Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

VLC freezing. Firefox and IE slow

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

VLC freezing. Firefox and IE slow

Unread postby chuky_r_law » February 7th, 2011, 8:12 pm

having problems with VLC media player. keeps freezing making it impossible to watch any video. also, has stopped reading subtitles for some reason. media player not as bad but does skip and slow down from time to time. takes ages for laptop to boot up. firefox and IE have definitely slowed down too. main problem is with VLC but feel that everything is linked and there may be some deeper problem. have latest version of avg. nothing discovered in scan. also have malwarebytes. nothing on that either. please help...its driving me nuts!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:09:28, on 08/02/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www1.euro.dell.com/content/defau ... l=no&s=gen
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O2 - BHO: TBSB00982 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: Ant.com Toolbar - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ssdiag] C:\WINDOWS\ssdiag.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [Hard Disk Sentinel] "C:\Program Files\Hard Disk Sentinel\HDSentinel.exe" /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless-G Notebook Adapter.lnk.disabled
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Program Files\Titan Poker\casino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - http://www.vexcast.com/download/vexcast.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: Google Update Service (gupdate1ca68d229fc7634) (gupdate1ca68d229fc7634) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12120 bytes
chuky_r_law
Regular Member
 
Posts: 26
Joined: June 16th, 2005, 2:18 am
Advertisement
Register to Remove

Re: VLC freezing. Firefox and IE slow

Unread postby deltalima » February 10th, 2011, 3:45 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: VLC freezing. Firefox and IE slow

Unread postby deltalima » February 10th, 2011, 3:58 pm

Hi chuky_r_law,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your malware issue.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Uninstall List
  • Open HijackThis.
  • Click on Open the Misc tools section.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.

Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: VLC freezing. Firefox and IE slow

Unread postby chuky_r_law » February 10th, 2011, 6:44 pm

thank you for the assistance

µTorrent
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Advanced Batch Converter
Ant.com Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2011
AVG 2011
AVG 2011
Bonjour
CCleaner
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
DivX Plus Web Player
DVD Shrink 3.2
Google Chrome
Google Update Helper
Hard Disk Sentinel PRO
HiJackThis
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iTunes
Java(TM) 6 Update 23
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.6)
Mozilla Thunderbird (1.5.0.14)
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nokia Connectivity Cable Driver
Nokia Ovi Suite
Nokia Ovi Suite
Nokia Ovi Suite Software Updater
Ovi Desktop Sync Engine
OviMPlatform
Paddy Power Poker
PC Connectivity Solution
QuickTime
Safari
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sony Picture Utility
TeraCopy 2.12
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.18
VLC media player 0.9.4
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Internet Explorer 8
Windows Media Player Firefox Plugin
chuky_r_law
Regular Member
 
Posts: 26
Joined: June 16th, 2005, 2:18 am

Re: VLC freezing. Firefox and IE slow

Unread postby deltalima » February 10th, 2011, 6:53 pm

Hi chuky_r_law,

Remove P2P Programs

  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    µTorrent


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.

Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: VLC freezing. Firefox and IE slow

Unread postby chuky_r_law » February 12th, 2011, 1:06 am

i have a home computer, feel free to delete whatever you like. if i want it back i can always download it again

OTL logfile created on: 11/02/2011 00:18:19 - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Cathal Donnellan\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

503.00 Mb Total Physical Memory | 105.00 Mb Available Physical Memory | 21.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 29.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.77 Gb Total Space | 17.47 Gb Free Space | 33.10% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1072.79 Gb Free Space | 57.58% Space Free | Partition Type: NTFS

Computer Name: CATHAL | User Name: Cathal Donnellan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Cathal Donnellan\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Hard Disk Sentinel\HDSentinel.exe (H.D.S. Hungary)
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe ()
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\1XConfig.exe (Intel)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\WINDOWS\system32\gearsec.exe (GEAR Software)
PRC - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe ()
PRC - C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Cathal Donnellan\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (vvdsvc) -- C:\WINDOWS\system32\nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
SRV - (WLANKEEPER) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
SRV - (S24EventMonitor) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (gearsec) -- C:\WINDOWS\system32\gearsec.exe (GEAR Software)
SRV - (NICSer_WPC54G) -- C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe ()


========== Driver Services (SafeList) ==========

DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (odysseyIM4) -- C:\WINDOWS\system32\drivers\odysseyIM4.sys (Funk Software, Inc.)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (npapimon) -- C:\WINDOWS\system32\drivers\npapimon.sys (Sonic Solutions)
DRV - (ssdiagn) -- C:\WINDOWS\system32\drivers\ssdiagn.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (STAC97) -- C:\WINDOWS\system32\drivers\STAC97.sys (SigmaTel, Inc.)
DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (IWCA) -- C:\WINDOWS\system32\drivers\iwca.sys (Intel Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech, Inc.)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys (Logitech, Inc.)
DRV - (CBTNDIS5) -- C:\WINDOWS\system32\CBTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (Usblink) -- C:\WINDOWS\system32\drivers\ulink.sys ()
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... _homepage/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... _homepage/

IE - HKU\S-1-5-21-2601829358-2614481801-65410280-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKU\S-1-5-21-2601829358-2614481801-65410280-1006\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2601829358-2614481801-65410280-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2601829358-2614481801-65410280-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search (powered by Google)"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.ie"
FF - prefs.js..extensions.enabledItems: toolbar@alexa.com:1.5.0
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.2.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.http: "http://rosinstrument.com/cgi-bin/proxy.pac "

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/12/28 08:36:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/01/20 04:24:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/23 18:32:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/23 17:37:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 1.5.0.14\Extensions\\Components: C:\PROGRA~1\MOZILL~2\components\ [2010/12/23 17:37:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 1.5.0.14\Extensions\\Plugins: C:\PROGRA~1\MOZILL~2\plugins\ [2010/12/23 17:37:01 | 000,000,000 | ---D | M]

[2008/12/28 14:00:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Extensions
[2011/02/10 00:38:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\extensions
[2010/09/13 20:20:15 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011/01/09 02:09:41 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011/01/09 02:09:32 | 000,000,000 | ---D | M] ("Alexa Sparky") -- C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\extensions\toolbar@alexa.com
[2011/01/09 02:10:07 | 000,001,876 | ---- | M] () -- C:\Documents and Settings\Cathal Donnellan\Application Data\Mozilla\Firefox\Profiles\qhp10456.default\searchplugins\web-search-powered-by-google.xml
[2011/02/10 00:38:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/12 01:35:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/09 11:39:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/01 12:14:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/01 10:38:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/28 08:36:04 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2009/01/03 22:12:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/20 04:24:50 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/01/16 22:12:11 | 000,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll

O1 HOSTS File: ([2009/12/22 23:49:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O2 - BHO: (TBSB00982 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKU\S-1-5-21-2601829358-2614481801-65410280-1006\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
O4 - HKLM..\Run: [Hard Disk Sentinel] C:\Program Files\Hard Disk Sentinel\HDSentinel.exe (H.D.S. Hungary)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [ssdiag] C:\WINDOWS\ssdiag.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-2601829358-2614481801-65410280-1006..\Run: [] File not found
O4 - HKU\S-1-5-21-2601829358-2614481801-65410280-1006..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless-G Notebook Adapter.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\Cathal Donnellan\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2601829358-2614481801-65410280-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2601829358-2614481801-65410280-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2601829358-2614481801-65410280-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2601829358-2614481801-65410280-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - File not found
O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (VodClient Control Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.4 89.101.160.5
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\508\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Cathal Donnellan\My Documents\My Pictures\cool pic.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Cathal Donnellan\My Documents\My Pictures\cool pic.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/07/10 01:14:42 | 000,000,000 | RH-D | M] - F:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 12:56:50 | 000,000,036 | RH-- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/10 20:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2011/02/09 21:19:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/02/08 00:07:41 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/02/08 00:07:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cathal Donnellan\Start Menu\Programs\HiJackThis
[2011/02/06 19:42:07 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/02/04 14:08:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/04 14:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/04 14:07:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/01 10:38:20 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/01 10:38:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/01 10:38:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/02/01 02:56:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cathal Donnellan\Application Data\vlc
[2011/02/01 02:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/01/21 14:44:37 | 000,439,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2011/01/20 04:47:26 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbser.sys
[2011/01/20 04:46:32 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2011/01/20 04:44:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cathal Donnellan\Local Settings\Application Data\Nokia
[2011/01/20 04:41:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nokia
[2011/01/20 04:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2011/01/20 04:24:33 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2011/01/20 04:23:44 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2011/01/20 04:21:13 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2011/01/20 04:21:10 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2011/01/20 04:21:06 | 000,023,040 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2011/01/20 04:20:34 | 000,018,048 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2011/01/20 04:20:33 | 000,604,160 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2011/01/20 04:20:32 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01009.dll
[2011/01/20 04:20:30 | 000,111,104 | ---- | C] (Nokia) -- C:\WINDOWS\System32\ccdcmbwu.dll
[2011/01/20 04:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2011/01/19 10:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Cathal Donnellan\Start Menu\Programs\BrowserPlus
[2006/09/06 05:40:06 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\KBHook.dll
[2006/09/06 05:40:04 | 000,008,704 | ---- | C] ( ) -- C:\WINDOWS\ScreenShotTaker.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[11 C:\Documents and Settings\Cathal Donnellan\Desktop\*.tmp files -> C:\Documents and Settings\Cathal Donnellan\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/11 00:33:14 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{28F73538-1761-4DFE-9F6C-7D27CDF827C6}.job
[2011/02/11 00:29:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/10 23:59:43 | 105,890,045 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/10 23:57:28 | 000,242,688 | ---- | M] () -- C:\Documents and Settings\Cathal Donnellan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/10 22:36:58 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\Cathal Donnellan\Desktop\HiJackThis.lnk
[2011/02/10 21:54:52 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Cathal Donnellan\Local Settings\Application Data\prvlcl.dat
[2011/02/10 20:45:42 | 000,000,843 | ---- | M] () -- C:\WINDOWS\ssdiag.ini
[2011/02/10 20:44:40 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/10 20:44:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/10 20:44:06 | 000,184,224 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/10 20:44:05 | 527,892,480 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/10 20:41:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/10 20:37:10 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/02/09 21:19:16 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/02/09 19:43:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/08 19:11:56 | 000,146,756 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/02/06 13:10:11 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/02/06 12:06:18 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Cathal Donnellan\Local Settings\Application Data\housecall.guid.cache
[2011/02/04 14:08:07 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/03 13:39:24 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/01 02:53:26 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/01/27 12:07:12 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/01/21 14:44:37 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2011/01/21 14:44:37 | 000,439,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2011/01/20 04:46:48 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2011/01/20 04:46:44 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/01/20 04:41:15 | 000,001,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Ovi Suite.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[16 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[11 C:\Documents and Settings\Cathal Donnellan\Desktop\*.tmp files -> C:\Documents and Settings\Cathal Donnellan\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/09 21:19:16 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/02/08 00:07:41 | 000,002,469 | ---- | C] () -- C:\Documents and Settings\Cathal Donnellan\Desktop\HiJackThis.lnk
[2011/02/06 12:06:18 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Cathal Donnellan\Local Settings\Application Data\housecall.guid.cache
[2011/02/04 14:08:07 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/01 02:53:26 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/01/20 04:46:48 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2011/01/20 04:46:44 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/01/20 04:41:14 | 000,001,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Ovi Suite.lnk
[2009/12/05 12:16:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Cathal Donnellan\Local Settings\Application Data\prvlcl.dat
[2009/08/06 19:47:45 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2009/08/06 18:59:05 | 000,000,089 | ---- | C] () -- C:\WINDOWS\ABC_mru.ini
[2008/09/10 03:15:20 | 000,000,843 | ---- | C] () -- C:\WINDOWS\ssdiag.ini
[2008/03/20 12:00:12 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\Udetect.dll
[2008/03/20 12:00:04 | 000,040,060 | ---- | C] () -- C:\WINDOWS\System32\drivers\ulink.sys
[2007/12/25 22:36:00 | 000,000,013 | ---- | C] () -- C:\WINDOWS\ads.ini
[2007/09/04 13:16:29 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\cuteshell.dll
[2007/07/24 12:09:54 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/03/02 17:01:17 | 000,000,229 | ---- | C] () -- C:\WINDOWS\MAXIM.INI
[2007/03/02 17:01:16 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI
[2007/01/25 20:58:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\init.ini
[2006/07/24 14:02:13 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\AURTDIONOCVE.DLL
[2006/07/05 22:03:52 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\INT14PPP.dll
[2006/07/05 15:26:42 | 000,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/05/18 19:43:40 | 000,001,786 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/05/18 19:43:40 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\F4E221CE19.sys
[2006/05/03 23:47:05 | 000,000,421 | ---- | C] () -- C:\Documents and Settings\Cathal Donnellan\Application Data\AutoGK.ini
[2006/03/31 18:03:09 | 000,000,250 | R--- | C] () -- C:\Program Files\FILE_ID.DIZ
[2006/03/31 18:02:55 | 000,004,696 | R--- | C] () -- C:\Program Files\readme.txt
[2006/03/22 23:17:25 | 000,008,828 | ---- | C] () -- C:\Program Files\digerati.nfo
[2006/03/13 20:24:29 | 000,000,180 | ---- | C] () -- C:\WINDOWS\Datewise.INI
[2006/03/07 21:28:46 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Pex.INI
[2006/02/27 13:48:36 | 000,856,064 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/02/27 13:30:32 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/01/12 20:59:38 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\UTL10PPP.dll
[2006/01/11 12:34:26 | 000,000,013 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\ÝÙÃÄ3113›.sys
[2005/12/28 05:22:59 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/12/21 12:07:48 | 000,242,688 | ---- | C] () -- C:\Documents and Settings\Cathal Donnellan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/19 13:14:45 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\Cathal Donnellan\Local Settings\Application Data\fusioncache.dat
[2005/12/18 20:36:46 | 000,189,665 | ---- | C] () -- C:\Program Files\unrarw32.exe
[2005/12/18 20:32:23 | 001,014,477 | ---- | C] () -- C:\Program Files\wrar351.exe
[2005/12/15 02:26:37 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDEC64Euro.ini
[2005/11/28 12:46:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/02 11:21:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/11/02 11:12:52 | 000,000,386 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/11/02 11:06:37 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2005/11/02 10:29:58 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2005/11/02 10:27:36 | 000,000,474 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/06/29 16:23:56 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2005/06/11 10:47:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll
[2005/05/04 19:58:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/12 08:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/08/10 13:12:05 | 000,000,885 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/10/15 22:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[1999/01/23 02:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Program Files\wrar351.exe:SummaryInformation

< End of report >


OTL Extras logfile created on: 11/02/2011 00:18:20 - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Cathal Donnellan\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

503.00 Mb Total Physical Memory | 105.00 Mb Available Physical Memory | 21.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 29.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.77 Gb Total Space | 17.47 Gb Free Space | 33.10% Space Free | Partition Type: NTFS
Drive F: | 1863.01 Gb Total Space | 1072.79 Gb Free Space | 57.58% Space Free | Partition Type: NTFS

Computer Name: CATHAL | User Name: Cathal Donnellan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2601829358-2614481801-65410280-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe" = C:\Program Files\Macromedia\Fireworks MX\Fireworks.exe:*:Disabled:Fireworks MX -- (Macromedia Inc.)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE" = C:\WINDOWS\system32\spool\drivers\w32x86\3\SAGENT4.EXE:*:Disabled:SAgent4 -- (SEIKO EPSON CORPORATION)
"C:\Program Files\Java\jre1.5.0_01\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_01\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- (GRISOFT, s.r.o.)
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- (GRISOFT, s.r.o.)
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- (GRISOFT, s.r.o.)
"C:\Program Files\Grisoft\AVG7\avgemc.exe" = C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe -- (GRISOFT, s.r.o.)
"C:\Program Files\TVAnts\Tvants.exe" = C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla Corporation)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08600005-5228-4BF6-845E-E9A957AFDCB4}" = OviMPlatform
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 23
"{3553E875-F00E-4031-BDEC-75FB1DFEB093}" = Nokia Ovi Suite Software Updater
"{36ABE32F-D7D4-4A5E-AADD-589F506B1B50}" = Nokia Ovi Suite
"{4216D328-0FE8-48B8-85B8-BD300E6F080F}" = Nokia Connectivity Cable Driver
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69916AD2-3710-4C86-895E-8F475290AA64}" = Ovi Desktop Sync Engine
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}" = PC Connectivity Solution
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Batch Converter" = Advanced Batch Converter
"AVG" = AVG 2011
"CCleaner" = CCleaner
"DVD Shrink_is1" = DVD Shrink 3.2
"Google Chrome" = Google Chrome
"Hard Disk Sentinel_is1" = Hard Disk Sentinel PRO
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Thunderbird (1.5.0.14)" = Mozilla Thunderbird (1.5.0.14)
"Nokia Ovi Suite" = Nokia Ovi Suite
"Paddy Power Poker" = Paddy Power Poker
"TBSB00982.TBSB00982Toolbar" = Ant.com Toolbar
"TeraCopy_is1" = TeraCopy 2.12
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VLC media player 0.9.4
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2601829358-2614481801-65410280-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/02/2011 17:13:43 | Computer Name = CATHAL | Source = Bonjour Service | ID = 100
Description = 252: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 09/02/2011 17:13:43 | Computer Name = CATHAL | Source = Bonjour Service | ID = 100
Description = 256: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 09/02/2011 17:13:43 | Computer Name = CATHAL | Source = Bonjour Service | ID = 100
Description = 248: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 09/02/2011 17:13:44 | Computer Name = CATHAL | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 09/02/2011 17:13:44 | Computer Name = CATHAL | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 09/02/2011 21:22:03 | Computer Name = CATHAL | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 09/02/2011 21:22:04 | Computer Name = CATHAL | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 09/02/2011 21:22:04 | Computer Name = CATHAL | Source = Bonjour Service | ID = 100
Description = 248: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 09/02/2011 21:22:04 | Computer Name = CATHAL | Source = Bonjour Service | ID = 100
Description = 256: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 09/02/2011 21:22:04 | Computer Name = CATHAL | Source = Bonjour Service | ID = 100
Description = 252: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ System Events ]
Error - 05/02/2011 13:28:11 | Computer Name = CATHAL | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 0012F0C1FE35 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 05/02/2011 13:38:26 | Computer Name = CATHAL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde

Error - 05/02/2011 23:57:12 | Computer Name = CATHAL | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.2.100 on
the Network Card with network address 0012F0C1FE35.

Error - 09/02/2011 18:01:01 | Computer Name = CATHAL | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.

Error - 10/02/2011 15:53:40 | Computer Name = CATHAL | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.10 on
the Network Card with network address 001422F12733.

Error - 10/02/2011 15:54:47 | Computer Name = CATHAL | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.10 on
the Network Card with network address 001422F12733.

Error - 10/02/2011 15:56:28 | Computer Name = CATHAL | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.10 on
the Network Card with network address 001422F12733.

Error - 10/02/2011 15:58:50 | Computer Name = CATHAL | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.10 on
the Network Card with network address 001422F12733.

Error - 10/02/2011 16:27:07 | Computer Name = CATHAL | Source = DCOM | ID = 10010
Description = The server {8C53F4F9-90F5-4CA0-A8FE-76ECF5FBD2CF} did not register
with DCOM within the required timeout.

Error - 10/02/2011 16:28:25 | Computer Name = CATHAL | Source = DCOM | ID = 10010
Description = The server {4BEE36D7-DF28-49C1-8B85-1F3AED830E66} did not register
with DCOM within the required timeout.


< End of report >


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2011-02-11 12:17:02
Windows 5.1.2600 Service Pack 3
Running: t3vpuofn.exe; Driver: C:\DOCUME~1\CATHAL~1\LOCALS~1\Temp\uwtdqpow.sys


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat F75D3D20

---- EOF - GMER 1.0.15 ----
chuky_r_law
Regular Member
 
Posts: 26
Joined: June 16th, 2005, 2:18 am

Re: VLC freezing. Firefox and IE slow

Unread postby deltalima » February 12th, 2011, 11:05 am

Hi chuky_r_law,

503.00 Mb Total Physical Memory


That is a small amount of RAM to run Windows XP, you will always experience poor performance unless you increase that to at least 1 Gigabyte.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.

MBRCheck

Please download MBRCheck.exe to your desktop.
  • Double-click on MBRCheck.exe to run it.
  • It will show a Black screen with some information.
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file in you're next reply.

ESET online scannner

  • Please go Here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: VLC freezing. Firefox and IE slow

Unread postby chuky_r_law » February 15th, 2011, 6:39 am

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xF7DD0000 C:\WINDOWS\system32\DRIVERS\w29n51.sys 3211264 bytes (Intel® Corporation, Intel® Wireless LAN Driver)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF812C000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1052672 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xF7BE9000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xBF075000 C:\WINDOWS\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw(R) Driver for Intel(R) Graphics Technology)
0xF7B41000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 688128 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF82CD000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAA4F1000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF7999000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAA70C000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA9A55000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xAA6C4000 C:\WINDOWS\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)
0xBF157000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xF7D60000 C:\WINDOWS\system32\drivers\STAC97.sys 274432 bytes (SigmaTel, Inc., SigmaTel Audio Driver (WDM))
0xA9424000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF7AEA000 C:\WINDOWS\system32\DRIVERS\iwca.sys 249856 bytes (Intel Corporation, Intel Wireless Connection Agent)
0xAA4B5000 C:\WINDOWS\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)
0xBF041000 C:\WINDOWS\System32\ialmdev5.DLL 212992 bytes (Intel Corporation, Component GHAL Driver)
0xF7CE8000 C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys 200704 bytes (Conexant Systems, Inc., HSFHWICH WDM driver)
0xF8432000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA9F50000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF82A0000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA82DF000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xF79F7000 C:\WINDOWS\system32\DRIVERS\odysseyIM4.sys 176128 bytes (Funk Software, Inc., Odyssey Network Driver (EAPOL Only))
0xAA589000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA98ED000 C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys 163840 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)
0xAA676000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAA69E000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF7D3C000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF80F4000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF7D19000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAA654000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 135168 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0x806EF000 ACPI_HAL 131840 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF83AC000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF83E4000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF8403000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xF7B27000 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 106496 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0xF8286000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xAA2DE000 C:\WINDOWS\system32\dla\tfsnudf.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xAA2C5000 C:\WINDOWS\system32\dla\tfsnudfa.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xF83CC000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAA44D000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF836D000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF7AD3000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF8384000 drvmcdb.sys 90112 bytes (Sonic Solutions, Device Driver)
0xAA2F7000 C:\WINDOWS\system32\dla\tfsnifs.sys 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xA9E4B000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF80E0000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xF8118000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAA765000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF835A000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF839A000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF8421000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF7A22000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF86A1000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF8551000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF8521000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF84E1000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF8671000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF86F1000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF8561000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA9FFD000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF85F1000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF84F1000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF84C1000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF8531000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF8571000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF84A1000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF8601000 C:\WINDOWS\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)
0xF8591000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF86E1000 C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 45056 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
0xF8661000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF8541000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8491000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF8581000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xA9BAD000 C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)
0xAA03D000 C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)
0xAA5D4000 C:\WINDOWS\system32\drivers\drvnddm.sys 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF8481000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF85D1000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF84D1000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF85C1000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF8501000 AVGIDSEH.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)
0xF84B1000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xA88B8000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF86D1000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF85A1000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF8641000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA8BDD000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xAA5C4000 C:\WINDOWS\system32\dla\tfsncofs.sys 36864 bytes (Sonic Solutions, Drive Letter Access Component)
0xF8621000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF87D9000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF8871000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF87D1000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF8859000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF8701000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF8799000 C:\WINDOWS\system32\dla\tfsnboio.sys 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF87F1000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF87E9000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF87E1000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF8851000 C:\WINDOWS\system32\drivers\npapimon.sys 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF8831000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF87C9000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF8861000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF8711000 avgrkx86.sys 20480 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)
0xF8869000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF8811000 C:\WINDOWS\system32\DRIVERS\omci.sys 20480 bytes (Dell Inc, OMCI Device Driver)
0xF8709000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF8801000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF8809000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF87F9000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF8779000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xAA2BD000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 16384 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF822D000 C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 16384 bytes (Dell Inc, App Support Driver)
0xF8899000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xA9561000 C:\WINDOWS\system32\CBTNDIS5.SYS 16384 bytes (Printing Communications Assoc., Inc. (PCAUSA), PCAUSA NDIS 5.0 Protocol Driver)
0xF8945000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF8969000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAA335000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xAA439000 C:\WINDOWS\system32\dla\tfsnopio.sys 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xF8891000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF8895000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xAA7A0000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xA9751000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF8911000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xA9F38000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xA8860000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF8955000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF8921000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xAA2B5000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 12288 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xF8915000 C:\WINDOWS\system32\drivers\ssdiagn.sys 12288 bytes (Sonic Solutions, Shared Driver Component)
0xF8935000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF89C3000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8993000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF89C1000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8A29000 C:\WINDOWS\System32\Drivers\hiber_WMILIB.SYS 8192 bytes
0xF8985000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF8981000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF89C7000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF89C9000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF89B3000 C:\WINDOWS\system32\drivers\sscdbhk5.sys 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF89B9000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF89B5000 C:\WINDOWS\system32\dla\tfsnpool.sys 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF89BB000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8983000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8B2E000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8AC3000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8A93000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8A49000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF8B61000 C:\WINDOWS\system32\dla\tfsndrct.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xF8B66000 C:\WINDOWS\system32\dla\tfsndres.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
ntoskrnl.exe+0x0000BABC, Type: Inline - RelativeJump 0x804E2ABC-->804E2AB9 [ntoskrnl.exe]
[132]ZCfgSvc.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[132]ZCfgSvc.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[132]ZCfgSvc.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0043F164-->00000000 [shimeng.dll]
[132]ZCfgSvc.exe-->shell32.dll-->advapi32.dll-->ControlService, Type: IAT modification 0x7C9C1060-->00000000 [acgenral.dll]
[132]ZCfgSvc.exe-->shell32.dll-->advapi32.dll-->OpenServiceW, Type: IAT modification 0x7C9C1068-->00000000 [acgenral.dll]
[132]ZCfgSvc.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[132]ZCfgSvc.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[1504]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x7E46531E-->00000000 [xul.dll]
[396]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[396]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[396]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[396]explorer.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[396]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[396]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[396]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[396]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[5340]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x7C91632D-->00000000 [firefox.exe]
[5392]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[5392]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[5392]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[5392]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[5392]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[5392]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[5392]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[5392]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[5392]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[5392]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[5392]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[5392]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[5392]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[5392]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A51184-->00000000 [aclayers.dll]
[5392]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x71A511A0-->00000000 [aclayers.dll]
[5392]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[5392]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[5392]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[5392]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[5392]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[5392]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[5392]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[5392]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[5392]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[5392]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[5392]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[5392]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[5392]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[5392]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[5392]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[5392]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[5392]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[5392]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[5392]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[5392]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D9314B4-->00000000 [aclayers.dll]
[5392]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931450-->00000000 [aclayers.dll]
[5392]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D931350-->00000000 [aclayers.dll]
[5392]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[5392]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->00000000 [aclayers.dll]
[5756]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[5756]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DD1214-->00000000 [aclayers.dll]
[5756]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DD105C-->00000000 [aclayers.dll]
[5756]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DD11E0-->00000000 [aclayers.dll]
[5756]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[5756]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77F11084-->00000000 [aclayers.dll]
[5756]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77F11078-->00000000 [aclayers.dll]
[5756]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77F110B8-->00000000 [aclayers.dll]
[5756]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->00000000 [shimeng.dll]
[5756]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->00000000 [aclayers.dll]
[5756]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->00000000 [aclayers.dll]
[5756]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->00000000 [aclayers.dll]
[5756]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A51178-->00000000 [shimeng.dll]
[5756]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A51184-->00000000 [aclayers.dll]
[5756]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x71A511A0-->00000000 [aclayers.dll]
[5756]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[5756]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7C9C13E8-->00000000 [aclayers.dll]
[5756]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7C9C163C-->00000000 [aclayers.dll]
[5756]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7C9C161C-->00000000 [aclayers.dll]
[5756]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7C9C15A0-->00000000 [aclayers.dll]
[5756]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x7E42B3C6-->00000000 [ieframe.dll]
[5756]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E42D0A3-->00000000 [ieframe.dll]
[5756]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E456D7D-->00000000 [ieframe.dll]
[5756]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E432072-->00000000 [ieframe.dll]
[5756]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E43B144-->00000000 [ieframe.dll]
[5756]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E4247AB-->00000000 [ieframe.dll]
[5756]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[5756]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E4112F4-->00000000 [aclayers.dll]
[5756]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E411208-->00000000 [aclayers.dll]
[5756]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E411340-->00000000 [aclayers.dll]
[5756]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E45085C-->00000000 [ieframe.dll]
[5756]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E450838-->00000000 [ieframe.dll]
[5756]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E43A082-->00000000 [ieframe.dll]
[5756]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E4664D5-->00000000 [ieframe.dll]
[5756]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E42820F-->00000000 [ieframe.dll]
[5756]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E42D5F3-->00000000 [ieframe.dll]
[5756]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[5756]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x3D9314B4-->00000000 [aclayers.dll]
[5756]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x3D931450-->00000000 [aclayers.dll]
[5756]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x3D931350-->00000000 [aclayers.dll]
[5756]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[5756]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71AB10A8-->00000000 [aclayers.dll]



MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000002c

Kernel Drivers (total 156):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF8981000 \WINDOWS\system32\KDCOM.DLL
0xF8891000 \WINDOWS\system32\BOOTVID.dll
0xF8432000 ACPI.sys
0xF8983000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF8421000 pci.sys
0xF8481000 isapnp.sys
0xF8895000 compbatt.sys
0xF8899000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF8A49000 pciide.sys
0xF8701000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8985000 intelide.sys
0xF8403000 pcmcia.sys
0xF8491000 MountMgr.sys
0xF83E4000 ftdisk.sys
0xF8709000 PartMgr.sys
0xF84A1000 VolSnap.sys
0xF83CC000 atapi.sys
0xF84B1000 disk.sys
0xF84C1000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF83AC000 fltmgr.sys
0xF839A000 sr.sys
0xF8384000 drvmcdb.sys
0xF84D1000 PxHelp20.sys
0xF836D000 KSecDD.sys
0xF835A000 WudfPf.sys
0xF82CD000 Ntfs.sys
0xF82A0000 NDIS.sys
0xF84E1000 ohci1394.sys
0xF84F1000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF8286000 Mup.sys
0xF8711000 avgrkx86.sys
0xF8501000 AVGIDSEH.Sys
0xF8521000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xF8551000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF895D000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7C15000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
0xF7C01000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF87D1000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF7BB0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF87D9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF8561000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0xF7B9C000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xF788C000 \SystemRoot\system32\DRIVERS\w29n51.sys
0xF7849000 \SystemRoot\system32\drivers\STAC97.sys
0xF7825000 \SystemRoot\system32\drivers\portcls.sys
0xF8571000 \SystemRoot\system32\drivers\drmk.sys
0xF7802000 \SystemRoot\system32\drivers\ks.sys
0xF77D1000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xF76D2000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF762A000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF87E1000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8581000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7610000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0xF87E9000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF87F1000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF8591000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF89B5000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF85A1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF85B1000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF87F9000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF75D3000 \SystemRoot\system32\DRIVERS\iwca.sys
0xF8B85000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF85C1000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF8969000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF75BC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF85D1000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF85E1000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF8801000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF75AB000 \SystemRoot\system32\DRIVERS\psched.sys
0xF85F1000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF8811000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF8819000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF7580000 \SystemRoot\system32\DRIVERS\odysseyIM4.sys
0xF8601000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF89B9000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF7522000 \SystemRoot\system32\DRIVERS\update.sys
0xF897D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF8821000 \SystemRoot\system32\DRIVERS\omci.sys
0xF8611000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7DA6000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF89BD000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7DDA000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7D76000 \SystemRoot\system32\DRIVERS\avgmfx86.sys
0xF89CD000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8AF0000 \SystemRoot\System32\Drivers\Null.SYS
0xF89CF000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8849000 \SystemRoot\system32\drivers\ssrtln.sys
0xF7DD6000 \SystemRoot\system32\drivers\ssdiagn.sys
0xF8859000 \SystemRoot\system32\drivers\npapimon.sys
0xF8861000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF8869000 \SystemRoot\System32\drivers\vga.sys
0xF89D1000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF89D3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8871000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8879000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7DCE000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA765000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA70C000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA6C4000 \SystemRoot\system32\DRIVERS\avgtdix.sys
0xAA69C000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF892D000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xAA67A000 \SystemRoot\System32\drivers\afd.sys
0xF7D66000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAA64F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAA5B7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF7D46000 \SystemRoot\System32\Drivers\Fips.SYS
0xAA591000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7D36000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7D26000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xAA4B5000 \SystemRoot\system32\DRIVERS\avgldx86.sys
0xAA7B4000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS
0xF8651000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xAA44D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8995000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF8915000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8741000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8ABA000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF020000 \SystemRoot\System32\ialmdnt5.dll
0xBF012000 \SystemRoot\System32\ialmrnt5.dll
0xBF041000 \SystemRoot\System32\ialmdev5.DLL
0xBF075000 \SystemRoot\System32\ialmdd5.DLL
0xAA531000 \SystemRoot\system32\drivers\drvnddm.sys
0xF8AF4000 \SystemRoot\system32\dla\tfsndres.sys
0xAA2F7000 \SystemRoot\system32\dla\tfsnifs.sys
0xAA43D000 \SystemRoot\system32\dla\tfsnopio.sys
0xF89AB000 \SystemRoot\system32\dla\tfsnpool.sys
0xF8759000 \SystemRoot\system32\dla\tfsnboio.sys
0xAA521000 \SystemRoot\system32\dla\tfsncofs.sys
0xF8ACB000 \SystemRoot\system32\dla\tfsndrct.sys
0xAA2DE000 \SystemRoot\system32\dla\tfsnudf.sys
0xAA2C5000 \SystemRoot\system32\dla\tfsnudfa.sys
0xAA31D000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xAA315000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xAA1F1000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9EB0000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA9E73000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9FF5000 \SystemRoot\system32\drivers\sysaudio.sys
0xA9C55000 \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys
0xA97ED000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA966D000 \SystemRoot\system32\DRIVERS\srv.sys
0xAA0F5000 \SystemRoot\system32\DRIVERS\AVGIDSFilter.Sys
0xA94DD000 \SystemRoot\system32\DRIVERS\AVGIDSDriver.Sys
0xBF157000 \SystemRoot\System32\ATMFD.DLL
0xA9154000 \SystemRoot\System32\Drivers\HTTP.sys
0xA93C9000 \??\C:\WINDOWS\system32\CBTNDIS5.SYS
0xF8A29000 \SystemRoot\System32\Drivers\hiber_WMILIB.SYS
0xA96E5000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xA91A5000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xA8BF5000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF8809000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xA86E0000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 66):
0 System Idle Process
4 System
1640 C:\WINDOWS\system32\smss.exe
916 csrss.exe
948 C:\WINDOWS\system32\winlogon.exe
1020 C:\WINDOWS\system32\services.exe
1032 C:\WINDOWS\system32\lsass.exe
1252 C:\WINDOWS\system32\svchost.exe
2024 svchost.exe
180 C:\WINDOWS\system32\svchost.exe
236 C:\WINDOWS\system32\svchost.exe
400 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
460 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
520 C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
988 svchost.exe
1684 svchost.exe
1664 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
368 C:\WINDOWS\explorer.exe
1300 C:\WINDOWS\system32\spoolsv.exe
1412 C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
1748 svchost.exe
624 C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
800 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1216 C:\Program Files\Apoint\Apoint.exe
1808 C:\WINDOWS\system32\hkcmd.exe
1796 C:\WINDOWS\system32\igfxpers.exe
592 C:\WINDOWS\system32\igfxsrvc.exe
1348 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
264 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
608 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
600 C:\WINDOWS\LOGI_MWX.EXE
848 C:\WINDOWS\system32\dla\tfswctrl.exe
584 C:\Program Files\AVG\AVG10\avgwdsvc.exe
968 C:\Program Files\Apoint\ApntEx.exe
1868 C:\Program Files\Dell\QuickSet\quickset.exe
856 C:\Program Files\Bonjour\mDNSResponder.exe
1852 C:\Program Files\Common Files\Java\Java Update\jusched.exe
816 C:\Program Files\AVG\AVG10\avgtray.exe
780 C:\WINDOWS\system32\gearsec.exe
2820 C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
2960 C:\Program Files\iTunes\iTunesHelper.exe
3156 C:\WINDOWS\system32\ctfmon.exe
3564 C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
3716 C:\Program Files\Java\jre6\bin\jqs.exe
3240 C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
1932 C:\Program Files\Digital Line Detect\DLG.exe
872 C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe
4008 C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
1448 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
3180 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
3580 C:\WINDOWS\system32\svchost.exe
3848 C:\Program Files\AVG\AVG10\avgnsx.exe
920 C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
720 C:\Program Files\AVG\AVG10\avgchsvx.exe
3520 C:\Program Files\iPod\bin\iPodService.exe
2628 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
1824 wmiprvse.exe
4064 alg.exe
5896 C:\PROGRA~1\AVG\AVG10\avgrsx.exe
1148 C:\Program Files\AVG\AVG10\avgcsrvx.exe
4580 C:\Program Files\Mozilla Firefox\firefox.exe
4820 C:\Program Files\Mozilla Firefox\plugin-container.exe
4648 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
4936 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
4700 C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
3208 C:\Documents and Settings\Cathal Donnellan\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`065f9a00 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS541060G9AT00, Rev: MB3OA61A
PhysicalDrive1 Model Number: WDExt HDD 1021, Rev: 2002

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 79BCE648F143823706869D592F56B05B3E4D6E83
1863 GB \\.\PhysicalDrive1 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!




ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=8647416fd4530843a70c11326509c8c2
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-02-14 09:43:55
# local_time=2011-02-14 09:43:55 (+0000, GMT Standard Time)
# country="Ireland"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 595900 595900 0 0
# compatibility_mode=1032 16777173 100 96 10131 41006353 0 0
# compatibility_mode=8192 67108863 100 0 3984 3984 0 0
# scanned=6273
# found=16
# cleaned=0
# scan_time=3878
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\0\4d5f6200-74d6d670 probably a variant of Win32/Agent.CDGQEWH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\14\34524d4e-3101f204 probably a variant of Win32/Agent.FXHNPDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\16\d1c5590-471576ba probably a variant of Win32/Agent.CDGQEWH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\22\76b61fd6-12c8bd79 probably a variant of Win32/Agent.ZVRMM trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\24\42f2dad8-6d6b6691 probably a variant of Win32/Agent.RPSVWU trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\26\56bf0f5a-106c8b8e probably a variant of Win32/Agent.RPSVWU trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\28\20d825dc-4e4cd0da probably a variant of Win32/Agent.FXHNPDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\30\3a25b1e-471fd3bd probably a variant of Win32/Agent.FXHNPDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\34\3b1e4862-4d0f1b20 probably a variant of Win32/Agent.ZVRMM trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\4\122990c4-4c152191 probably a variant of Win32/Agent.CDGQEWH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\41\1763d7e9-38b4e824 probably a variant of Win32/Agent.CDGQEWH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\43\3647d36b-4f6ce860 probably a variant of Win32/Agent.ZVRMM trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\45\257a302d-61ba3915 probably a variant of Win32/Agent.RPSVWU trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\60\240bc57c-5adb64b9 probably a variant of Win32/Agent.ZVRMM trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\61\7ae6b8bd-29a870ff probably a variant of Win32/Agent.CDGQEWH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\63\4052083f-2c9473bf probably a variant of Win32/Agent.ZVRMM trojan (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=8647416fd4530843a70c11326509c8c2
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-02-15 03:08:15
# local_time=2011-02-15 03:08:15 (+0000, GMT Standard Time)
# country="Ireland"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 607955 607955 0 0
# compatibility_mode=1032 16777189 100 96 22186 41018408 0 0
# compatibility_mode=8192 67108863 100 0 16039 16039 0 0
# scanned=126899
# found=20
# cleaned=0
# scan_time=11278
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\0\4d5f6200-74d6d670 probably a variant of Win32/Agent.CDGQEWH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\14\34524d4e-3101f204 probably a variant of Win32/Agent.FXHNPDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\16\d1c5590-471576ba probably a variant of Win32/Agent.CDGQEWH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\22\76b61fd6-12c8bd79 probably a variant of Win32/Agent.ZVRMM trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\24\42f2dad8-6d6b6691 probably a variant of Win32/Agent.RPSVWU trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\26\56bf0f5a-106c8b8e probably a variant of Win32/Agent.RPSVWU trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\28\20d825dc-4e4cd0da probably a variant of Win32/Agent.FXHNPDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\30\3a25b1e-471fd3bd probably a variant of Win32/Agent.FXHNPDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\34\3b1e4862-4d0f1b20 probably a variant of Win32/Agent.ZVRMM trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\4\122990c4-4c152191 probably a variant of Win32/Agent.CDGQEWH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\41\1763d7e9-38b4e824 probably a variant of Win32/Agent.CDGQEWH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\43\3647d36b-4f6ce860 probably a variant of Win32/Agent.ZVRMM trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\45\257a302d-61ba3915 probably a variant of Win32/Agent.RPSVWU trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\60\240bc57c-5adb64b9 probably a variant of Win32/Agent.ZVRMM trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\61\7ae6b8bd-29a870ff probably a variant of Win32/Agent.CDGQEWH trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Cathal Donnellan\Application Data\Sun\Java\Deployment\cache\6.0\63\4052083f-2c9473bf probably a variant of Win32/Agent.ZVRMM trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\ZoneAlarmSB\bar\1.bin\Z4PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
${Memory} a variant of Win32/Toolbar.MyWebSearch application 00000000000000000000000000000000 I



i am buying some extra RAM and have a friend who will help me withh that, but wont be for another week or so
chuky_r_law
Regular Member
 
Posts: 26
Joined: June 16th, 2005, 2:18 am

Re: VLC freezing. Firefox and IE slow

Unread postby deltalima » February 15th, 2011, 7:57 am

Hi chuky_r_law,

TFC

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

MBRBackup
Download MBRBackup to your Desktop.
http://www.misec.net/products/MBRBackup.exe
Doubleclick MBRBackup.exe to launch the program. If prompted by your computer allow it to run.
Click SaveMBR (top left corner) and save the backup file to your Desktop.
Exit the program.
It will have a name similar to MBR_2010-10-06.bin where the numbers correspond to the date the backup was made.


Analyze file(s).
Please visit Virustotal.

Click on browse > navigate to the MBR_2010-xx-xx.bin backup file > Click Open:

  • Press Send File - this will submit the file for testing.
  • Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :
Image

Next
  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs,
    highlight Ant.com Toolbar
    click Remove
  • Close the Add or Remove Programs and the Control Panel windows.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    :otl
    O2 - BHO: (TBSB00982 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (Ant.com Toolbar) - {6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKU\S-1-5-21-2601829358-2614481801-65410280-1006..\Run: [] File not found
    O9 - Extra Button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - File not found
    O9 - Extra 'Tools' menuitem : Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - File not found
    O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - File not found
    O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - File not found
    O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
    :commands
    [EMPTYTEMP]
    [EMPTYFLASH]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Please let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: VLC freezing. Firefox and IE slow

Unread postby chuky_r_law » February 15th, 2011, 10:59 am

i havve made a bit of a mess of saving the text documents this time. this is the only thing i managed to save. sorry.

http://www.virustotal.com/file-scan/rep ... 1297776581

however, i did run everything and laptop seems to be in good working order again. there is a slight glitch with vlc, but that could be the RAM issue you pointed out. i am getting that sorted soon so i will kepp you posted on how that goes. is there anything else for me to do?

btw, thanks so much for the assist. i really appreciate all you have done for me
chuky_r_law
Regular Member
 
Posts: 26
Joined: June 16th, 2005, 2:18 am

Re: VLC freezing. Firefox and IE slow

Unread postby deltalima » February 15th, 2011, 2:54 pm

Hi chuky_r_law,

Now that you are clean, please follow these steps in order to keep your computer clean and secure.

Remove GMER

Delete the GMER icon from your desktop.

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Remove all used tools

Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: VLC freezing. Firefox and IE slow

Unread postby Cypher » February 16th, 2011, 5:51 am

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: pgmigg and 47 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware