi Software GmbH)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) -C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) -C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) -C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) -C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) -C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) -C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) -C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/07 17:26:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/06 20:45:52 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
[2011/11/06 09:14:08 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2011/11/06 09:14:08 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2011/11/06 09:14:07 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2011/11/06 09:14:06 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2011/11/06 09:14:06 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2011/11/06 09:14:05 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2011/11/06 09:14:04 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2011/11/06 09:14:02 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2011/11/06 09:14:01 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2011/11/06 09:14:00 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2011/11/06 09:13:59 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2011/11/06 09:13:58 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2011/11/06 09:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\Essentials Codec Pack
[2011/11/06 09:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Start Menu\Programs\Essentials Codec Pack
[2011/11/06 09:10:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\Nullsoft
[2011/11/05 16:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/10/31 18:02:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/31 18:02:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/31 18:02:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/31 18:02:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/31 18:00:41 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/10/31 17:58:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/29 08:25:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Matt\Recent
[2011/10/28 17:42:22 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2011/10/28 17:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/10/20 20:36:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/10/20 20:36:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Start Menu\Programs\WinRAR
[2011/10/20 20:28:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Local Settings\Application Data\Nero_AG
[2011/10/20 18:23:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2011/10/20 18:22:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\Nero
[2011/10/20 18:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2011/10/20 18:00:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\LightScribe Direct Disc Labeling
[2011/10/20 18:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2011/10/20 18:00:22 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2011/10/20 18:00:21 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2011/10/20 18:00:20 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2011/10/20 18:00:19 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2011/10/20 18:00:17 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2011/10/20 17:59:49 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2011/10/20 17:59:34 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2011/10/17 15:57:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\RoboForm
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/06 20:58:52 | 000,000,346 | ---- | M] () -- C:\WINDOWS\tasks\Windows Codec Update Service.job
[2011/11/06 20:48:04 | 000,466,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/06 20:48:04 | 000,073,940 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/06 20:45:56 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
[2011/11/06 20:44:19 | 000,272,291 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/11/06 20:44:05 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/06 20:43:52 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/06 20:43:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/06 20:43:32 | 3488,796,672 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/06 18:41:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/06 12:50:20 | 000,062,204 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\cc_20111106_125009.reg
[2011/11/06 09:12:06 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\Media Player Classic.lnk
[2011/10/29 08:18:27 | 000,127,594 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\cc_20111029_091814.reg
[2011/10/29 08:17:05 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/28 20:08:45 | 000,000,016 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2011/10/28 17:40:29 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/10/20 20:36:34 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\WinRAR.lnk
[2011/10/20 18:01:42 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/20 18:00:57 | 000,001,774 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LightScribe.lnk
[2011/10/14 17:04:09 | 000,220,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/06 12:50:12 | 000,062,204 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\cc_20111106_125009.reg
[2011/11/06 09:12:32 | 000,000,346 | ---- | C] () -- C:\WINDOWS\tasks\Windows Codec Update Service.job
[2011/11/06 09:12:06 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\Media Player Classic.lnk
[2011/10/31 18:02:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/31 18:02:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/31 18:02:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/31 18:02:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/31 18:02:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/29 08:18:16 | 000,127,594 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\cc_20111029_091814.reg
[2011/10/28 17:40:29 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/10/28 17:40:03 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/10/20 18:00:57 | 000,001,774 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LightScribe.lnk
[2011/06/19 07:39:42 | 000,000,025 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2011/06/19 07:39:36 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2010/12/18 21:15:29 | 000,629,789 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1123561945-651377827-725345543-1003-0.dat
[2010/12/18 21:15:28 | 000,215,046 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/11/26 18:12:36 | 000,202,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\OADriver.sys
[2010/11/26 18:12:36 | 000,038,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\oahlp32.sys
[2010/07/03 09:27:53 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2010/07/03 09:27:53 | 000,002,395 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010/06/26 16:16:17 | 000,531,896 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/06 07:51:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/14 17:02:21 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2009/12/17 09:41:07 | 002,293,286 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/09/13 14:06:48 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/04 15:48:03 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/13 16:21:08 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2009/08/13 16:11:13 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT3.DAT
[2009/08/08 07:54:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/08/08 07:10:47 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/08/07 21:22:59 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/08/07 20:04:54 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/08/07 19:50:00 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/08/07 19:41:07 | 000,003,636 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/08/07 19:39:52 | 000,005,125 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/08/07 19:39:50 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/08/07 17:27:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/08/07 17:24:39 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/04/25 09:15:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/04/25 09:14:35 | 000,220,040 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/01/26 04:08:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/08/29 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/29 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 12:00:00 | 000,466,918 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 12:00:00 | 000,073,940 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/08/04 16:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2010/11/27 13:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/24 19:38:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/03/13 11:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Clarus
[2010/11/25 07:52:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/07/03 09:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2011/10/20 18:23:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/11/27 13:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/26 18:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2011/06/19 07:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/08/08 12:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/08/09 15:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2011/10/31 18:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/23 16:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2011/08/10 10:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2010/11/25 07:54:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\AVG10
[2009/08/16 13:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\GetRightToGo
[2011/11/05 09:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\GrabIt
[2009/08/10 08:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\ICAClient
[2010/06/01 16:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Leadertech
[2010/07/03 09:30:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\LG Electronics
[2009/12/11 10:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\MusicBrainz
[2011/11/06 09:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Nullsoft
[2010/11/26 18:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\OnlineArmor
[2011/10/29 08:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\SoftGrid Client
[2010/12/18 20:19:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Sports Interactive
[2011/10/18 17:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Spotify
[2009/12/17 09:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\SystemRequirementsLab
[2010/03/27 12:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\The Creative Assembly
[2009/10/23 16:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\TomTom
[2011/07/22 18:13:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\TP
[2010/04/02 08:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\Uniblue
[2010/11/22 18:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\uTorrent
[2009/11/10 16:08:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matt\Application Data\webex
[2011/11/06 20:58:52 | 000,000,346 | ---- | M] () -- C:\WINDOWS\Tasks\Windows Codec Update Service.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >





And here is Extras.Txt

OTL Extras logfile created on: 11/6/2011 20:48:56 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.61 Gb Available Physical Memory | 80.25% Memory free
5.09 Gb Paging File | 4.51 Gb Available in Paging File | 88.70% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 379.53 Gb Free Space | 81.49% Space Free | Partition Type: NTFS

Computer Name: MATTHEW-EWT1YM2 | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Steam\SteamApps\common\napoleon total war\Napoleon.exe" = C:\Program Files\Steam\SteamApps\common\napoleon total war\Napoleon.exe:*:Enabled:Napoleon: Total War -- (The Creative Assembly Ltd)
"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010 -- (Sports Interactive)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer
"C:\Program Files\Sports Interactive\Football Manager 2011\fm.exe" = C:\Program Files\Sports Interactive\Football Manager 2011\fm.exe:*:Enabled:Football Manager 2011 -- ()
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00428418-D4AE-4A2B-B866-825F0BF7EC67}" = LG PC Suite II
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22C29E59-2EF5-4B64-9B7F-9F7A69BC7D1A}" = FMRTE
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 26
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E4F8163-9889-4BAB-B2E7-DBAAE248C1EB}" = LG Android Driver
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5A8D3524-79DB-11D5-99D1-00010256D40E}" = SD Viewer for DSC
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E2AE8456-CCFE-46C0-8629-71CC507660FC}" = LG SP USB Driver
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F78E43E9-79D6-4E53-A06E-C0DEB417FF89}" = FMRTE
"{FBA0CA60-8BF2-4381-B819-74F020E165A9}" = LG USB WML Modem Driver
"7-Zip" = 7-Zip 9.20
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AI RoboForm" = RoboForm 7-5-7 (All Users)
"ASRock IES_is1" = ASRock IES
"ASRock InstantBoot_is1" = ASRock InstantBoot
"ASRock OC Tuner_is1" = ASRock OC Tuner
"Bejeweled 2 Deluxe 1.0" = Bejeweled 2 Deluxe 1.0
"CCleaner" = CCleaner
"Coupon Printer2.0" = Coupon Printer
"Downloader" = Downloader
"DVD Shrink" = DVD Shrink
"EPSON Printer and Utilities" = EPSON Printer Software
"ESET Online Scanner" = ESET Online Scanner v3
"FM Genie Scout 11_is1" = FM Genie Scout 11 version 1.00
"Football Manager 2010" = Football Manager 2010
"Football Manager 2011" = Football Manager 2011
"GOM Player" = GOM Player
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"ie8" = Windows Internet Explorer 8
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OnlineArmor_is1" = Online Armor 4.5
"Pdf995" = Pdf995
"Secunia PSI" = Secunia PSI
"Spotify" = Spotify
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SpywareGuard_is1" = SpywareGuard v2.2
"Steam App 34030" = Napoleon: Total War
"SystemRequirementsLab" = System Requirements Lab
"The Tetris Game_is1" = 1.0
"TomTom HOME" = TomTom HOME 2.7.6.2056
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 3.6 [32-Bit]
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/27/2011 13:21:33 | Computer Name = MATTHEW-EWT1YM2 | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{d0b86a11-b48d-11e0-a3c1-001966c2f8b0},0xc0000000,0x00000003,...).
hr = 0x80070005.

Error - 10/27/2011 13:39:50 | Computer Name = MATTHEW-EWT1YM2 | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{d0b86a11-b48d-11e0-a3c1-001966c2f8b0},0xc0000000,0x00000003,...).
hr = 0x80070005.

Error - 10/28/2011 13:40:14 | Computer Name = MATTHEW-EWT1YM2 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8402.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 10/28/2011 14:05:56 | Computer Name = MATTHEW-EWT1YM2 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8402.0, P4
0, P5 0, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 10/29/2011 12:15:13 | Computer Name = MATTHEW-EWT1YM2 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 7.0.1.4288, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/30/2011 06:30:33 | Computer Name = MATTHEW-EWT1YM2 | Source = Application Error | ID = 1000
Description = Faulting application neroexpress.exe, version 11.0.23.100, faulting
module bcgcbpro1100u100.dll, version 11.0.0.0, fault address 0x000ab550.

Error - 11/6/2011 08:35:49 | Computer Name = MATTHEW-EWT1YM2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/6/2011 08:36:21 | Computer Name = MATTHEW-EWT1YM2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/6/2011 08:36:40 | Computer Name = MATTHEW-EWT1YM2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/6/2011 08:36:40 | Computer Name = MATTHEW-EWT1YM2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 11/5/2011 05:35:32 | Computer Name = MATTHEW-EWT1YM2 | Source = Service Control Manager | ID = 7000
Description = The Avira Upgrade Service service failed to start due to the following
error: %%3

Error - 11/5/2011 08:15:13 | Computer Name = MATTHEW-EWT1YM2 | Source = Service Control Manager | ID = 7000
Description = The Avira Upgrade Service service failed to start due to the following
error: %%3

Error - 11/5/2011 10:44:18 | Computer Name = MATTHEW-EWT1YM2 | Source = Service Control Manager | ID = 7000
Description = The Avira Upgrade Service service failed to start due to the following
error: %%3

Error - 11/5/2011 10:45:00 | Computer Name = MATTHEW-EWT1YM2 | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 11/5/2011 12:12:28 | Computer Name = MATTHEW-EWT1YM2 | Source = Service Control Manager | ID = 7000
Description = The Avira Upgrade Service service failed to start due to the following
error: %%3

Error - 11/6/2011 04:31:58 | Computer Name = MATTHEW-EWT1YM2 | Source = Service Control Manager | ID = 7000
Description = The Avira Upgrade Service service failed to start due to the following
error: %%3

Error - 11/6/2011 07:17:00 | Computer Name = MATTHEW-EWT1YM2 | Source = Service Control Manager | ID = 7000
Description = The Avira Upgrade Service service failed to start due to the following
error: %%3

Error - 11/6/2011 11:29:38 | Computer Name = MATTHEW-EWT1YM2 | Source = Service Control Manager | ID = 7000
Description = The Avira Upgrade Service service failed to start due to the following
error: %%3

Error - 11/6/2011 13:43:53 | Computer Name = MATTHEW-EWT1YM2 | Source = Service Control Manager | ID = 7000
Description = The Avira Upgrade Service service failed to start due to the following
error: %%3

Error - 11/6/2011 16:44:02 | Computer Name = MATTHEW-EWT1YM2 | Source = Service Control Manager | ID = 7000
Description = The Avira Upgrade Service service failed to start due to the following
error: %%3


< End of report >

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:41 AM

Posted 06 November 2011 - 07:44 PM

Let's try something else. OTL isn't finding anything suspicious.

Go from Start to All Programs to Mozilla Firefox to Mozilla Firefox (Safe Mode) and select this mode.

Now please check your browsing speed. This will check to see if an add-on is causing an issue.
Posted Image
m0le is a proud member of UNITE

#14 mpartrid

mpartrid
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 07 November 2011 - 01:17 PM

OK, I have tried that and it seems to be an improvement (general surfing is a fraction slower without the fasterfox add on), but after 30 minutes of surfing I haven't had any hanging. I will carry on testing over the next couple of days and get back to you.


Thanks

Matt

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:09:41 AM

Posted 07 November 2011 - 06:49 PM

Okay, it might well be an add-on. Test it by eliminating good add-ons and then remove the problem one and see how it goes. :)
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users