Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer randomly freezing


  • This topic is locked This topic is locked
73 replies to this topic

#1 AlphaBoz

AlphaBoz

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 27 October 2009 - 04:22 PM

Link from "Am I Infected" Forum.

http://www.bleepingcomputer.com/forums/top...ml#entry1474483



DDS (Ver_09-10-26.01) - NTFSx86
Run by Administratorat 16:18:28.57 on Tue 10/27/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.139 [GMT -4:00]

AV: avast! antivirus 4.8.1351 [VPS 091027-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AOL 9.1\waol.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://msn.com
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: UberButton Class: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: YahooTaggedBM Class: {65d886a2-7ca7-479b-bb95-14d1efb7946a} - c:\program files\yahoo!\common\YIeTagBm.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AOLCC] ; "c:\program files\aol computer check-up\ACCAgnt.exe" /startup
uRun: [LogitechSoftwareUpdate] ; "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [Yahoo! Pager] ; c:\program files\yahoo!\messenger\ypager.exe -quiet
uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [HostManager] ; c:\program files\common files\aol\1127608286\ee\AOLSoftware.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] ; c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [KernelFaultCheck] ; %systemroot%\system32\dumprep 0 -k
mRun: [LogitechVideoRepair] ; c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] ; c:\program files\logitech\video\LogiTray.exe
mRun: [LVCOMSX] ; c:\windows\system32\LVCOMSX.EXE
mRun: [WinPatrol] ; c:\progra~1\billps~1\winpat~1\winpatrol.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/Dcode/ActiveX/MSDcode.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-8-12 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-8-12 20560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-13 206096]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2007-4-25 192896]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]

=============== Created Last 30 ================

2009-10-26 20:15:58 0 d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-10-26 20:13:24 2576 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-10-26 20:04:01 0 d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-26 19:53:34 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-10-26 19:53:28 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-26 19:53:21 0 d-----w- c:\windows\ie8updates
2009-10-26 19:52:26 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-10-26 19:48:23 0 dc-h--w- c:\windows\ie8
2009-10-21 13:28:26 0 d-----w- c:\documents and settings\Administrator\DoctorWeb
2009-10-19 16:35:21 0 d-----w- c:\docume~1\Administrator~1\applic~1\Malwarebytes
2009-10-19 16:35:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-19 16:35:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-19 15:38:04 1264960 ----a-w- C:\mbam-setup.exe
2009-10-19 14:34:21 629800 ----a-w- c:\program files\mbam-setup.exe
2009-10-17 15:56:53 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-10-17 15:56:20 0 d-----w- c:\program files\SUPERAntiSpyware
2009-10-17 15:56:20 0 d-----w- c:\docume~1\Administrator~1\applic~1\SUPERAntiSpyware.com
2009-10-17 15:54:15 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-10-17 10:50:11 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-10-17 10:50:11 399360 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-10-17 10:50:11 283648 ------w- c:\windows\system32\dllcache\pdh.dll
2009-10-17 10:50:11 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-10-17 10:50:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-10-17 10:50:09 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-10-16 21:02:41 0 d-----w- c:\windows\ServicePackFiles
2009-10-16 02:02:10 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-10-15 19:54:55 175104 ----a-w- c:\windows\system32\dllcache\OLD8A1.tmp
2009-10-15 19:54:50 42112 ----a-w- c:\windows\system32\dllcache\OLD89D.tmp
2009-10-15 19:54:45 216064 ----a-w- c:\windows\system32\dllcache\OLD899.tmp
2009-10-15 19:54:43 60970 ----a-w- c:\windows\system32\dllcache\OLD892.tmp
2009-10-15 19:54:43 18944 ----a-w- c:\windows\system32\dllcache\OLD895.tmp
2009-10-15 19:54:41 21533 ----a-w- c:\windows\system32\dllcache\OLD88E.tmp
2009-10-15 19:54:40 14976 ----a-w- c:\windows\system32\dllcache\OLD88A.tmp
2009-10-15 19:54:38 57399 ----a-w- c:\windows\system32\dllcache\OLD886.tmp
2009-10-15 19:52:45 11008 ----a-w- c:\windows\system32\dllcache\OLD714.tmp
2009-10-15 19:52:44 9728 ----a-w- c:\windows\system32\dllcache\OLD70C.tmp
2009-10-15 19:52:44 60416 ----a-w- c:\windows\system32\dllcache\OLD710.tmp
2009-10-15 19:52:43 5120 ----a-w- c:\windows\system32\dllcache\OLD708.tmp
2009-10-15 19:52:41 39552 ----a-w- c:\windows\system32\dllcache\OLD704.tmp
2009-10-15 19:52:36 3168 ----a-w- c:\windows\system32\dllcache\OLD700.tmp
2009-10-15 18:28:49 0 d-----w- c:\windows\EHome
2009-10-15 15:04:10 0 d-----w- c:\program files\Cobian Backup 8
2009-10-13 19:21:04 0 d-----w- c:\windows\system32\wbem\Repository
2009-10-10 02:04:16 0 d-----w- c:\program files\Smartparts
2009-10-07 08:41:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-07 08:41:13 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-04 14:12:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia
2009-10-04 14:11:59 0 d-----w- c:\program files\Cradle of Rome
2009-10-01 22:58:34 2024111 ----a-w- C:\Contacts.zip

==================== Find3M ====================

2009-10-27 20:00:57 37258 ----a-w- c:\docume~1\Administrator~1\applic~1\wklnhst.dat
2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:33:52 133632 ------w- c:\windows\system32\dllcache\msv1_0.dll
2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 20:45:26 58880 ------w- c:\windows\system32\dllcache\msasn1.dll
2009-08-29 08:08:21 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 08:08:21 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2009-08-29 08:08:21 1208832 ------w- c:\windows\system32\dllcache\urlmon.dll
2009-08-29 08:08:20 5940224 ------w- c:\windows\system32\dllcache\mshtml.dll
2009-08-29 08:08:20 206848 ------w- c:\windows\system32\dllcache\occache.dll
2009-08-29 08:08:18 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-08-29 08:08:18 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-08-29 08:08:18 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2009-08-29 08:08:18 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-08-29 08:08:17 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2009-08-29 08:08:16 11069440 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-08-29 08:08:13 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2009-08-28 10:35:52 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\dllcache\strmdll.dll
2009-08-06 23:24:18 327896 ----a-w- c:\windows\system32\dllcache\wucltui.dll
2009-08-06 23:24:18 209632 ----a-w- c:\windows\system32\dllcache\wuweb.dll
2009-08-06 23:24:10 35552 ----a-w- c:\windows\system32\dllcache\wups.dll
2009-08-06 23:24:06 53472 ----a-w- c:\windows\system32\dllcache\wuauclt.exe
2009-08-06 23:24:04 96480 ----a-w- c:\windows\system32\dllcache\cdm.dll
2009-08-06 23:23:54 575704 ----a-w- c:\windows\system32\dllcache\wuapi.dll
2009-08-06 23:23:46 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23:46 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23:46 1929952 ----a-w- c:\windows\system32\dllcache\wuaueng.dll
2009-08-05 09:11:47 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 09:11:47 204800 ----a-w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-04 14:00:46 2180352 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:00:46 2180352 ----a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-08-04 13:58:28 2136064 ----a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-08-04 13:13:35 2015744 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-08-04 13:13:32 2057728 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 13:13:32 2057728 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe

============= FINISH: 16:19:09.70 ===============

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:56 PM

Posted 28 October 2009 - 01:46 AM

Hello AlphaBoz,

And :( to the Bleeping Computer Malware Removal Forum[/b], My name is Elise. I'll be glad to help you with your computer problems.[/color]

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
Please be patient and I'd be grateful if you would note the following:
  • The cleaning process is not instant. DDS logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem.

Please give me some time to review your logs and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay
.


GMER
-------
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

In your next reply, please include the following:
  • GMER log

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 AlphaBoz

AlphaBoz
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 28 October 2009 - 12:42 PM

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-28 13:13:41
Windows 5.1.2600 Service Pack 2
Running: 6d6fc9zy.exe; Driver: C:\DOCUME~1\ADMINISTRATOR~1\LOCALS~1\Temp\uxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xEEBCE6B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xEEBCE574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xEEBCEA52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xEEBCE14C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xEEBCE64E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xEEBCE08C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xEEBCE0F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xEEBCE76E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xEEBCE72E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xEEBCE8AE]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2430 80501320 4 Bytes JMP D610EEBC
.text ntkrnlpa.exe!ZwCallbackReturn + 2708 805015F8 4 Bytes CALL 85C304B9

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[484] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe[512] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\WINDOWS\system32\services.exe[772] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[772] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.1\waol.exe[2036] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:56 PM

Posted 28 October 2009 - 01:33 PM

Hello AlphaBoz,

I see a few weird entries in your log, but nothing I can track back to a real problem. Lets see what combofix finds.

COMBOFIX
---------------
Please download ComboFix from one of these locations:Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


In your next reply, please include the following:
  • Combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 AlphaBoz

AlphaBoz
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 28 October 2009 - 06:46 PM

I'm in the process of downloading Combofix right now. While I was downloading, I got and error message stating:

AOL software has encounted a problem and needs to close. We are sorry for the inconvience.
If you were in the middle os something, the information you were working on might be lost.

While using the mousepad on the laptop to go over and close, it accidently registered the click on debug. I closed it out..got bumped offline yet the combofix continued to download. I'm not sure if there is going to be a glitch in it, or not. I don't know if I should try to run it, or delete it and start over, or just download it and copy over the same file. oooo I'm so sorry.

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:56 PM

Posted 29 October 2009 - 01:49 AM

Don't panic :( Before running, Combofix verifies the content of the package, so if there is a problem with it, you will be notified.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 AlphaBoz

AlphaBoz
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 29 October 2009 - 03:15 AM

ComboFix 09-10-27.08 - Administrator 10/29/2009 3:31.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.230 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091028-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1576362823-3518571650-1137313449-1003
c:\recycler\S-1-5-21-1708537768-308236825-839522115-1003
c:\recycler\S-1-5-21-2251041230-3104408477-792868946-500
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\bszip.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-29 )))))))))))))))))))))))))))))))
.

2009-10-26 20:16 . 2009-10-26 20:16 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-26 20:15 . 2009-10-26 20:15 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-10-26 20:04 . 2009-10-26 20:04 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-26 19:53 . 2009-08-29 08:08 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-10-26 19:53 . 2009-08-29 08:08 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-26 19:53 . 2009-10-26 19:54 -------- d-----w- c:\windows\ie8updates
2009-10-26 19:52 . 2009-08-07 08:48 100352 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-10-26 19:48 . 2009-10-26 19:52 -------- dc-h--w- c:\windows\ie8
2009-10-21 13:28 . 2009-10-21 13:28 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb
2009-10-19 16:35 . 2009-10-19 16:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-10-19 16:35 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-19 16:35 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-19 15:38 . 2009-10-19 15:38 1264960 ----a-w- C:\mbam-setup.exe
2009-10-19 14:34 . 2009-10-19 14:34 629800 ----a-w- c:\program files\mbam-setup.exe
2009-10-17 15:56 . 2009-10-17 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-10-17 15:56 . 2009-10-17 15:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-17 15:56 . 2009-10-17 15:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-10-17 15:54 . 2009-10-17 15:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-17 10:50 . 2009-03-06 14:44 283648 ------w- c:\windows\system32\dllcache\pdh.dll
2009-10-17 10:50 . 2009-02-09 10:20 399360 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-10-17 10:50 . 2009-02-09 10:20 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-10-17 10:50 . 2009-02-06 17:14 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-10-17 10:50 . 2009-02-06 16:39 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-10-17 10:50 . 2009-02-09 10:20 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-10-16 21:02 . 2009-10-16 21:02 -------- d-----w- c:\windows\ServicePackFiles
2009-10-16 02:02 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-10-15 18:28 . 2009-10-15 18:28 -------- d-----w- c:\windows\EHome
2009-10-15 15:04 . 2009-10-15 15:07 -------- d-----w- c:\program files\Cobian Backup 8
2009-10-13 19:21 . 2009-10-13 19:21 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-10 02:04 . 2009-10-10 02:04 -------- d-----w- c:\program files\Smartparts
2009-10-07 08:41 . 2009-10-07 08:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-07 08:41 . 2009-10-19 16:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-04 14:12 . 2009-10-04 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-10-04 14:11 . 2009-10-05 05:12 -------- d-----w- c:\program files\Cradle of Rome
2009-10-01 22:58 . 2009-10-01 22:58 2024111 ----a-w- C:\Contacts.zip

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-29 00:40 . 2008-05-17 16:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-10-28 23:17 . 2005-09-16 18:25 37598 ----a-w- c:\documents and settings\Administrator\Application Data\wklnhst.dat
2009-10-26 20:13 . 2009-10-26 20:13 2576 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-10-26 19:15 . 2008-07-31 03:22 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-10-13 19:19 . 2005-11-06 06:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-07 12:20 . 2005-11-06 06:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-01 20:37 . 2007-04-25 13:25 -------- d-----w- c:\program files\CCleaner
2009-09-11 14:33 . 2004-08-04 08:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:16 . 2004-08-04 08:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 16:10 . 2009-08-12 16:30 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2009-08-12 16:32 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2009-08-12 16:32 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2009-08-12 16:32 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2009-08-12 16:32 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2009-08-12 16:32 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2009-08-12 16:32 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2009-08-12 16:32 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2009-08-12 16:32 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-06 23:24 . 2004-08-04 08:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2004-08-04 08:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2005-07-08 11:33 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2005-05-26 08:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2004-08-04 08:00 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-04 08:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2004-08-04 08:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2005-11-10 02:19 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2005-05-26 09:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 23:23 . 2004-08-04 08:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:11 . 2004-08-04 08:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 14:00 . 2004-08-04 08:00 2180352 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 13:13 . 2004-08-04 08:00 2057728 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-11 68856]
"AOLCC"="c:\program files\AOL Computer Check-Up\ACCAgnt.exe" [2005-02-09 326232]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\ypager.exe" [2005-08-19 3084288]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2007-10-31 50528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-22 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-11-05 233534]
"HostManager"="c:\program files\Common Files\AOL\1127608286\ee\AOLSoftware.exe" [2008-06-24 41824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-02-05 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"WinPatrol"="c:\progra~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-10-05 222784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 8.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 8.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VersionTrackerPro.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\VersionTrackerPro.lnk
backup=c:\windows\pss\VersionTrackerPro.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\America Online 9.0b\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1127608286\\ee\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AOL\\RC\\regclient.exe"=
"c:\\Program Files\\Common Files\\AOL\\1127608286\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.0a\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [8/12/2009 12:32 PM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 9:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 9:24 PM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8/12/2009 12:32 PM 20560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/13/2008 1:40 AM 206096]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [4/25/2007 8:50 AM 192896]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 9:24 PM 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-28 c:\windows\Tasks\ashQuick Avast schedule.job
- c:\program files\Alwil Software\Avast4\ashQuick.exe [2009-08-12 16:02]

2009-10-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-18 09:33]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://msn.com
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
TCP: {9A9684FD-7163-4DE9-B488-5FDBBAF44619} = 205.188.146.145
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-29 03:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????4?0?8?4??@???? ?,?B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2251041230-3104408477-792868946-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-10-29 3:43
ComboFix-quarantined-files.txt 2009-10-29 07:43

Pre-Run: 27,570,524,160 bytes free
Post-Run: 27,609,538,560 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - CFD6340C3A90B087731242D742E90FE7

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:56 PM

Posted 29 October 2009 - 06:01 AM

Do you still have SREng (we used it in the Am I Infected forum)? If so, open it and click on the System Repair tab.

Look on the File Associations tab. You will see a list of extensions there. Look if all extensions have status Normal .
If there are associations that have another status, please list them here.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 AlphaBoz

AlphaBoz
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 29 October 2009 - 12:38 PM

I have the
Sreng2.zip - WinRar (Evaluation copy)
When I open it up, that is the title and my options are

Add, Extract to, test, view, delete, find, wizard, info, VirusScan, Comments, SFX

I can't find the a system restore tab, nor is there a system restore under
File, Commands, Tools, Favorites, Options, Help

What do I do with it, to get it to the right place?

I just saw, there is a place for me to click on the SREnLdr.EXE to run the application again. If I run that, will the right tab come up?

Edited by AlphaBoz, 29 October 2009 - 12:40 PM.


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:56 PM

Posted 29 October 2009 - 01:13 PM

I just saw, there is a place for me to click on the SREnLdr.EXE to run the application again. If I run that, will the right tab come up?

Yes, this should open the application.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 AlphaBoz

AlphaBoz
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 29 October 2009 - 01:42 PM

Checked box, Error, .CHM Handle the .CHM open method "%SYSTEMROOT%\hh.exe"%1

A box opened up saying
Sysem Repair Engineer

[Aug.26, 2009] System Repair
Engineer (SREng) 2.81 final
(2.8.1.1279) is available now. You
Can download it from
http://www.kztech.com

OK

KZTech.com < AlphaBoz note:that's a link

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:56 PM

Posted 29 October 2009 - 01:49 PM

Right click on the sreng2.zip and select Extract here. The extracted folder will be created in the same location as sreng2.zip

Now Open that new folder and doubleclick on sreng2.exe. If you get a security warning, allow it to run.

Look on the File Associations tab. You will see a list of extensions there. Look if all extensions have status Normal .
If there are associations that have another status, please list them here.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 AlphaBoz

AlphaBoz
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 29 October 2009 - 03:10 PM

The results are the same as post # 11. We must have been posting our responses about the same time and it got missed

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,831 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:07:56 PM

Posted 29 October 2009 - 03:12 PM

Do you still have SREng (we used it in the Am I Infected forum)? If so, open it and click on the System Repair tab.

Sorry, that has to be the system repair button. Do you have that there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 AlphaBoz

AlphaBoz
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 29 October 2009 - 04:30 PM

Those were the result when I clicked on system repair, The file association tab said everything was normal except

.CHM Handle the .CHM open method "%SYSTEMROOT%\hh.exe"%1

I repeated this for post # 13, with this same results.

This time, when I clicked on SREngLdr it game me and error message and did a scan.

2009-10-29,17:13:19

System Repair Engineer 2.8.1.1279 Emergency Scan Mode
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)

Follow item(s) have been selected:
	All Boot Items (Including Registry, Startup Folders, Services and so on)
	Browser Add-ons
	Running Processes (Including process model information)
	File Associations
	Winsock Provider
	Autorun.Inf
	HOSTS File
	Process Privileges Scan
	Scheduled Tasks
	Windows Security Update Check



Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

	<swg><"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe">  [(Verified)Google Inc]

	<AOLCC><; "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup>  [(Verified)"Americ]

	<LogitechSoftwareUpdate><; "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot>  [File is missing]

	<Yahoo! Pager><; C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet>  []

	<AOL Fast Start><"C:\Program Files\AOL 9.1\AOL.EXE" -b>  [(Verified)AOL LLC]

	<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

	<ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]

	<SynTPLpr><C:\Program Files\Synaptics\SynTP\SynTPLpr.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]

	<SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]

	<eabconfg.cpl><C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start>  [Hewlett-Packard ]

	<Cpqset><C:\Program Files\HPQ\Default Settings\cpqset.exe>  []

	<HostManager><; C:\Program Files\Common Files\AOL\1127608286\ee\AOLSoftware.exe>  [(Verified)AOL LLC]

	<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Computer, Inc.]

	<Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]

	<avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe>  [(Verified)ALWIL Software]

	<SunJavaUpdateSched><"C:\Program Files\Java\jre6\bin\jusched.exe">  [(Verified)"Sun Microsystems, Inc."]

	<HP Software Update><; C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe>  [Hewlett-Packard Co.]

	<LogitechVideoRepair><; C:\Program Files\Logitech\Video\ISStart.exe >  [Logitech Inc.]

	<LogitechVideoTray><; C:\Program Files\Logitech\Video\LogiTray.exe>  [Logitech Inc.]

	<LVCOMSX><; C:\WINDOWS\system32\LVCOMSX.EXE>  [Logitech Inc.]

	<WinPatrol><; C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe>  [(Verified)BillP Studios]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

	<shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]

	<Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]

	<UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

	<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]

	<{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}><C:\Program Files\SUPERAntiSpyware\SASSEH.DLL>  [SuperAdBlocker.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

	<PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]

	<CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]

	<WebCheck><%Systemroot%\system32\webcheck.dll>  [(Verified)Microsoft Windows]

	<SysTray><%systemroot%\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

	<WinlogonNotify: !SASWinLogon><C:\Program Files\SUPERAntiSpyware\SASWINLO.dll>  [SUPERAntiSpyware.com]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

	<WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

	<WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

	<WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

	<WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

	<WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

	<WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

	<WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

	<WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

	<WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

	<WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

	<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]

	<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]

	<Internet Explorer Version Update><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

	<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]

	<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

	<Browser Customizations><"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]

	<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]

	<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]

	<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]

	<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]

	<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]

	<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

	<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

	<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]

	<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]

	<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]

	<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]



==================================
Startup Folders
N/A

==================================
Services
[AOL Connectivity Service / AOL ACS][Running/Auto Start]

  <"C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"><AOL LLC>

[Application Management / AppMgmt][Stopped/Manual Start]

  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>

[ASP.NET State Service / aspnet_state][Stopped/Manual Start]

  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>

[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]

  <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>

[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]

  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>

[avast! Antivirus / avast! Antivirus][Running/Auto Start]

  <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>

[avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]

  <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>

[avast! Web Scanner / avast! Web Scanner][Running/Manual Start]

  <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>

[Google Software Updater / gusvc][Stopped/Auto Start]

  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>

[Human Interface Device Access / HidServ][Stopped/Disabled]

  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>

[HP WMI Interface / hpqwmi][Stopped/Manual Start]

  <C:\Program Files\HPQ\Shared\hpqwmi.exe><Hewlett-Packard Development Company, L.P.>

[iPod Service / iPodService][Stopped/Manual Start]

  <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Computer, Inc.>

[Java Quick Starter / JavaQuickStarterService][Running/Auto Start]

  <"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"><Sun Microsystems, Inc.>

[McAfee SiteAdvisor Service / McAfee SiteAdvisor Service][Running/Auto Start]

  <"C:\Program Files\McAfee\SiteAdvisor\McSACore.exe"><>

[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Manual Start]

  <C:\WINDOWS\system32\HPZipm12.exe><HP>

[Remote Access Connection Manager / RasMan][Running/Manual Start]

  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\rasmans.dll><Microsoft Corporation>

[WAN Miniport (ATW) Service / WANMiniportService][Running/Auto Start]

  <"C:\WINDOWS\wanmpsvc.exe"><America Online, Inc.>



==================================
Drivers
[AliIde / AliIde][Running/Boot Start]

  <\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>

[AMD Processor Driver / AmdK8][Running/System Start]

  <system32\DRIVERS\AmdK8.sys><Advanced Micro Devices>

[aswFsBlk / aswFsBlk][Running/Auto Start]

  <system32\DRIVERS\aswFsBlk.sys><ALWIL Software>

[ati2mtag / ati2mtag][Running/Manual Start]

  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>

[Broadcom 802.11 Network Adapter Driver / BCM43XX][Running/Manual Start]

  <system32\DRIVERS\bcmwl5.sys><Broadcom Corporation>

[Conexant AMC Audio / CAMCAUD][Running/Manual Start]

  <system32\drivers\camc6aud.sys><Conexant Systems Inc.>

[CAMCHALA / CAMCHALA][Running/Manual Start]

  <system32\drivers\camc6hal.sys><Conexant Systems Inc.>

[catchme / catchme][Stopped/Manual Start]

  <\??\C:\DOCUME~1\Administrator~1\LOCALS~1\Temp\catchme.sys><N/A>

[eabfiltr / eabfiltr][Running/System Start]

  <\??\C:\WINDOWS\system32\drivers\EABFiltr.sys><Hewlett-Packard Company>

[eabusb / eabusb][Stopped/Manual Start]

  <\??\C:\WINDOWS\system32\drivers\eabusb.sys><Hewlett-Packard Company>

[GEAR CDRom Filter / GEARAspiWDM][Running/Manual Start]

  <SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>

[IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start]

  <system32\DRIVERS\HPZid412.sys><HP>

[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start]

  <system32\DRIVERS\HPZipr12.sys><HP>

[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start]

  <system32\DRIVERS\HPZius12.sys><HP>

[HSFHWATI / HSFHWATI][Running/Manual Start]

  <system32\DRIVERS\HSFHWATI.sys><Conexant Systems, Inc.>

[HSF_DP / HSF_DP][Running/Manual Start]

  <system32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>

[Logitech USB Monitor Filter / LVUSBSta][Stopped/Manual Start]

  <system32\drivers\lvusbsta.sys><Logitech Inc.>

[mdmxsdk / mdmxsdk][Running/Auto Start]

  <system32\DRIVERS\mdmxsdk.sys><Conexant>

[Maxtor OneTouch Security Driver / MXOPSWD][Stopped/Manual Start]

  <system32\DRIVERS\mxopswd.sys><Maxtor Corp.>

[Volume Adapter / pepifilter][Stopped/Manual Start]

  <system32\DRIVERS\lv302af.sys><Logitech Inc.>

[QuickCam IM(PID_08A0) / PID_08A0][Stopped/Manual Start]

  <system32\DRIVERS\LV302AV.SYS><Logitech Inc.>

[Direct Parallel Link Driver / Ptilink][Running/Manual Start]

  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>

[PxHelp20 / PxHelp20][Running/Boot Start]

  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>

[Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]

  <system32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>

[SASDIFSV / SASDIFSV][Running/System Start]

  <\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS><SUPERAdBlocker.com and SUPERAntiSpyware.com>

[SASENUM / SASENUM][Stopped/Manual Start]

  <\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS><SUPERAdBlocker.com and SUPERAntiSpyware.com>

[SASKUTIL / SASKUTIL][Running/System Start]

  <\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys><SUPERAdBlocker.com and SUPERAntiSpyware.com>

[Secdrv / Secdrv][Stopped/Manual Start]

  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>

[SMC IrCC Miniport Device Driver / SMCIRDA][Stopped/Manual Start]

  <system32\DRIVERS\smcirda.sys><SMC>

[Synaptics TouchPad Driver / SynTP][Running/Manual Start]

  <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>

[tifm21 / tifm21][Running/Manual Start]

  <system32\drivers\tifm21.sys><Texas Instruments>

[tmcomm / tmcomm][Running/Auto Start]

  <\??\C:\WINDOWS\system32\drivers\tmcomm.sys><Trend Micro Inc.>

[WAN Miniport (ATW) / wanatw][Running/Manual Start]

  <system32\DRIVERS\wanatw4.sys><America Online, Inc.>

[winachsf / winachsf][Running/Manual Start]

  <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>



==================================
Browser Add-ons
[Yahoo! Toolbar Helper]

  {02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll, (Signed) Yahoo! Inc.>

[Adobe PDF Link Helper]

  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>

[Spybot-S&D IE Protection]

  {53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, (Signed) Safer Networking Limited>

[UberButton Class]

  {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} <C:\Program Files\Yahoo!\Common\yiesrvc.dll, (Signed) Yahoo!>

[YahooTaggedBM Class]

  {65D886A2-7CA7-479B-BB95-14D1EFB7946A} <C:\Program Files\Yahoo!\Common\YIeTagBm.dll, (Signed) Yahoo! Inc.>

[AOL Toolbar Launcher]

  {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} <C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll, (Signed) AOL LLC>

[Google Toolbar Helper]

  {AA58ED58-01DD-4d91-8333-CF10577473F7} <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) Google Inc.>

[Google Toolbar Notifier BHO]

  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll, (Signed) Google Inc.>

[McAfee SiteAdvisor BHO]

  {B164E929-A1B6-4A06-B104-2CD0E90A88FF} <c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll, (Signed) >

[Google Dictionary Compression sdch]

  {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} <C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll, (Signed) Google Inc.>

[Java(tm) Plug-In 2 SSV Helper]

  {DBC80044-A445-435b-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, (Signed) Sun Microsystems, Inc.>

[JQSIEStartDetectorImpl Class]

  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.>

[AOL Toolbar]

  {3369AF0D-62E9-4bda-8103-B4C75499B578} <C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll, (Signed) AOL LLC>

[UberButton Class]

  {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} <C:\Program Files\Yahoo!\Common\yiesrvc.dll, (Signed) Yahoo!>

[&Research]

  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>

[Real.com]

  {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} <C:\WINDOWS\system32\Shdocvw.dll, (Signed) Microsoft Corporation>

[Spybot-S&D IE Protection]

  {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, (Signed) Safer Networking Limited>

[]

  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>

[Messenger]

  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>

[Yahoo! Toolbar]

  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll, (Signed) Yahoo! Inc.>

[AOL Toolbar]

  {DE9C389F-3316-41A7-809B-AA305ED9D922} <C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll, (Signed) AOL LLC>

[McAfee SiteAdvisor Toolbar]

  {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} <c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll, (Signed) >

[Google Toolbar]

  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) Google Inc.>

[Microsoft Data Collection Control]

  {0742B9EF-8C83-41CA-BFBA-830A59E23533} <C:\WINDOWS\Downloaded Program Files\MSDcode.dll, (Signed) Microsoft Corp>

[OnlineScanner Control]

  {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} <C:\WINDOWS\system32\ONLINE~1.OCX, Eset>

[Windows Live Safety Center Base Module]

  {5ED80217-570B-4DA9-BF44-BE107C0EC166} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\wlscBase.dll, (Signed) Microsoft Corporation>

[OnlineScanner Control]

  {7530BFB8-7293-4D34-9923-61A11451AFC5} <C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX, (Signed) Eset>

[Java Plug-in 1.6.0_15]

  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >

[Java Plug-in 1.6.0_07]

  {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >

[Java Plug-in 1.6.0_15]

  {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >

[Java Plug-in 1.6.0_15]

  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_15.dll, (Signed) Sun Microsystems, Inc.>

[]

  {E2883E8F-472F-4FB0-9522-AC9BF37916A7} <, >

[Google Script Object]

  {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) Google Inc.>

[Yahoo! Toolbar Helper]

  {02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll, (Signed) Yahoo! Inc.>

[Adobe PDF Reader Link Helper]

  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>

[]

  {089FD14D-132B-48FC-8861-0048AE113215} <, >

[]

  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >

[]

  {0BF43445-2F28-4351-9252-17FE6E806AA0} <, >

[McAfee SiteAdvisor Toolbar]

  {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} <c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll, (Signed) >

[Windows Genuine Advantage Validation Tool]

  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, (Signed) Microsoft Corporation>

[Adobe PDF Link Helper]

  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>

[Google Toolbar]

  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) Google Inc.>

[HTML Document]

  {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>

[XML DOM Document]

  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>

[]

  {3369AF0D-62E9-4BDA-8103-B4C75499B578} <, >

[XML Document]

  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>

[]

  {4982D40A-C53B-4615-B15B-B5B5E98D167C} <, >

[Spybot-S&D IE Protection]

  {53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, (Signed) Safer Networking Limited>

[UberButton Class]

  {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} <C:\Program Files\Yahoo!\Common\yiesrvc.dll, (Signed) Yahoo!>

[WUWebControl Class]

  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>

[YahooTaggedBM Class]

  {65D886A2-7CA7-479B-BB95-14D1EFB7946A} <C:\Program Files\Yahoo!\Common\YIeTagBm.dll, (Signed) Yahoo! Inc.>

[Windows Media Player]

  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>

[MUWebControl Class]

  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>

[OnlineScanner Control]

  {7530BFB8-7293-4D34-9923-61A11451AFC5} <C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX, (Signed) Eset>

[]

  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <, >

[AOL Toolbar Launcher]

  {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} <C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll, (Signed) AOL LLC>

[Microsoft Web Browser]

  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>

[]

  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >

[Google Toolbar Helper]

  {AA58ED58-01DD-4D91-8333-CF10577473F7} <C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll, (Signed) Google Inc.>

[Google Toolbar Notifier BHO]

  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll, (Signed) Google Inc.>

[McAfee SiteAdvisor BHO]

  {B164E929-A1B6-4A06-B104-2CD0E90A88FF} <c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll, (Signed) >

[Google Dictionary Compression sdch]

  {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} <C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll, (Signed) Google Inc.>

[Deployment Toolkit]

  {CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} <C:\WINDOWS\system32\deploytk.dll, (Signed) Sun Microsystems, Inc.>

[AUDIO__MID Moniker Class]

  {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>

[AUDIO__MP3 Moniker Class]

  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>

[]

  {CD67F990-D8E9-11D2-98FE-00C0F0318AFE} <, >

[Microsoft Url Search Hook]

  {CFBFAE00-17A6-11D0-99CB-00C04FD64497} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>

[Shockwave Flash Object]

  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>

[MessengerChecker Class]

  {DA4F543C-C8A9-4E88-9A79-548CBB46F18F} <C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll, TODO: <Company name>>

[Java(tm) Plug-In 2 SSV Helper]

  {DBC80044-A445-435B-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, (Signed) Sun Microsystems, Inc.>

[AOL Toolbar]

  {DE9C389F-3316-41A7-809B-AA305ED9D922} <C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll, (Signed) AOL LLC>

[]

  {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <, >

[]

  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >

[JQSIEStartDetectorImpl Class]

  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.>

[XML HTTP Request]

  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>

[Yahoo! Toolbar]

  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll, (Signed) Yahoo! Inc.>

[XML DOM Document]

  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>

[XML HTTP]

  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>

[]

  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >



==================================
Running Processes


[PID: 648 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]



[PID: 700 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]



[PID: 732 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

	[C:\Program Files\SUPERAntiSpyware\SASWINLO.dll]  [SUPERAntiSpyware.com, 1, 0, 0, 1054]

	[C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4118]



[PID: 776 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.3520 (xpsp_sp2_gdr.090206-1233)]



[PID: 788 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]



[PID: 928 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4118]

	[C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2497]



[PID: 944 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]



[PID: 1020 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]



[PID: 1060 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

	[C:\WINDOWS\System32\rasmans.dll]  [Microsoft Corporation, 5.1.2600.2908 (xpsp_sp2_gdr.060513-0343)]



[PID: 1124 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]



[PID: 1308 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]



[PID: 1492 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]

	[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 8, 1351, 0]



[PID: 1544 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\aswAux.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]

	[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\aswEngin.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\aswScan.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\ashBase.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\ashTask.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\aswInteg.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\aswIdle.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\AavmRpch.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\English\Base.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\AhResMai.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\ahResMes.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\AhResNS.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\AhResOut.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\ahResP2P.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\AhResStd.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\AhResWS.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\aswRes.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\McAfee\SiteAdvisor\saHook.dll]  [, ]



[PID: 1804 / Administrator][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4118]

	[C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2497]



[PID: 1864 / Administrator][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]

	[C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.13.0.1 02Feb05]

	[C:\Program Files\McAfee\SiteAdvisor\saHook.dll]  [, ]

	[C:\Program Files\AOL 9.1\idleproc.dll]  [AOL, LLC., 9.05.001]

	[C:\Program Files\SUPERAntiSpyware\SASSEH.DLL]  [SuperAdBlocker.com, 1, 0, 0, 1012]

	[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 9.1.0.2009022700]

	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]

	[C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll]  [Malwarebytes Corporation, 1, 2, 0, 0]

	[C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL]  [SUPERAntiSpyware.com, 1, 0, 0, 1004]

	[C:\PROGRA~1\Yahoo!\Common\ymmapi20041123.dll]  [Yahoo! Inc., 2004, 11, 23, 1]

	[C:\Program Files\WinRAR\rarext.dll]  [, ]

	[C:\Program Files\Alwil Software\Avast4\ashShell.dll]  [ALWIL Software, 4, 8, 1351, 0]



[PID: 156 / Administrator][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  [ATI Technologies, Inc., 6.14.10.5137]

	[C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  [ATI Technologies, Inc., 6.14.10.5137]

	[C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.ENU]  [ATI Technologies, Inc., 6.14.10.5137]

	[C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll]  [ATI Technologies, Inc., 6.14.10.5137]

	[C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.13.0.1 02Feb05]



[PID: 200 / Administrator][C:\Program Files\Synaptics\SynTP\SynTPLpr.exe]  [Synaptics, Inc., 7.13.0.1 02Feb05]

	[C:\WINDOWS\system32\SynCOM.dll]  [Synaptics, Inc., 7.13.0.1 02Feb05]

	[C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.13.0.1 02Feb05]



[PID: 220 / Administrator][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe]  [Synaptics, Inc., 7.13.0.1 02Feb05]

	[C:\WINDOWS\system32\SynCOM.dll]  [Synaptics, Inc., 7.13.0.1 02Feb05]

	[C:\WINDOWS\system32\SynTPAPI.dll]  [Synaptics, Inc., 7.13.0.1 02Feb05]

	[C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.13.0.1 02Feb05]

	[C:\Program Files\McAfee\SiteAdvisor\saHook.dll]  [, ]

	[C:\Program Files\AOL 9.1\idleproc.dll]  [AOL, LLC., 9.05.001]



[PID: 228 / Administrator][C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe]  [Hewlett-Packard , 5, 1, 1, 2]

	[C:\Program Files\McAfee\SiteAdvisor\saHook.dll]  [, ]

	[C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.13.0.1 02Feb05]

	[C:\Program Files\HPQ\Quick Launch Buttons\CPQINFO.DLL]  [Hewlett-Packard , 5, 1, 1, 2]

	[C:\Program Files\HPQ\Quick Launch Buttons\HPQPRES.DLL]  [Hewlett-Packard , 5, 1, 1, 2]



[PID: 256 / Administrator][C:\Program Files\QuickTime\qttask.exe]  [Apple Computer, Inc., 6.5.1]



[PID: 348 / Administrator][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]

	[C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\English\Base.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\English\Lang.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]

	[C:\WINDOWS\system32\MFC71ENU.DLL]  [Microsoft Corporation, 7.10.3077.0]

	[C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.13.0.1 02Feb05]

	[c:\program files\alwil software\avast4\ahruimai.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\PROGRA~1\ALWILS~1\Avast4\uiAux2.dll]  [ALWIL Software, 4, 8, 1317, 0]

	[C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll]  [Codejock Software, 1, 9, 4, 0]

	[c:\program files\alwil software\avast4\ahruimes.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[c:\program files\alwil software\avast4\ahruins.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[c:\program files\alwil software\avast4\ahruiout.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[c:\program files\alwil software\avast4\ahruip2p.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[c:\program files\alwil software\avast4\ahruistd.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[c:\program files\alwil software\avast4\ahruiws.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\McAfee\SiteAdvisor\saHook.dll]  [, ]



[PID: 364 / Administrator][C:\Program Files\Java\jre6\bin\jusched.exe]  [Sun Microsystems, Inc., 6.0.150.3]

	[C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.13.0.1 02Feb05]



[PID: 380 / Administrator][C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe]  [Google Inc., 2, 0, 301, 1654]

	[C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\gtn.dll]  [Google Inc., 5, 3, 4501, 1418]

	[C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.13.0.1 02Feb05]

	[C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll]  [Google Inc., 5, 3, 4501, 1418]

	[C:\Program Files\McAfee\SiteAdvisor\saHook.dll]  [, ]



[PID: 448 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

	[C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.13.0.1 02Feb05]



[PID: 452 / Administrator][C:\Program Files\AOL 9.1\waol.exe]  [AOL, LLC., 9.05.001]

	[C:\Program Files\AOL 9.1\waol.dll]  [AOL, LLC., 9.05.001]

	[C:\Program Files\AOL 9.1\supersub.dll]  [AOL, LLC., 9.05.001]

	[C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]

	[C:\Program Files\AOL 9.1\xprt6.dll]  [AOL LLC, 6.4.2.5579]

	[C:\Program Files\AOL 9.1\coolcore47.dll]  [AOL LLC, 4.7.1.5579]

	[C:\Program Files\AOL 9.1\zlib.dll]  [, 1.1.4]

	[C:\Program Files\AOL 9.1\xmlparse.dll]  [N/A, ]

	[C:\Program Files\AOL 9.1\xmltok.dll]  [N/A, ]

	[C:\Program Files\AOL 9.1\comm.dll]  [AOL, LLC., 9.05.001]

	[C:\Program Files\AOL 9.1\manager.dll]  [AOL, LLC., 9.05.001]

	[C:\Program Files\AOL 9.1\SYNCCORE.dll]  [AOL, LLC., 9.05.001]

	[C:\Program Files\AOL 9.1\ProxyMgr.dll]  [AOL LLC., 9.05.001]

	[C:\Program Files\AOL 9.1\APPDATA.dll]  [AOL, LLC., 9.05.001]

	[C:\Program Files\AOL 9.1\acfBase.DLL]  [America Online, 1, 0, 0, 1]

	[C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.13.0.1 02Feb05]

	[C:\Program Files\McAfee\SiteAdvisor\saHook.dll]  [, ]

	[C:\Program Files\AOL 9.1\resource.dll]  [AOL, LLC., 9.05.001]

	[C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll]  [AOL LLC, 3.3.14.1]

	[C:\Program Files\Common Files\AOL\1127608286\ee\AOLSvcMgr.dll]  [AOL LLC, 16.0.2.1]

	[C:\Program Files\Common Files\AOL\ACS\AcsCmn.dll]  [AOL LLC, 4.8.8.4			  ]

	[C:\Program Files\AOL 9.1\TOOL\imfdecode.rct]  [AOL, LLC., 9.05.001]

	[C:\Program Files\AOL 9.1\TOOL\coretool.rct]  [AOL, LLC., 9.05.001]

	[C:\Program Files\AOL 9.1\DUNZIP32.dll]  [Inner Media, Inc., 4.00.04]

	[C:\Program Files\AOL 9.1\TOOL\mip.tol]  [AOL, LLC., 9.05.001]

	[C:\Program Files\AOL 9.1\ABOOK.dll]  [AOL, LLC., 9.05.001]

	[C:\Program Files\AOL 9.1\TOOL\rich.rct]  [AOL, LLC., 9.05.001]

	[C:\Program Files\AOL 9.1\TOOL\actvx.rct]  [AOL, LLC., 9.05.001]

	[C:\Program Files\AOL 9.1\TOOL\sec.cct]  [AOL, LLC., 9.05.001]

	[C:\Program Files\AOL 9.1\TOOL\chat.tol]  [AOL, LLC., 9.05.001]

	[C:\Program Files\AOL 9.1\TOOL\htmlview.tol]  [AOL, LLC., 9.05.001]

	[C:\Program Files\AOL 9.1\TOOL\www.tol]  [AOL, LLC., 9.05.001]

	[C:\Program Files\AOL 9.1\TOOL\lvi.tol]  [AOL, LLC., 9.05.001]

	[C:\Program Files\AOL 9.1\COOLAPI.dll]  [AOL, LLC., 9.05.001]

	[C:\Program Files\AOL 9.1\idleproc.dll]  [AOL, LLC., 9.05.001]

	[C:\Program Files\AOL 9.1\TOOL\session.tol]  [AOL, LLC., 9.05.001]

	[C:\Program Files\AOL 9.1\TOOL\talk.tol]  [AOL, LLC., 9.05.001]

	[C:\Program Files\America Online 8.0\AMH.dll]  [, 8, 0, 0, 1]

	[C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll]  [Viewpoint Corporation, 3, 2, 2, 26]

	[C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr.dll]  [Viewpoint Corporation, 3, 2, 2, 26]

	[C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll]  [Viewpoint Corporation, 3, 2, 2, 26]

	[C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll]  [Viewpoint Corporation, 3, 2, 2, 26]

	[C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll]  [Viewpoint Corporation, 3, 2, 2, 26]

	[C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll]  [Viewpoint Corporation, 3, 2, 2, 26]

	[C:\WINDOWS\system32\jgpl400.dll]  [Johnson-Grace Company, 054]

	[C:\WINDOWS\system32\jgdw400.dll]  [America Online, 106]

	[C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL]  [Microsoft Corporation, 1.0.1038.0]

	[C:\Program Files\AOL 9.1\MIMEHook.dll]  [AOL, LLC., 9.05.001]

	[C:\Program Files\AOL 9.1\Components\Tier2Svc.dll]  [, 1, 0, 0, 1]

	[C:\Program Files\Common Files\AOL\ACF\ActCntxt.dll]  [AOL, LLC., 9.05.001]

	[C:\Program Files\Common Files\AOL\ACF\StaActvr.dll]  [AOL, LLC., 9.05.001]

	[C:\Program Files\AOL 9.1\Components\DataSvcs.dll]  [, 1, 0, 0, 1]

	[c:\program files\common files\aol\1127608286\ee\services\proxyprovider\ver1_0_0_1\proxyprovider.dll]  [, 1, 0, 0, 1]

	[C:\Program Files\Common Files\AOL\1127608286\ee\tai2.dll]  [AOL LLC., 3, 1, 1, 5]

	[C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx]  [Adobe Systems, Inc., 10,0,22,87]

	[C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)]

	[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll]  [Microsoft Corporation, 1.1.4322.2443]



[PID: 1132 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]

	[C:\WINDOWS\system32\hpzsnt10.dll]  [HP, 2.323.0.0]



[PID: 1232 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]



[PID: 1252 / SYSTEM][C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe]  [AOL LLC, 4.6.1.2			  ]

	[C:\Program Files\Common Files\AOL\ACS\AOLacsd.dll]  [AOL LLC, 4.8.8.4			  ]

	[C:\Program Files\Common Files\AOL\ACS\xpat.dll]  [AOL LLC, 4.8.8.4			  ]

	[C:\Program Files\Common Files\AOL\ACS\ACSMDiag.dll]  [AOL LLC, 4.8.8.4			  ]

	[C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll]  [AOL LLC, 3.3.14.1]

	[C:\Program Files\Common Files\AOL\ACS\AcsCmn.dll]  [AOL LLC, 4.8.8.4			  ]

	[C:\Program Files\Common Files\AOL\ACS\ACSSwu.dll]  [AOL LLC, 4.8.8.4			  ]

	[C:\Program Files\McAfee\SiteAdvisor\saHook.dll]  [, ]



[PID: 1464 / SYSTEM][C:\Program Files\Java\jre6\bin\jqs.exe]  [Sun Microsystems, Inc., 6.0.150.3]



[PID: 1588 / SYSTEM][C:\Program Files\McAfee\SiteAdvisor\McSACore.exe]  [, ]

	[C:\Program Files\McAfee\SiteAdvisor\saHook.dll]  [, ]

	[c:\PROGRA~1\mcafee\SITEAD~1\apengine.dll]  [, ]

	[c:\PROGRA~1\mcafee\SITEAD~1\saupkeep.dll]  [, ]

	[C:\Program Files\McAfee\SiteAdvisor\SACore.dll]  [, ]

	[C:\Program Files\McAfee\SiteAdvisor\SASet.dll]  [, ]

	[c:\PROGRA~1\mcafee\SITEAD~1\MCSACO~2.DLL]  [, ]

	[c:\PROGRA~1\mcafee\SITEAD~1\McFrmWk.dll]  [, ]

	[c:\PROGRA~1\mcafee\SITEAD~1\CntScan.dll]  [, ]



[PID: 1624 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  [Microsoft Corporation, 7.00.9466]



[PID: 1712 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]



[PID: 1744 / SYSTEM][C:\WINDOWS\wanmpsvc.exe]  [America Online, Inc., 7, 0, 0, 2]



[PID: 2424 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\ashBase.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]

	[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\ashTask.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\aswAux.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\AavmRpch.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\AhResMai.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\English\Base.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\aswEngin.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\aswScan.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\English\Lang.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]

	[C:\WINDOWS\system32\MFC71ENU.DLL]  [Microsoft Corporation, 7.10.3077.0]

	[C:\Program Files\Alwil Software\Avast4\English\langmai.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\McAfee\SiteAdvisor\saHook.dll]  [, ]



[PID: 2512 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\ashBase.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]

	[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\AavmRpch.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\ashTask.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\aswAux.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\English\Base.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\aswEngin.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\aswScan.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll]  [ALWIL Software, 4, 8, 1351, 0]

	[C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll]  [ALWIL Software, 4, 8, 1351, 0]



[PID: 2748 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]



[PID: 3972 / Administrator][C:\WINDOWS\system32\wuauclt.exe]  [(Verified) Microsoft Corporation, 7.4.7600.226 (winmain_wtr_wsus3sp2(wmbla).090806-1834)]

	[C:\Program Files\McAfee\SiteAdvisor\saHook.dll]  [, ]

	[C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.13.0.1 02Feb05]



[PID: 4036 / Administrator][C:\Program Files\AOL 9.1\shellmon.exe]  [AOL, LLC., 9.05.001]

	[C:\Program Files\McAfee\SiteAdvisor\saHook.dll]  [, ]

	[C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.13.0.1 02Feb05]



[PID: 1092 / Administrator][C:\Program Files\Common Files\AOL\1127608286\ee\aolsoftware.exe]  [AOL LLC, 16.0.2.1]

	[C:\Program Files\Common Files\AOL\1127608286\ee\AOLSvcMgr.dll]  [AOL LLC, 16.0.2.1]

	[C:\Program Files\Common Files\AOL\1127608286\ee\xprt6.dll]  [AOL LLC, 6.7.1.5977]

	[C:\Program Files\McAfee\SiteAdvisor\saHook.dll]  [, ]

	[C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.13.0.1 02Feb05]

	[C:\Program Files\Common Files\AOL\1127608286\ee\Xprt4.dll]  [America Online, Inc., 4.3.3.4334]

	[C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll]  [AOL LLC, 3.3.14.1]

	[c:\program files\common files\aol\1127608286\ee\services\os\ver5_2_1_1\OS.dll]  [AOL LLC, 5.2.1.1]

	[C:\Program Files\Common Files\AOL\1127608286\ee\xprt5.dll]  [AOL LLC, 5.2.7.5225]

	[c:\program files\common files\aol\1127608286\ee\services\os\ver5_2_1_1\AOLIdleMon.dll]  [AOL LLC, 5.2.1.1]

	[c:\program files\common files\aol\1127608286\ee\services\notification\ver6_4_1_1\Notify.dll]  [AOL LLC, 6.4.1.1]

	[c:\program files\common files\aol\1127608286\ee\services\localStorage\ver7_3_3_1\clsSvc.dll]  [AOL LLC, 7.3.3.1]

	[c:\program files\common files\aol\1127608286\ee\services\aolsystrayservice\ver3_1_3_2\AOLSysTrayService.dll]  [AOL LLC, 3.1.3.2]

	[c:\program files\common files\aol\1127608286\ee\services\preferences\ver5_2_1_1\preferences.dll]  [AOL LLC, 5.2.1.1]

	[c:\program files\common files\aol\1127608286\ee\services\metrics\ver3_6_16_1\cmls.dll]  [AOL LLC, 3.6.16.1]

	[c:\program files\common files\aol\1127608286\ee\services\suiteFramework\ver5_1_4_1\suiteFramework.dll]  [AOL LLC, 5.1.4.1]

	[C:\Program Files\Common Files\AOL\ACS\AcsCmn.dll]  [AOL LLC, 4.8.8.4			  ]

	[c:\program files\common files\aol\1127608286\ee\services\connection\ver6_1_6_1\connection.dll]  [AOL LLC, 6.1.6.1]

	[C:\Program Files\Common Files\AOL\1127608286\ee\coolcore47.dll]  [AOL LLC, 4.7.0.5550]



[PID: 3016 / Administrator][C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe]  [AOL LLC, 3, 0, 0, 4]

	[C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.dll]  [AOL LLC., 3, 1, 1, 5]

	[C:\Program Files\McAfee\SiteAdvisor\saHook.dll]  [, ]

	[C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.13.0.1 02Feb05]



[PID: 3608 / Administrator][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)]

	[C:\Program Files\McAfee\SiteAdvisor\saHook.dll]  [, ]

	[C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.13.0.1 02Feb05]

	[C:\Program Files\AOL 9.1\idleproc.dll]  [AOL, LLC., 9.05.001]

	[C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL]  [Microsoft Corporation, 1.0.1038.0]



[PID: 3748 / Administrator][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)]

	[C:\Program Files\McAfee\SiteAdvisor\saHook.dll]  [, ]

	[C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.13.0.1 02Feb05]




	[c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll]  [, ]

	[c:\PROGRA~1\mcafee\SITEAD~1\mcbrwctl.dll]  [, ]

	[c:\PROGRA~1\mcafee\SITEAD~1\MCSACO~2.DLL]  [, ]

	[C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll]  [Yahoo! Inc., 2006, 3, 9, 1]

	[C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll]  [Google Inc., 5, 3, 4501, 1418]

	[C:\Program Files\Java\jre6\bin\jp2ssv.dll]  [Sun Microsystems, Inc., 6.0.150.3]

	[C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll]  [Sun Microsystems, Inc., 6.0.150.3]

	[C:\Program Files\Yahoo!\Companion\Installs\cpn1\pubmod.dll]  [Yahoo! Inc., 2005, 12, 16, 1]

	[C:\Program Files\Yahoo!\Companion\Installs\cpn1\ypubc.dll]  [Yahoo! Inc., 2006.1.25.01]

	[C:\Program Files\Yahoo!\Companion\Installs\cpn1\YMERemote.dll]  [Yahoo! Inc., 2006, 3, 7, 1]

	[C:\Program Files\AOL 9.1\idleproc.dll]  [AOL, LLC., 9.05.001]

	[C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL]  [Microsoft Corporation, 1.0.1038.0]

	[C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx]  [Adobe Systems, Inc., 10,0,22,87]

	[c:\PROGRA~1\mcafee\SITEAD~1\McPlgUI.dll]  [, ]



[PID: 9284 / Administrator][C:\Documents and Settings\Administrator\Desktop\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.1.1279]



[PID: 9128 / Administrator][C:\Documents and Settings\Administrator\Desktop\SREb22c2936.EXE]  [Smallfrogs Studio, 2.8.1.1279]

	[C:\Program Files\McAfee\SiteAdvisor\saHook.dll]  [, ]

	[C:\WINDOWS\system32\SynTPFcs.dll]  [Synaptics, Inc., 7.13.0.1 02Feb05]

	[C:\Program Files\AOL 9.1\idleproc.dll]  [AOL, LLC., 9.05.001]



==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["%SYSTEMROOT%\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]


==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1		localhost


==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 156, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 228, C:\PROGRAM FILES\HPQ\QUICK LAUNCH BUTTONS\EABSERVR.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 256, C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 9284, C:\DOCUMENTS AND SETTINGS\Administrator\DESKTOP\SRENGLDR.EXE]


==================================
Scheduled Tasks
[Enabled] Google Software Updater.job

		C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 

[Enabled] ashQuick Avast schedule.job

		C:\Program Files\Alwil Software\Avast4\ashQuick.exe 



==================================
Windows Security Update Check
KB891122,  Update for WMDRM-enabled Media Players (KB891122) 

KB925850,  Windows Media Player 11 

KB940157,  Windows Search 4.0 for Windows XP (KB940157) 

KB909520,  Microsoft Base Smart Card Cryptographic Service Provider Package: x86 (KB909520) 

KB960803,  Security Update for Windows XP (KB960803) MS09-013

KB936929,  Windows XP Service Pack 3 (KB936929) 

KB951847,  Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update (KB951847) x86 

KB951847,  Office Live add-in 1.4 

KB971961,  Security Update for Jscript 5.8 for Windows XP (KB971961) MS09-045

KB974331,  Microsoft Silverlight (KB974331) 

KB974331,  Windows Live Essentials 

KB931125,  Update for Root Certificates [September 2009] (KB931125) 

KB975364,  Update for Internet Explorer 8 Compatibility View List for Windows XP (KB975364) 



==================================
API HOOK
N/A

==================================
Hidden Process
N/A

Looking back under system repair, file association tab, I'm still getting a checked box
It says:

status: Error Extension Name: .CHM dESCRIPTIONS: hANDLE THE .CHM open method Current Value: "%SYSTEMROOT%\hh.exe"%1

At the bottom there is a box that can be checked that will "select all" On the right there is a button to click, it says "Repair"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users