browser issues?

View previous topic View next topic Go down

browser issues?

Post by chubasco on Fri 08 Oct 2010, 2:38 pm

scans show nothing, but firefox is at times sluggish, momentarily freezes quote often and i get minimal history
explorer.exe at times hasvery high cpu usage
old timer didn't produce 2 files, the open one was an exact match of the one saved to the desktop

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:11:21, on 08/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\HDD Thermometer\HDD Thermometer.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Documents and Settings\1\Desktop\HotSwap!.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [RSD_HDDThermo] C:\Program Files\HDD Thermometer\HDD Thermometer.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - [You must be registered and logged in to see this link.]
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 5105 bytes



chubasco

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2010-03-01
Operating System : Windows XP Pro

View user profile

Back to top Go down

Re: browser issues?

Post by chubasco on Fri 08 Oct 2010, 2:39 pm

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4770

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07/10/2010 18:31:06
mbam-log-2010-10-07 (18-31-06).txt

Scan type: Quick scan
Objects scanned: 140528
Time elapsed: 8 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

chubasco

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2010-03-01
Operating System : Windows XP Pro

View user profile

Back to top Go down

Re: browser issues?

Post by chubasco on Fri 08 Oct 2010, 2:39 pm

OTL logfile created on: 08/10/2010 05:04:57 - Run 4
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\1\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 103.09 Gb Free Space | 44.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 698.64 Gb Total Space | 90.51 Gb Free Space | 12.96% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 3.92 Gb Total Space | 2.61 Gb Free Space | 66.51% Space Free | Partition Type: FAT32
Drive P: | 1397.26 Gb Total Space | 68.96 Gb Free Space | 4.94% Space Free | Partition Type: NTFS

Computer Name: A
Current User Name: 1
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/07 17:59:38 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\1\Desktop\OTL.exe
PRC - [2009/12/05 08:53:40 | 003,042,504 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oahlp.exe
PRC - [2009/12/05 08:53:38 | 006,622,920 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oaui.exe
PRC - [2009/12/05 08:53:38 | 003,291,336 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe
PRC - [2009/12/05 08:53:38 | 001,282,248 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oacat.exe
PRC - [2009/11/10 20:01:24 | 000,107,520 | ---- | M] (Kazuyuki Nakayama) -- C:\Documents and Settings\1\Desktop\HotSwap!.EXE
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/06/10 01:21:04 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe
PRC - [2008/05/02 05:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/04/01 18:02:34 | 000,215,040 | ---- | M] () -- C:\Program Files\HDD Thermometer\HDD Thermometer.exe


========== Modules (SafeList) ==========

MOD - [2010/10/07 17:59:38 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\1\Desktop\OTL.exe
MOD - [2009/12/05 08:53:38 | 000,941,256 | ---- | M] (Tall Emu) -- C:\Program Files\Tall Emu\Online Armor\oawatch.dll
MOD - [2008/05/02 05:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2008/04/14 01:12:10 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/14 01:12:10 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll
MOD - [2008/04/14 01:12:09 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/05/03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/12/05 08:53:38 | 003,291,336 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe -- (SvcOnlineArmor)
SRV - [2009/12/05 08:53:38 | 001,282,248 | ---- | M] (Tall Emu) [Auto | Running] -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe -- (OAcat)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2006/12/19 16:53:46 | 000,024,072 | ---- | M] (TuneUp Software GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Combo-Fix\catchme.sys -- (catchme)
DRV - [2010/05/20 03:05:16 | 000,051,280 | ---- | M] (Dritek System Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HMuKstOO.sys -- (HMuKstOO)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/19 20:32:33 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/12/05 08:28:06 | 000,024,656 | ---- | M] (Tall Emu) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAmon.sys -- (OAmon)
DRV - [2009/12/05 08:27:56 | 000,029,776 | ---- | M] (Tall Emu Pty Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OAnet.sys -- (OAnet)
DRV - [2009/12/05 08:27:52 | 000,223,312 | ---- | M] (Tall Emu) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\OADriver.sys -- (OADevice)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/06 05:39:20 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/03/25 06:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/01/17 02:42:18 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008/04/13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/09/29 03:06:00 | 002,456,064 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/05/04 19:50:20 | 000,114,616 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e4usbaw.sys -- (e4usbaw)
DRV - [2006/03/02 20:25:04 | 000,063,555 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\e4ldr.sys -- (IKANLOADER2) General Purpose USB Driver (e4ldr.sys)
DRV - [2005/08/30 02:49:38 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2005/08/30 02:49:34 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2005/08/30 02:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/02/26 03:27:30 | 000,026,730 | R--- | M] (TwinHan Provide) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DtvVideo.sys -- (DtvVideo)
DRV - [2004/02/26 02:42:52 | 000,010,330 | R--- | M] (TwinHan Provide) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DtvAudio.sys -- (DtvAudio)
DRV - [2001/08/17 13:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 13:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 13:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 13:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "file:///M:/mainstream%20switchboard.htm"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.8.4
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {7102aba3-045c-4ec2-b921-46d87636d84b}:1.35
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2.1
FF - prefs.js..extensions.enabledItems: {C90B0826-5A17-4970-A5BF-A43D22452E21}:1.5.20080618
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:0.0.5
FF - prefs.js..extensions.enabledItems: {29852C08-1E91-4889-A6BF-C77F91D6A8F3}:1.8.65.2
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?ei=utf-8&fr=megaup&p="

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/02/23 13:22:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/29 00:15:37 | 000,000,000 | ---D | M]

[2008/06/19 12:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Mozilla\Extensions
[2010/10/07 17:48:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions
[2009/12/10 09:28:08 | 000,000,000 | ---D | M] (URL Link) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{139a120b-c2ea-41d2-bf70-542d9f063dfd}
[2010/10/06 18:13:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}
[2009/12/10 09:28:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2010/04/21 23:44:33 | 000,000,000 | ---D | M] (Linkification) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2010/10/07 17:48:10 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/04/21 23:44:30 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2009/10/08 12:11:01 | 000,000,000 | ---D | M] (History Submenus) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b}
[2010/10/06 18:13:03 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/04/21 23:44:24 | 000,000,000 | ---D | M] (CopyAllUrls) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{960BE052-4847-422b-9AD6-8631D3D0A607}
[2008/06/19 12:15:14 | 000,000,000 | ---D | M] (Direct Link) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{a4ffd900-48b6-11db-b0de-0800200c9a66}
[2010/10/06 18:13:03 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010/03/08 13:15:52 | 000,000,000 | ---D | M] (Interclue) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}
[2008/06/27 15:10:50 | 000,000,000 | ---D | M] (Plain Text to Link) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{C90B0826-5A17-4970-A5BF-A43D22452E21}
[2009/04/16 22:27:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/21 23:44:24 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2010/06/02 01:46:16 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2008/06/19 12:15:14 | 000,000,000 | ---D | M] (ShrinkThisLink.com Link Shrinker) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{e268df5c-a28d-487a-8fdb-dac40e667ed9}
[2010/04/21 23:44:33 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2008/06/01 23:17:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\{FFBC0836-1BCF-4FE5-9B2B-E2E6F53CBDE7}
[2010/09/27 16:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\anticontainer@downthemall.net
[2010/10/06 18:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\artur.dubovoy@gmail.com
[2008/08/28 01:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\dlembed@aeruder.net
[2010/10/06 18:12:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\flashcatch-amo@flashcatch.com
[2010/04/21 23:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\linky@gemal.dk
[2008/09/13 00:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\rsfind@example.com
[2008/09/26 12:17:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\snaplinks@snaplinks.net
[2009/10/30 12:33:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\stealer@physacco.com
[2009/10/26 17:43:27 | 000,002,120 | ---- | M] () -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\searchplugins\bmrk-file-host-search.xml
[2010/10/08 04:25:27 | 000,001,100 | ---- | M] () -- C:\Documents and Settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\searchplugins\torrent-finder.xml
[2009/02/23 13:22:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/29 00:14:15 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2008/01/04 16:36:50 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2008/01/04 16:36:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2008/09/22 20:14:04 | 000,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2008/01/04 16:36:50 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/10/06 16:56:04 | 000,420,908 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 14543 more lines...
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll ([You must be registered and logged in to see this link.]
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll ([You must be registered and logged in to see this link.]
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKCU..\Run: [RSD_HDDThermo] C:\Program Files\HDD Thermometer\HDD Thermometer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} [You must be registered and logged in to see this link.] (WMVHDRatingCtrl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/01 17:50:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


SafeBootMin: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: hitmanpro35 - Reg Error: Value error.
SafeBootNet: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: aux - C:\WINDOWS\System32\ctwdm32.dll (Creative Technology Ltd.)
Drivers32: aux1 - C:\WINDOWS\System32\ctwdm32.dll (Creative Technology Ltd.)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS [You must be registered and logged in to see this link.]
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mp42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\xvidvfw.dll ()
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2010/10/08 04:22:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\1\Recent
[2010/10/08 04:20:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Desktop\New Folder
[2010/10/07 17:59:17 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\1\Desktop\OTL.exe
[2010/10/04 05:22:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Desktop\Guides
[2010/10/04 01:24:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Desktop\errors
[2010/09/29 22:44:30 | 000,000,000 | ---D | C] -- C:\Program Files\FileZillaPortable
[2010/09/29 22:35:09 | 000,000,000 | ---D | C] -- C:\Program Files\FlashGet
[2010/09/14 04:47:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\1\Desktop\AMPS - Nashorn_files
[2008/09/03 18:41:46 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\1\Application Data\pcouffin.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/07 21:26:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/07 21:25:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/07 21:24:28 | 018,350,080 | ---- | M] () -- C:\Documents and Settings\1\ntuser.dat
[2010/10/07 21:24:28 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\1\ntuser.ini
[2010/10/07 19:25:28 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/07 17:59:38 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\1\Desktop\OTL.exe
[2010/10/07 16:27:05 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/07 08:55:29 | 000,228,864 | ---- | M] () -- C:\Documents and Settings\1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/06 16:56:32 | 000,115,484 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.idx
[2010/10/06 16:56:04 | 000,420,908 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/02 14:39:04 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/10/01 18:58:34 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010/09/29 22:45:41 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\1\Desktop\FileZillaPortable.exe.lnk
[2010/09/29 20:58:41 | 000,419,874 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101006-165603.backup
[2010/09/14 22:13:40 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/09/14 04:47:40 | 000,129,905 | ---- | M] () -- C:\Documents and Settings\1\Desktop\AMPS - Nashorn.htm
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/05 02:44:49 | 000,115,488 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/29 22:45:41 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\1\Desktop\FileZillaPortable.exe.lnk
[2010/09/14 04:47:28 | 000,129,905 | ---- | C] () -- C:\Documents and Settings\1\Desktop\AMPS - Nashorn.htm
[2010/08/29 00:18:15 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/02/23 07:19:50 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\1\Local Settings\Application Data\housecall.guid.cache
[2010/02/07 10:51:21 | 000,013,294 | -HS- | C] () -- C:\Documents and Settings\1\Local Settings\Application Data\bU5Sv
[2009/05/24 17:48:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2009/05/12 17:55:37 | 015,000,000 | ---- | C] () -- C:\Documents and Settings\1\Application Data\WSS.exe
[2009/03/12 04:11:26 | 000,000,168 | ---- | C] () -- C:\WINDOWS\adidsl.ini
[2009/03/12 04:11:26 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini
[2009/03/12 04:11:16 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
[2009/03/12 04:11:15 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\ADADIX16.DLL
[2009/03/03 12:18:04 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009/01/23 14:43:42 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Multimedia manager.INI
[2009/01/17 02:32:46 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2008/11/29 07:22:32 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/27 22:58:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\dsltest.INI
[2008/09/10 09:29:50 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2008/09/03 18:41:49 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\1\Application Data\pcouffin.log
[2008/09/03 18:41:46 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\1\Application Data\pcouffin.cat
[2008/09/03 18:41:46 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\1\Application Data\pcouffin.inf
[2008/08/25 17:21:59 | 000,000,545 | ---- | C] () -- C:\Documents and Settings\1\Application Data\AutoGK.ini
[2008/07/12 09:45:26 | 000,000,067 | ---- | C] () -- C:\WINDOWS\#1 DVD Ripper.INI
[2008/06/22 17:28:50 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2008/06/22 17:25:57 | 000,000,120 | ---- | C] () -- C:\WINDOWS\ngmap.ini
[2008/06/05 00:27:42 | 000,002,047 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/06/04 02:30:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/04 02:09:18 | 000,000,680 | ---- | C] () -- C:\Documents and Settings\1\Application Data\coreavc.ini
[2008/06/02 05:44:40 | 000,228,864 | ---- | C] () -- C:\Documents and Settings\1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/06/01 18:03:29 | 000,063,730 | ---- | C] () -- C:\Program Files\viewsonicinstruct_xp.pdf
[2008/06/01 18:02:55 | 000,000,101 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2007/12/29 06:13:22 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/12/29 06:13:22 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/11/29 16:30:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/07/25 14:24:28 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/03/10 12:51:48 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005/04/21 19:51:26 | 000,000,020 | ---- | C] () -- C:\WINDOWS\GraphEdit.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/15 05:58:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\v2k2_dec.dll

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[13 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[13 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/03/12 11:43:42 | 003,407,872 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/03/12 11:24:31 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2009/03/12 11:43:42 | 026,214,400 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/03/12 11:43:42 | 005,505,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 13:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/04 13:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/04 13:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/04 13:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 13:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/04 13:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/04 13:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/04 13:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/04 13:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/04 13:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 13:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 13:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 13:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 13:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 13:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 19:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/06/23 14:44:04 | 001,851,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[13 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/14 01:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/14 01:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/14 01:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/14 01:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/14 01:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/14 01:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/14 01:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2007/09/29 02:19:32 | 000,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2erec.dll
[2008/04/14 01:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/14 01:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/14 01:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/14 01:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/14 01:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/14 01:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/14 01:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/14 01:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2008/06/01 17:50:28 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/03/12 12:07:16 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/03/16 02:31:00 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2009/01/24 05:56:14 | 000,000,074 | ---- | M] () -- C:\CMLoader.log
[2010/03/16 02:50:27 | 000,011,357 | ---- | M] () -- C:\ComboFix.txt
[2008/06/01 17:50:28 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/03/13 14:36:10 | 000,000,238 | ---- | M] () -- C:\INSTALL.LOG
[2008/06/01 17:50:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/05 05:39:03 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2008/06/01 17:50:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/06/05 01:02:30 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/07 21:25:39 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2009/03/12 04:11:26 | 000,000,184 | ---- | M] () -- C:\setuplog.exe

< %PROGRAMFILES%\*. >
[2008/07/25 22:16:04 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
[2008/06/01 18:04:42 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/07/25 12:25:09 | 000,000,000 | ---D | M] -- C:\Program Files\Alchemy Mindworks
[2010/09/14 11:52:45 | 000,000,000 | ---D | M] -- C:\Program Files\AnyReader
[2008/09/01 18:51:16 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2009/01/21 11:53:27 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2009/02/23 13:06:22 | 000,000,000 | ---D | M] -- C:\Program Files\AutoGK
[2008/06/01 19:27:43 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2008/11/26 04:12:23 | 000,000,000 | ---D | M] -- C:\Program Files\AVI2Clipboard
[2010/03/19 20:12:11 | 000,000,000 | ---D | M] -- C:\Program Files\Avira
[2010/09/18 00:21:02 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2008/11/06 12:31:34 | 000,000,000 | ---D | M] -- C:\Program Files\Bluk Rename Utility
[2010/03/20 01:55:50 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2008/06/28 23:42:38 | 000,000,000 | ---D | M] -- C:\Program Files\Combined Community Codec Pack
[2010/03/16 02:37:29 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/06/01 17:47:23 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2009/06/11 23:11:29 | 000,000,000 | ---D | M] -- C:\Program Files\Duplicate Cleaner
[2008/07/05 09:42:35 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Decrypter
[2010/06/21 04:18:30 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
[2010/09/30 07:24:02 | 000,000,000 | ---D | M] -- C:\Program Files\FairUse Wizard 2
[2010/09/29 22:44:33 | 000,000,000 | ---D | M] -- C:\Program Files\FileZillaPortable
[2009/02/23 13:06:22 | 000,000,000 | ---D | M] -- C:\Program Files\Final Codecs
[2010/10/05 21:55:43 | 000,000,000 | ---D | M] -- C:\Program Files\FlashGet
[2010/08/29 00:15:07 | 000,000,000 | ---D | M] -- C:\Program Files\Foxit Software
[2008/08/25 17:05:27 | 000,000,000 | ---D | M] -- C:\Program Files\Gabest
[2008/07/23 10:11:37 | 000,000,000 | ---D | M] -- C:\Program Files\GRETECH
[2009/04/21 22:59:55 | 000,000,000 | ---D | M] -- C:\Program Files\HDCleaner
[2009/04/21 22:58:56 | 000,000,000 | ---D | M] -- C:\Program Files\HDD Thermometer
[2009/03/10 20:08:14 | 000,000,000 | ---D | M] -- C:\Program Files\hkSFV
[2008/06/21 21:00:27 | 000,000,000 | ---D | M] -- C:\Program Files\ImgBurn
[2009/03/12 04:11:11 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010/08/25 10:47:22 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2008/09/05 00:20:59 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/10/07 21:02:57 | 000,000,000 | ---D | M] -- C:\Program Files\jdbeta0272
[2010/06/27 19:26:38 | 000,000,000 | ---D | M] -- C:\Program Files\JockerSoft
[2010/05/05 05:39:00 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/06/28 23:40:14 | 000,000,000 | ---D | M] -- C:\Program Files\MatroskaProp
[2010/08/30 22:26:34 | 000,000,000 | ---D | M] -- C:\Program Files\MediaInfo
[2009/04/22 00:25:06 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/08/27 19:46:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2008/06/04 02:29:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2008/06/01 17:50:36 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/06/04 02:29:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/07/14 09:32:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/01/25 07:43:27 | 000,000,000 | ---D | M] -- C:\Program Files\MKVtoolnix
[2010/08/25 10:42:18 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/10/08 04:15:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/04/22 00:43:01 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/06/01 17:45:59 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/06/01 17:46:45 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2009/04/22 0a0:25:51 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008/11/25 00:53:12 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2009/04/21 23:15:20 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/05/13 09:44:24 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeter
[2008/06/01 17:46:55 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/06/06 02:57:03 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2008/10/05 19:32:03 | 000,000,000 | ---D | M] -- C:\Program Files\PC-TV
[2009/03/20 03:51:02 | 000,000,000 | ---D | M] -- C:\Program Files\PeerGuardian2
[2009/04/06 05:45:08 | 000,000,000 | ---D | M] -- C:\Program Files\Pegasys Inc
[2008/11/10 16:22:04 | 000,000,000 | ---D | M] -- C:\Program Files\QO Developments
[2008/06/22 17:28:50 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2009/04/22 00:42:54 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/08/30 22:18:32 | 000,000,000 | ---D | M] -- C:\Program Files\RegTweaker
[2009/03/12 04:11:04 | 000,000,000 | ---D | M] -- C:\Program Files\SAGEM
[2009/01/17 02:31:34 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung
[2010/01/30 06:00:58 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2010/06/27 19:44:44 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2010/06/28 00:23:45 | 000,000,000 | ---D | M] -- C:\Program Files\SpywareGuard
[2010/10/07 18:33:56 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2010/03/20 02:02:21 | 000,000,000 | ---D | M] -- C:\Program Files\Tall Emu
[2008/09/04 23:47:38 | 000,000,000 | ---D | M] -- C:\Program Files\Three Rings Design
[2008/06/01 18:19:17 | 000,000,000 | ---D | M] -- C:\Program Files\Tiscali Broadband
[2008/09/10 23:48:24 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2008/07/05 09:47:45 | 000,000,000 | ---D | M] -- C:\Program Files\TuneUp Utilities 2007
[2008/06/01 17:55:18 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/03/18 12:38:31 | 000,000,000 | ---D | M] -- C:\Program Files\Unlocker
[2008/06/02 02:45:03 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2008/06/01 18:05:13 | 000,000,000 | ---D | M] -- C:\Program Files\viewsonic
[2010/06/27 19:23:33 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2008/09/03 18:41:45 | 000,000,000 | ---D | M] -- C:\Program Files\vso
[2008/06/15 02:05:27 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2010/07/20 16:44:58 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2008/06/05 01:20:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2009/04/22 00:05:27 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/04/21 23:15:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/06/01 17:49:23 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/06/01 21:45:26 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/04/25 07:25:05 | 000,000,000 | ---D | M] -- C:\Program Files\Wiperaser Ultra
[2008/11/10 16:20:16 | 000,000,000 | ---D | M] -- C:\Program Files\Witcobber
[2008/06/01 17:50:36 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2010/08/25 18:40:54 | 000,000,545 | ---- | M] () -- C:\Documents and Settings\1\Application Data\AutoGK.ini
[2008/06/04 02:09:18 | 000,000,680 | ---- | M] () -- C:\Documents and Settings\1\Application Data\coreavc.ini
[2008/06/01 18:37:24 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\1\Application Data\desktop.ini
[2009/09/01 22:25:13 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\1\Application Data\pcouffin.cat
[2009/09/01 22:25:13 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\1\Application Data\pcouffin.inf
[2009/09/01 22:25:13 | 000,000,033 | ---- | M] () -- C:\Documents and Settings\1\Application Data\pcouffin.log
[2009/09/01 22:25:13 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\1\Application Data\pcouffin.sys
[2009/05/12 17:55:40 | 015,000,000 | ---- | M] () -- C:\Documents and Settings\1\Application Data\WSS.exe


< MD5 for: AGP440.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/04/21 23:09:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/04/21 23:09:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: AHCIX86.SYS >
[2008/03/08 02:24:52 | 000,176,136 | ---- | M] (AMD Technologies Inc.) MD5=B6E729A575F84938A08D367E8352EB86 -- C:\ATI\SUPPORT\8-5_xp32_dd_ccc_wdm_enu_63030\SBDrv\RAID7xx\x86\ahcix86.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/04/21 23:09:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/04/21 23:09:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2009/04/21 23:09:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2009/04/21 23:09:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 13:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 19:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 13:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2009/04/21 23:09:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2009/04/21 23:09:06 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/08/04 13:00:00 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\$NtServicePackUninstall$\usbstor.sys
[2008/04/13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/13 19:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-02-24 03:06:29

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

chubasco

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2010-03-01
Operating System : Windows XP Pro

View user profile

Back to top Go down

Re: browser issues?

Post by Belahzur on Sat 09 Oct 2010, 7:44 am

Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: browser issues?

Post by chubasco on Sat 09 Oct 2010, 9:55 am

ComboFix 10-10-07.02 - 1 08/10/2010 23:33:40.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.2359 [GMT 1:00]
Running from: c:\documents and settings\1\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *enabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\1\Application Data\WSS.exe
c:\program files\Internet Explorer\SET7D8F.tmp
c:\program files\Internet Explorer\SET7D90.tmp

.
((((((((((((((((((((((((( Files Created from 2010-09-08 to 2010-10-08 )))))))))))))))))))))))))))))))
.

2010-10-08 07:46 . 2010-10-08 07:47 -------- d-----w- C:\getservice
2010-10-06 17:12 . 2010-08-15 17:05 1912832 ----a-w- c:\documents and settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\flashcatch-amo@flashcatch.com\components\FlashCatch192.dll
2010-10-06 17:12 . 2010-08-15 17:05 1912832 ----a-w- c:\documents and settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\flashcatch-amo@flashcatch.com\components\FlashCatch191.dll
2010-10-06 17:12 . 2010-08-15 17:05 1912832 ----a-w- c:\documents and settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\extensions\flashcatch-amo@flashcatch.com\components\FlashCatch.dll
2010-10-05 01:44 . 2010-10-05 01:44 115488 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-29 21:44 . 2010-09-29 21:44 -------- d-----w- c:\program files\FileZillaPortable
2010-09-29 21:35 . 2010-10-08 21:15 -------- d-----w- c:\program files\FlashGet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 20:27 . 2009-04-21 22:12 -------- d-----w- c:\documents and settings\All Users\Application Data\HDD Thermometer
2010-10-07 20:02 . 2008-09-04 22:50 -------- d-----w- c:\program files\jdbeta0272
2010-10-07 19:49 . 2009-01-12 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-07 17:36 . 2010-07-22 05:30 63488 ----a-w- c:\documents and settings\1\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-10-07 17:36 . 2010-07-22 05:30 117760 ----a-w- c:\documents and settings\1\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-10-07 17:33 . 2010-07-22 05:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-10-07 15:27 . 2008-06-04 23:36 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-30 06:24 . 2008-07-30 20:56 -------- d-----w- c:\program files\FairUse Wizard 2
2010-09-17 23:21 . 2008-06-08 11:52 -------- d-----w- c:\program files\AVS4YOU
2010-09-17 23:20 . 2008-06-08 11:52 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-09-17 02:19 . 2008-06-20 05:05 -------- d-----w- c:\documents and settings\1\Application Data\dvdcss
2010-09-14 21:13 . 2010-08-28 23:18 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-09-14 10:52 . 2008-08-24 22:56 -------- d-----w- c:\program files\AnyReader
2010-08-30 23:14 . 2010-08-28 23:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-08-30 21:26 . 2010-08-30 21:26 -------- d-----w- c:\program files\MediaInfo
2010-08-30 21:18 . 2010-08-28 23:26 -------- d-----w- c:\program files\RegTweaker
2010-08-29 04:40 . 2010-08-29 04:40 -------- d-----w- c:\documents and settings\1\Application Data\Foxit Software
2010-08-28 23:15 . 2010-08-28 23:15 -------- d-----w- c:\program files\Foxit Software
2010-08-27 18:46 . 2010-08-26 13:55 -------- d-----w- c:\program files\Microsoft
2010-08-25 12:10 . 2010-08-25 12:10 -------- d-----w- c:\documents and settings\1\Application Data\Basyur
2010-08-25 11:39 . 2010-08-25 11:39 -------- d-----w- c:\documents and settings\1\Application Data\Ovpu
2010-08-17 13:17 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49 . 2004-08-04 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-21 23:01 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-22 05:30 . 2010-07-22 05:30 52224 ----a-w- c:\documents and settings\1\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2002-09-11 14:26 . 2008-06-01 17:03 63730 ----a-w- c:\program files\viewsonicinstruct_xp.pdf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RSD_HDDThermo"="c:\program files\HDD Thermometer\HDD Thermometer.exe" [2005-04-01 215040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-12-05 6622920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-05 923336]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"p:\\RUM.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57764:TCP"= 57764:TCP:Pando P2P TCP Listening Port
"57764:UDP"= 57764:UDP:Pando P2P UDP Listening Port
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [20/03/2010 02:02 223312]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [20/03/2010 02:02 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [20/03/2010 02:02 29776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [19/03/2010 20:12 108289]
R2 HMuKstOO;Kensington TrackballWorks Orbit Optical USB HID Device Filter Driver;c:\windows\system32\drivers\HMuKstOO.sys [20/05/2010 03:05 51280]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [20/03/2010 02:02 1282248]
R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [20/03/2010 02:02 3291336]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [12/03/2009 04:11 63555]
S3 DtvAudio;DtvAudio;c:\windows\system32\drivers\DtvAudio.sys [05/10/2008 19:11 10330]
S3 DtvVideo;DtvVideo;c:\windows\system32\drivers\DtvVideo.sys [05/10/2008 19:11 26730]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [12/03/2009 04:11 114616]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PROCEXP141
*Deregistered* - PROCEXP141
.
Contents of the 'Scheduled Tasks' folder

2010-10-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 15:53]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Final Codecs\MozillaPlugins\nppl3260.dll
FF - plugin: c:\program files\Final Codecs\MozillaPlugins\nprjplug.dll
FF - plugin: c:\program files\Final Codecs\MozillaPlugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(512)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-10-08 23:48:14
ComboFix-quarantined-files.txt 2010-10-08 22:48
ComboFix2.txt 2010-03-16 01:50

Pre-Run: 110,500,642,816 bytes free
Post-Run: 110,459,875,328 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 622DDE808AC930AE5573CF5428F70D6A

chubasco

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2010-03-01
Operating System : Windows XP Pro

View user profile

Back to top Go down

Re: browser issues?

Post by Belahzur on Sun 10 Oct 2010, 10:52 am

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: browser issues?

Post by chubasco on Mon 11 Oct 2010, 6:35 am

I reran (accidentally) the scan ComboFix scan
there was so much trouble running the scan with online armor's program control that i'm posting the rerun in case something was hidden amongst all the alerts... i dealt with

again only one log saved and one open - both are character identical

ran ESET - nothing there

below are the report of the rerun combofix followed then by the eset
-----------------------------------
combo:

ComboFix 10-10-09.06 - 1 10/10/2010 19:51:05.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2814.2332 [GMT 1]
Running from: c:\documents and settings\1\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-09-10 to 2010-10-10 )))))))))))))))))))))))))))))))
.

2010-10-08 07:46 . 2010-10-08 07:47 -------- d-----w- C:\getservice
2010-09-29 21:44 . 2010-09-29 21:44 -------- d-----w- c:\program files\FileZillaPortable
2010-09-29 21:35 . 2010-10-09 08:04 -------- d-----w- c:\program files\FlashGet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RSD_HDDThermo"="c:\program files\HDD Thermometer\HDD Thermometer.exe" [2005-04-01 215040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-12-05 6622920]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2009-12-05 923336]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"p:\\RUM.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57764:TCP"= 57764:TCP:Pando P2P TCP Listening Port
"57764:UDP"= 57764:UDP:Pando P2P UDP Listening Port
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [20/03/2010 02:02 223312]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [20/03/2010 02:02 24656]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [20/03/2010 02:02 29776]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [19/03/2010 20:12 108289]
R2 HMuKstOO;Kensington TrackballWorks Orbit Optical USB HID Device Filter Driver;c:\windows\system32\drivers\HMuKstOO.sys [20/05/2010 03:05 51280]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [20/03/2010 02:02 1282248]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [12/03/2009 04:11 63555]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [20/03/2010 02:02 3291336]
S3 DtvAudio;DtvAudio;c:\windows\system32\drivers\DtvAudio.sys [05/10/2008 19:11 10330]
S3 DtvVideo;DtvVideo;c:\windows\system32\drivers\DtvVideo.sys [05/10/2008 19:11 26730]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [12/03/2009 04:11 114616]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
Contents of the 'Scheduled Tasks' folder

2010-10-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 15:53]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\1\Application Data\Mozilla\Firefox\Profiles\h4edt71u.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Final Codecs\MozillaPlugins\nppl3260.dll
FF - plugin: c:\program files\Final Codecs\MozillaPlugins\nprjplug.dll
FF - plugin: c:\program files\Final Codecs\MozillaPlugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(512)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3684)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-10-10 19:55:36
ComboFix-quarantined-files.txt 2010-10-10 18:55
ComboFix2.txt 2010-10-08 22:48
ComboFix3.txt 2010-03-16 01:50

Pre-Run: 110,423,003,136 bytes free
Post-Run: 110,405,926,912 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 79ECA074C6EB5F160656D01A2D26FECD

------------------------------------

ESET:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=11da136b65241b40a1afe7cc87d56411
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-21 09:10:25
# local_time=2010-06-21 10:10:25 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 56014445 56014445 0 0
# compatibility_mode=1797 16775125 100 94 1381106 49755864 45007 0
# compatibility_mode=6401 16777213 66 100 4451277 17105331 0 0
# compatibility_mode=8192 67108863 100 0 11039 11039 0 0
# scanned=150574
# found=0
# cleaned=0
# scan_time=10079
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=11da136b65241b40a1afe7cc87d56411
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-10 07:24:59
# local_time=2010-10-10 08:24:59 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 65650678 65650678 0 0
# compatibility_mode=1026 16777214 0 2 17715595 17715595 0 0
# compatibility_mode=1797 16775125 100 94 754416 59392097 5173 0
# compatibility_mode=6401 16777213 66 100 2238809 26741564 0 0
# compatibility_mode=8192 67108863 100 0 9647272 9647272 0 0
# scanned=46054
# found=0
# cleaned=0
# scan_time=1119



chubasco

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2010-03-01
Operating System : Windows XP Pro

View user profile

Back to top Go down

Re: browser issues?

Post by Belahzur on Mon 11 Oct 2010, 8:22 am

How is the machine running now?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: browser issues?

Post by chubasco on Mon 11 Oct 2010, 8:32 am

no change - at times suffering badly from freezing - coming from huge use of cpu from browser or windows explorer
it happens only every so often, but sometimes i can find nothing i've initiated to blame tends to be more than 30 secs, usually less than 5 mins - haven't seen a pattern

history in firefox is a a mess - entries for one site are overwritten with the last visited site (so it seems), mini-icons are all wrong everywhere...
some may be down to me, some perhaps disputing software, but they do add up to symptoms that i equate with malware

chubasco

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2010-03-01
Operating System : Windows XP Pro

View user profile

Back to top Go down

Re: browser issues?

Post by Belahzur on Mon 11 Oct 2010, 8:38 am

Hello.

Download MBRCheck to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: browser issues?

Post by chubasco on Mon 11 Oct 2010, 8:51 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x02009f1d

Kernel Drivers (total 121):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806D0000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA0B8000 ohci1394.sys
0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0D8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0E8000 VolSnap.sys
0xB9F31000 atapi.sys
0xBA0F8000 disk.sys
0xBA108000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9F11000 fltmgr.sys
0xB9EFF000 sr.sys
0xBA118000 PxHelp20.sys
0xB9EE8000 KSecDD.sys
0xB9ED5000 WudfPf.sys
0xB9E48000 Ntfs.sys
0xB9E1B000 NDIS.sys
0xB9E01000 Mup.sys
0xBA534000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xBA158000 \SystemRoot\system32\DRIVERS\AmdPPM.sys
0xBA370000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB9D95000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA378000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA168000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA540000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS
0xBA178000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA188000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB9D72000 \SystemRoot\system32\DRIVERS\ks.sys
0xB9D52000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
0xBA198000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xBA3A0000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\serial.sys
0xBA550000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB9D3E000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA716000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA55C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB9D27000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA1C8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA1D8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3C0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBA3D0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3E0000 \SystemRoot\system32\DRIVERS\raspti.sys
0xBA1E8000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA3E8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA5B0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB9CC9000 \SystemRoot\system32\DRIVERS\update.sys
0xBA570000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA1F8000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA5B4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA208000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xBA408000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xBA5BA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA757000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5BE000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA430000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA438000 \SystemRoot\System32\drivers\vga.sys
0xB9BED000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xBA5C2000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5C6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA448000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA458000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB9DD9000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xBA238000 \??\C:\WINDOWS\system32\drivers\OAnet.sys
0xB9BBA000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xBA248000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB9B61000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA470000 \??\C:\WINDOWS\system32\drivers\OAmon.sys
0xB9B3B000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA258000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB9ADB000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xBA268000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xB9AB3000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA278000 \SystemRoot\system32\drivers\ip6fw.sys
0xB9A91000 \SystemRoot\System32\drivers\afd.sys
0xBA288000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA490000 \SystemRoot\System32\Drivers\StarOpen.SYS
0xBA4A0000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB9A6F000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xBA4A8000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xB9A44000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB99FB000 \??\C:\WINDOWS\system32\drivers\OADriver.sys
0xB998B000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA2A8000 \SystemRoot\System32\Drivers\Fips.SYS
0xB996F000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xBA5CE000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xBA388000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xBA2D8000 \SystemRoot\system32\DRIVERS\HMuKstOO.sys
0xB9C21000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA2E8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xB9C0D000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA2F8000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB9883000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB986B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xBA5D8000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB9B2F000 \SystemRoot\System32\drivers\Dxapi.sys
0xBA3F8000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA71D000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB8F3F000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB8EFB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB8B52000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xBA5F2000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB8943000 \SystemRoot\system32\DRIVERS\srv.sys
0xB860A000 \SystemRoot\System32\Drivers\HTTP.sys
0xBA390000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB9C25000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 32):
0 System Idle Process
4 System
328 C:\WINDOWS\system32\smss.exe
488 csrss.exe
512 C:\WINDOWS\system32\winlogon.exe
560 C:\WINDOWS\system32\services.exe
572 C:\WINDOWS\system32\lsass.exe
764 C:\WINDOWS\system32\svchost.exe
836 svchost.exe
912 C:\WINDOWS\system32\svchost.exe
952 C:\WINDOWS\system32\svchost.exe
1116 svchost.exe
1208 svchost.exe
1312 C:\Program Files\Tall Emu\Online Armor\oacat.exe
1380 C:\WINDOWS\explorer.exe
1424 C:\Program Files\Tall Emu\Online Armor\oasrv.exe
1644 C:\WINDOWS\system32\spoolsv.exe
1680 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1932 svchost.exe
892 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1272 alg.exe
1808 C:\WINDOWS\system32\wscntfy.exe
2168 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2204 C:\Program Files\Tall Emu\Online Armor\oaui.exe
2292 C:\Program Files\HDD Thermometer\HDD Thermometer.exe
2540 C:\Program Files\Tall Emu\Online Armor\oahlp.exe
3604 C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe
4004 C:\Program Files\Mozilla Firefox\firefox.exe
2200 C:\WINDOWS\system32\svchost.exe
3644 C:\WINDOWS\system32\notepad.exe
2500 C:\WINDOWS\system32\mspaint.exe
2784 P:\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\P: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\Z: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive1 Model Number: WDCWD2500JD-00HBC0, Rev: 08.02D08
PhysicalDrive0 Model Number: ST31500541AS, Rev: CC32
PhysicalDrive2 Model Number: SAMSUNGHD154UI, Rev: 1AG01118

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
1397 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
1397 GB \\.\PhysicalDrive2 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

chubasco

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2010-03-01
Operating System : Windows XP Pro

View user profile

Back to top Go down

Re: browser issues?

Post by Belahzur on Tue 12 Oct 2010, 10:04 am

Hello.
Do you remote to this machine at all? I noticed an open port on this machine for remote desktop.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: browser issues?

Post by chubasco on Tue 12 Oct 2010, 10:17 am

i tried some time ago - possibly have fully reinstalled system since then...
but not now, intentionally, but if something uses it, i wouldn't necessarily know
getting much more inclined to freeze up for peroiods since running combofix
noticed a huge cpu usage by System, seems like the task manager is struggling to show the process usage
explorer.exe and browsers still happy to be cpu hogs (sporadically)...

chubasco

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2010-03-01
Operating System : Windows XP Pro

View user profile

Back to top Go down

Re: browser issues?

Post by Belahzur on Wed 13 Oct 2010, 10:56 am

Okay, next step then, I noticed some old software we can remove to narrow it down.


  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: browser issues?

Post by chubasco on Wed 13 Oct 2010, 2:33 pm

7-Zip 4.57
Adobe Acrobat 4.0
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
AnyReader
ATI Display Driver
Audacity 1.2.4
Auto Gordian Knot 2.45
AVI2Clipboard 2.18
Avira AntiVir Personal - Free Antivirus
Catalyst Control Center - Branding
CCleaner
Combined Community Codec Pack 2008-01-24
CRC32 Calculator - CheckCRC
Critical Update for Windows Media Player 11 (KB959772)
Duplicate Cleaner 1.3
DVD Decrypter (Remove Only)
ESET Online Scanner v3
FairUse Wizard 2.6
Final Codecs 2008 New Year Edition
FlashGet 1.9.6.1073
Foxit Reader
GOM Player
HDCleaner
HDD Thermometer
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImgBurn (Remove Only)
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware
MatroskaProp (remove only)
MediaInfo 0.7.34
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MKVtoolnix 3.1.0
Mozilla Firefox (3.0.6)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
National Geographic Maps (Any files created by the program will be left on your system.)
Nero 8 Micro 8.3.6.0
NetMeter 1.1.3
Neuview Standard and Professional 6.08
Online Armor 4.0
QuickTime 3.0
Revo Uninstaller 1.89
SAGEM F@st 800-840
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Spybot - Search & Destroy
SpywareBlaster 4.3
SUPERAntiSpyware
TuneUp Utilities 2007
Unlocker 1.8.7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB2141007)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoLAN VLC media player 0.8.6c
ViewSonic Monitor Drivers
VisionDTV
VSO Inspector 1.4.2
Winamp
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
XviD MPEG4 Video Codec (remove only)


chubasco

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2010-03-01
Operating System : Windows XP Pro

View user profile

Back to top Go down

Re: browser issues?

Post by Belahzur on Thu 14 Oct 2010, 8:12 am

Hello.

You have quite a lot of software installed, do you use all of it? For example you have VLC Player and GOM Player installed. I am guessing VLC isn't reading certain videos encoded with certain codecs?

In any case, that's because it's a very old version of VLC and will probably be able to read most codecs nowadays apart from a certain few.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java(TM) 6 Update 7

Updating Java:

  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 21.
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe that you downloaded to install the newest version.

Please download Firefox 3.6.10 and install it. It will install over version 3.0 you currently have installed, so you won't lose any bookmarked websites.

Download and install VLC Player 1.1.4
When installing, it will ask if you want to uninstall the old version first before it can install the new version, so please select yes and allow it to install.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: browser issues?

Post by chubasco on Thu 14 Oct 2010, 9:27 am

thanks, i'll look into doing a bit of updating and cleaning up
been a while since i tried gom: it has some features that are useful that vlc doesn't - but i guess it could be gotten rid of without too much sacrifice: maybe even vlc...

firefox 3.5 and later is incompatible with at least 1 add-on that was too good to give up on - it's been a while since i checked, but it might be worth going through them again

in general, i prefer "if it ain't broke..." and these things have been around long enough in healthy times that their issues have been sorted and the more recent ones seem unlikely to have been caused by old reliables - presumably any new exploitation of their frailities would have been picked up through the scanning...






chubasco

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2010-03-01
Operating System : Windows XP Pro

View user profile

Back to top Go down

Re: browser issues?

Post by Belahzur on Thu 14 Oct 2010, 10:24 am

Not really, our scans remove the malware, if your still using old programs though, malware can exploit them and return again.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: browser issues?

Post by chubasco on Thu 14 Oct 2010, 10:38 am

i see
i didn't realise we'd found anything - all the reports seemd to me to be negative, and the issues are seemingly still there

chubasco

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2010-03-01
Operating System : Windows XP Pro

View user profile

Back to top Go down

Re: browser issues?

Post by Belahzur on Fri 15 Oct 2010, 10:21 am

Hello.
Try uninstalling Online Armour temporarily and see if the freezing/CPU usages still happens.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: browser issues?

Post by chubasco on Sun 24 Oct 2010, 7:35 am

since using otl/combo the problem of cpu usage is many times worse
disabling OA made no difference to the original symptoms, nor did the updates suggested
flits between explorer.exe, lsass, javaw, onlina-armor, avira and any user initiated prg - sometimes it seems like that a large part of the cpu use % is missing, but that may be due to the monitoring process

whle doing yet another set of scans, i noticed that going into safe mode showed the ms windows recovery console option still available, but now has a comment:
do not select this (debugger enabled)

on booting normally, after a first windows splash screen, there is a considerable delay with a blank screen before getting a second windows loading screen

EDIT/UPDATE 10-25-10
in changing around FF, at some point i have a history back
noticed a directory showing the message searching for items... almost constantly for an hour, so far
now if i can only get some cpu time back...

chubasco

Newbie Surfer
Newbie Surfer

Posts : 20
Joined : 2010-03-01
Operating System : Windows XP Pro

View user profile

Back to top Go down

Re: browser issues?

Post by Sponsored content Today at 2:35 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum