rlvanwyk

Members
  • Content Count

    52
  • Joined

  • Last visited

Community Reputation

0 Neutral

About rlvanwyk

  • Rank
    Advanced Member

Profile Information

  • Location
    iowa, usa
  1. That link for Blade81 didn't work, did you mean this instead? [url="http://www.lavasoftsupport.com/index.php?showtopic=30610"]http://www.lavasoftsupport.com/index.php?showtopic=30610[/url] If so, thanks for all your help.
  2. Nope, all is good on this PC... how do I uninstall/remove the "research tools"? (Erunt, DDS, HiJackthis, GMER, and OTM) and any words of wisdom?
  3. sorry,, never heard of TCP/IP v6? or how to tell if it's enabled? Here is the log from Eset: [email protected] as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=7.00.6000.17093 (vista_gdr.101017-1200) # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=17e6b1f452b50f40a23dca99221fe62b # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-01-03 07:20:43 # local_time=2011-01-03 01:20:43 (-0600, Central Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 113843 113843 0 0 # compatibility_mode=1024 16777191 100 0 198459 198459 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=58031 # found=2 # cleaned=0 # scan_time=2063 C:\WINDOWS\system32\drivers\etc\hosts.bak Win32/Qhost trojan (unable to clean) 00000000000000000000000000000000 I D:\AOL Instant Messenger\AIM.exe Win32/Adware.WBug.A application (unable to clean) 00000000000000000000000000000000 I Remember above when I removed localhost "stuff"... that was because I had already found that HOSTS had been "compromised" (it had invalid entries in it and was turned into a hidden system file) and I had saved it as hosts.bak and then corrected the hosts file... that was before I had removed the entries via HiJackthis. Then I saw them in the log for HiJackthis and figured they were also part of the "infection" that's why I removed them and this kinda proves it (as they aren't in the new HiJackthis log). I have deleted both files (hosts.bak was my saved version and the real AIM was on the F: drive) listed above permanently (held shift key down when pushing delete) and reran Eset, here is the new log: esets_scanner_update returned -1 esets_gle=53251 # version=7 # iexplore.exe=7.00.6000.17093 (vista_gdr.101017-1200) # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=17e6b1f452b50f40a23dca99221fe62b # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-01-03 07:57:37 # local_time=2011-01-03 01:57:37 (-0600, Central Standard Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 116245 116245 0 0 # compatibility_mode=1024 16777191 100 0 200861 200861 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=57992 # found=0 # cleaned=0 # scan_time=1873
  4. I didn't trust HiJackthis to fix the Hosts file, so I have manually fixed the Hosts file (since I have 3 PCs of my own, easy to copy from 1 of them). Here are new logs. Here is HiJackthis log (notice: those 2 lines are gone, thus something else was occuring, right?) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 2:15:34 PM, on 1/2/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17093) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe f:\Program Files\AVG\AVG9\avgchsvx.exe f:\Program Files\AVG\AVG9\avgrsx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe f:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe f:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\System32\svchost.exe F:\logictech\iTouch\iTouch.exe C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe F:\PROGRA~1\AVG\AVG9\avgtray.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\ctfmon.exe f:\Program Files\AVG\AVG9\avgnsx.exe c:\program files\common files\aol\1139450143\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - f:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - f:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [zBrowser Launcher] F:\logictech\iTouch\iTouch.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [AVG9_TRAY] f:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - f:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - f:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [url="http://zone.msn.com/binFramework/v10/ZIntro.cab33902.cab"]http://zone.msn.com/binFramework/v10/ZIntro.cab33902.cab[/url] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url="http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab"]http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab[/url] O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [url="http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab"]http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab[/url] O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - [url="http://fdl.msn.com/zone/datafiles/heartbeat.cab"]http://fdl.msn.com/zone/datafiles/heartbeat.cab[/url] O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - file://G:\games\WebDriverFullInstall.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - f:\Program Files\AVG\AVG9\avgpp.dll O18 - Filter hijack: text/html - (no CLSID) - (no file) O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - f:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 6638 bytes Here is DDS log. DDS (Ver_10-12-12.02) - FAT32x86 Run by Owner at 14:16:06.79 on Sun 01/02/2011 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.218 [GMT -6:00] AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch SVCHOST.EXE C:\WINDOWS\System32\svchost.exe -k netsvcs SVCHOST.EXE SVCHOST.EXE f:\Program Files\AVG\AVG9\avgchsvx.exe f:\Program Files\AVG\AVG9\avgrsx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE SVCHOST.EXE C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe f:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe f:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\System32\svchost.exe -k imgsvc F:\logictech\iTouch\iTouch.exe C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe C:\WINDOWS\system32\igfxpers.exe F:\PROGRA~1\AVG\AVG9\avgtray.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\ctfmon.exe f:\Program Files\AVG\AVG9\avgnsx.exe c:\program files\common files\aol\1139450143\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe C:\Documents and Settings\Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.aol.com/?src=toolbar uInternet Settings,ProxyOverride = <local> uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 5.0\aoltb.dll mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 5.0\aoltb.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - f:\program files\avg\avg9\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - f:\program files\spybot - search & destroy\SDHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [zBrowser Launcher] f:\logictech\itouch\iTouch.exe mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe mRun: [HostManager] c:\program files\common files\aol\1139450143\ee\AOLSoftware.exe mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [AVG9_TRAY] f:\progra~1\avg\avg9\avgtray.exe IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\program files\spybot - search & destroy\SDHelper.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZIntro.cab33902.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - file://g:\games\WebDriverFullInstall.exe Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - f:\program files\avg\avg9\avgpp.dll Notify: !SASWinLogon - f:\program files\superantispyware\SASWINLO.DLL Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - f:\program files\superantispyware\SASSEH.DLL SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-12-30 216400] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-12-30 29584] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-12-30 243024] R1 SASDIFSV;SASDIFSV;f:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;f:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 avg9wd;AVG Free WatchDog;f:\program files\avg\avg9\avgwdsvc.exe [2010-12-31 308136] R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728] =============== Created Last 30 ================ 2011-01-01 21:22:09 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2011-01-01 00:09:00 388096 ----a-r- c:\docume~1\owner\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-01-01 00:08:59 -------- d-----w- c:\program files\Trend Micro 2010-12-31 23:50:07 -------- d-----w- C:\_OTM 2010-12-31 15:40:47 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-12-31 00:39:20 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-12-31 00:39:08 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-12-31 00:39:01 -------- d-----w- c:\windows\system32\drivers\Avg 2010-12-31 00:38:42 -------- d-----w- c:\program files\AVG 2010-12-31 00:38:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\avg9 2010-12-30 23:35:06 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes 2010-12-30 23:34:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-30 23:34:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-12-30 23:34:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-30 23:21:23 -------- d-----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com 2010-12-30 23:21:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2010-12-15 02:05:10 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2010-12-15 02:03:34 45568 ------w- c:\windows\system32\dllcache\wab.exe 2010-12-14 03:36:59 -------- d-----w- c:\windows\system32\wbem\repository\FS 2010-12-14 03:36:59 -------- d-----w- c:\windows\system32\wbem\Repository ==================== Find3M ==================== 2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:34:12 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-11-06 00:34:12 1830912 ------w- c:\windows\system32\inetcpl.cpl 2010-11-06 00:34:12 17408 ------w- c:\windows\system32\corpol.dll 2010-11-03 12:25:54 389120 ----a-w- c:\windows\system32\html.iec 2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys ============= FINISH: 14:16:46.14 =============== Here is the Attach log from DDS. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-12-12.02) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 10/25/2004 5:34:20 PM System Uptime: 1/2/2011 2:05:13 PM (0 hours ago) Motherboard: Dell Computer Corp. | | 0K0057 Processor: Intel® Pentium® 4 CPU 2.66GHz | Microprocessor | 2660/533mhz ==== Disk Partitions ========================= C: is FIXED (FAT32) - 10 GiB total, 1.685 GiB free. D: is FIXED (NTFS) - 20 GiB total, 19.301 GiB free. E: is FIXED (NTFS) - 39 GiB total, 38.484 GiB free. F: is FIXED (NTFS) - 43 GiB total, 38.283 GiB free. G: is CDROM (CDFS) H: is Removable ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP722: 12/30/2010 6:38:41 PM - Installed AVG Free 9.0 RP723: 12/31/2010 9:37:21 AM - Avg Update RP724: 12/31/2010 9:41:51 AM - Avg Update RP725: 12/31/2010 5:50:40 PM - OTM Restore Point RP726: 12/31/2010 6:08:58 PM - Installed HiJackThis RP727: 12/31/2010 10:24:12 PM - Software Distribution Service 3.0 ==== Installed Programs ====================== Adobe Flash Player 10 ActiveX Adobe Flash Player 9 ActiveX Adobe Reader 7.0 AOL Coach Version 2.0(Build:20041026.5 en) AOL Deskbar AOL Toolbar 5.0 AOL Uninstaller (Choose which Products to Remove) ArcSoft PhotoImpression 5 AVG Free 9.0 B44Inst Bejeweled Deluxe 1.862 Broadcom 440x Driver Installer Conexant D850 56K V.9x DFVc Modem Dell ResourceCD EPSON Printer Software EPSON Scan HiJackThis Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) Intel® Extreme Graphics 2 Driver Learn2 Player (Uninstall Only) Logitech iTouch Software Logitech Resource Center Macromedia Shockwave Player Malwarebytes' Anti-Malware Microsoft Age of Empires II Microsoft Age of Empires II: The Conquerors Expansion Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2000 Premium Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 Redistributable MSN Gaming Zone MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) PowerDVD Pure Networks Port Magic QuickTime Qwest QuickAssist Desktop Tools RealPlayer Basic Security Update for Windows Internet Explorer 7 (KB2183461) Security Update for Windows Internet Explorer 7 (KB2360131) Security Update for Windows Internet Explorer 7 (KB2416400) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB911565) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165-v2) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Sonic DLA SoundMAX Spybot - Search & Destroy Super GameHouse Solitaire Vol. 1 Super Mah Jong from GameHouse SUPERAntiSpyware Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 7 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Viewpoint Media Player WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Internet Explorer 7 Windows Media Format Runtime Windows XP Service Pack 3 ==== Event Viewer Messages From Past Week ======== 12/31/2010 5:50:10 PM, error: Service Control Manager [7034] - The WAN Miniport (ATW) Service service terminated unexpectedly. It has done this 1 time(s). 12/31/2010 5:50:10 PM, error: Service Control Manager [7034] - The SupportSoft Listener Service service terminated unexpectedly. It has done this 1 time(s). 12/31/2010 5:50:10 PM, error: Service Control Manager [7034] - The spkrmon service terminated unexpectedly. It has done this 1 time(s). 12/31/2010 5:50:09 PM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s). 12/31/2010 5:50:09 PM, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 12/31/2010 5:50:09 PM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 12/30/2010 6:02:34 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 12/30/2010 5:00:43 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) 1/1/2011 1:44:18 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX Fips intelppm IPSec MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss SASDIFSV SASKUTIL Tcpip 1/1/2011 1:44:18 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning. 1/1/2011 1:44:18 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning. 1/1/2011 1:44:18 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 1/1/2011 1:44:18 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning. 1/1/2011 1:44:00 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811} 1/1/2011 1:43:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 1/1/2011 1:43:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E} ==== End Of File =========================== If PC looks clean and internet now works, it had to be these 2 lines O1 - Hosts: ÿþ127.0.0.1 localhost O1 - Hosts: ::1 localhost right? since I have fixed the Hosts file, to be this # Copyright © 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost if all looks good/clean, how do I remove Erunt, DDS, HiJackthis, GMER, and OTM? or do I just delete them? (cause there is no uninstall?)
  5. I got this to work, but having HiJackthis remove the following: R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8074 O1 - Hosts: ÿþ127.0.0.1 localhost O1 - Hosts: ::1 localhost O4 - HKLM\..\Run: [InstaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe Did I miss anything? If not, what do I need to do to uninstall the tools that I installed?
  6. Hello, I am working on a friends PC... have ran Superantispyware, Malwarebytes, and AVG, after cleaning all "infections" and rerunning them, no other "infections" are found... yet it won't connect to the internet. Here are the GMER, HiJackthis and DDS logs. Here is GMER log. GMER 1.0.15.15530 - [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-12-31 22:08:07 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST3120026AS rev.8.05 Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\pxtdapob.sys ---- System - GMER 1.0.15 ---- SSDT \??\F:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF0821620] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1576] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe[2848] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9BE7] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9B5A] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9AD3] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9C74] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) IAT C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe[3968] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9A4C] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\NtfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) ---- EOF - GMER 1.0.15 ---- Here is the HiJackthis log. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:08:39 PM, on 12/31/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17093) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe f:\Program Files\AVG\AVG9\avgchsvx.exe f:\Program Files\AVG\AVG9\avgrsx.exe C:\WINDOWS\system32\spoolsv.exe f:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe f:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe f:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Real\RealPlayer\RealPlay.exe F:\logictech\iTouch\iTouch.exe C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\wt\updater\wcmdmgr.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe F:\PROGRA~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\ctfmon.exe c:\program files\common files\aol\1139450143\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url] R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8074 R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O1 - Hosts: ÿþ127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - f:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [zBrowser Launcher] F:\logictech\iTouch\iTouch.exe O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [InstaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe O4 - HKLM\..\Run: [AVG9_TRAY] f:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [url="http://zone.msn.com/binFramework/v10/ZIntro.cab33902.cab"]http://zone.msn.com/binFramework/v10/ZIntro.cab33902.cab[/url] O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url="http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab"]http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab[/url] O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - [url="http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab"]http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab[/url] O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - [url="http://fdl.msn.com/zone/datafiles/heartbeat.cab"]http://fdl.msn.com/zone/datafiles/heartbeat.cab[/url] O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - file://G:\games\WebDriverFullInstall.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - f:\Program Files\AVG\AVG9\avgpp.dll O18 - Filter hijack: text/html - (no CLSID) - (no file) O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - f:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\ssrc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 7062 bytes Here is the DDS log. DDS (Ver_10-12-12.02) - FAT32x86 Run by Owner at 22:10:46.98 on Fri 12/31/2010 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.122 [GMT -6:00] AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch SVCHOST.EXE C:\WINDOWS\System32\svchost.exe -k netsvcs SVCHOST.EXE SVCHOST.EXE f:\Program Files\AVG\AVG9\avgchsvx.exe f:\Program Files\AVG\AVG9\avgrsx.exe C:\WINDOWS\system32\spoolsv.exe SVCHOST.EXE f:\Program Files\AVG\AVG9\avgcsrvx.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe f:\Program Files\AVG\AVG9\avgwdsvc.exe C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\wanmpsvc.exe f:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Real\RealPlayer\RealPlay.exe F:\logictech\iTouch\iTouch.exe C:\Program Files\Common Files\AOL\1139450143\ee\AOLSoftware.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\wt\updater\wcmdmgr.exe C:\WINDOWS\system32\igfxpers.exe F:\PROGRA~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\ctfmon.exe c:\program files\common files\aol\1139450143\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe C:\Program Files\Common Files\AOL\1139450143\EE\aolsoftware.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.aol.com/?src=toolbar uInternet Settings,ProxyServer = http=127.0.0.1:8074 uInternet Settings,ProxyOverride = <local> uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 5.0\aoltb.dll mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 5.0\aoltb.dll BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - f:\program files\avg\avg9\avgssie.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: AOL Toolbar BHO: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [SUPERAntiSpyware] f:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [zBrowser Launcher] f:\logictech\itouch\iTouch.exe mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe mRun: [HostManager] c:\program files\common files\aol\1139450143\ee\AOLSoftware.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run mRun: [wcmdmgr] c:\windows\wt\updater\wcmdmgrl.exe -launch mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [InstaFinderK] c:\program files\instafink\InstaFinderK_inst.exe mRun: [SemanticInsight] c:\program files\rxtoolbar\semantic insight\SemanticInsight.exe mRun: [AVG9_TRAY] f:\progra~1\avg\avg9\avgtray.exe IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://zone.msn.com/binFramework/v10/ZIntro.cab33902.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - hxxp://fdl.msn.com/zone/datafiles/heartbeat.cab DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - file://g:\games\WebDriverFullInstall.exe Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - f:\program files\avg\avg9\avgpp.dll Notify: !SASWinLogon - f:\program files\superantispyware\SASWINLO.DLL Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - f:\program files\superantispyware\SASSEH.DLL SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll ============= SERVICES / DRIVERS =============== R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-12-30 216400] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-12-30 29584] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-12-30 243024] R1 SASDIFSV;SASDIFSV;f:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;f:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 avg9wd;AVG Free WatchDog;f:\program files\avg\avg9\avgwdsvc.exe [2010-12-31 308136] R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728] =============== Created Last 30 ================ 2011-01-01 00:09:00 388096 ----a-r- c:\docume~1\owner\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe 2011-01-01 00:08:59 -------- d-----w- c:\program files\Trend Micro 2010-12-31 23:50:07 -------- d-----w- C:\_OTM 2010-12-31 15:40:47 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-12-31 00:39:20 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-12-31 00:39:08 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-12-31 00:39:01 -------- d-----w- c:\windows\system32\drivers\Avg 2010-12-31 00:38:42 -------- d-----w- c:\program files\AVG 2010-12-31 00:38:42 -------- d-----w- c:\docume~1\alluse~1\applic~1\avg9 2010-12-30 23:35:06 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes 2010-12-30 23:34:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-30 23:34:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-12-30 23:34:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-30 23:21:23 -------- d-----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com 2010-12-30 23:21:23 -------- d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2010-12-15 02:05:10 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys 2010-12-15 02:03:34 45568 ------w- c:\windows\system32\dllcache\wab.exe 2010-12-14 03:36:59 -------- d-----w- c:\windows\system32\wbem\repository\FS 2010-12-14 03:36:59 -------- d-----w- c:\windows\system32\wbem\Repository ==================== Find3M ==================== 2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll 2010-11-06 00:34:12 832512 ----a-w- c:\windows\system32\wininet.dll 2010-11-06 00:34:12 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-11-06 00:34:12 1830912 ------w- c:\windows\system32\inetcpl.cpl 2010-11-06 00:34:12 17408 ------w- c:\windows\system32\corpol.dll 2010-11-03 12:25:54 389120 ----a-w- c:\windows\system32\html.iec 2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys ============= FINISH: 22:11:14.87 =============== Here is the Attach log. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-12-12.02) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 10/25/2004 5:34:20 PM System Uptime: 12/31/2010 5:56:08 PM (5 hours ago) Motherboard: Dell Computer Corp. | | 0K0057 Processor: Intel® Pentium® 4 CPU 2.66GHz | Microprocessor | 2660/533mhz ==== Disk Partitions ========================= C: is FIXED (FAT32) - 10 GiB total, 1.726 GiB free. D: is FIXED (NTFS) - 20 GiB total, 19.301 GiB free. E: is FIXED (NTFS) - 39 GiB total, 38.484 GiB free. F: is FIXED (NTFS) - 43 GiB total, 38.342 GiB free. G: is CDROM (CDFS) H: is Removable ==== Disabled Device Manager Items ============= ==== System Restore Points =================== RP722: 12/30/2010 6:38:41 PM - Installed AVG Free 9.0 RP723: 12/31/2010 9:37:21 AM - Avg Update RP724: 12/31/2010 9:41:51 AM - Avg Update RP725: 12/31/2010 5:50:40 PM - OTM Restore Point RP726: 12/31/2010 6:08:58 PM - Installed HiJackThis ==== Installed Programs ====================== Adobe Flash Player 10 ActiveX Adobe Flash Player 9 ActiveX Adobe Reader 7.0 AOL Coach Version 2.0(Build:20041026.5 en) AOL Deskbar AOL Toolbar 5.0 AOL Uninstaller (Choose which Products to Remove) ArcSoft PhotoImpression 5 AVG Free 9.0 B44Inst Bejeweled Deluxe 1.862 Broadcom 440x Driver Installer Conexant D850 56K V.9x DFVc Modem Dell ResourceCD EPSON Printer Software EPSON Scan HiJackThis Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) Intel® Extreme Graphics 2 Driver Learn2 Player (Uninstall Only) Logitech iTouch Software Logitech Resource Center Macromedia Shockwave Player Malwarebytes' Anti-Malware Microsoft Age of Empires II Microsoft Age of Empires II: The Conquerors Expansion Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2000 Premium Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 Redistributable MSN Gaming Zone MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) PowerDVD Pure Networks Port Magic QuickTime Qwest QuickAssist Desktop Tools RealPlayer Basic Security Update for Windows Internet Explorer 7 (KB2183461) Security Update for Windows Internet Explorer 7 (KB2360131) Security Update for Windows Internet Explorer 7 (KB2416400) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Internet Explorer 7 (KB972260) Security Update for Windows Internet Explorer 7 (KB974455) Security Update for Windows Internet Explorer 7 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB911565) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950759) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953838) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956390) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958215) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960714) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165-v2) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Security Update for Windows XP (KB982802) Sonic DLA SoundMAX Super GameHouse Solitaire Vol. 1 Super Mah Jong from GameHouse SUPERAntiSpyware Update for Windows Internet Explorer 7 (KB976749) Update for Windows Internet Explorer 7 (KB980182) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Viewpoint Media Player WebFldrs XP WildTangent Updater WildTangent Web Driver Windows Genuine Advantage Notifications (KB905474) Windows Internet Explorer 7 Windows Media Format Runtime Windows XP Service Pack 3 ==== Event Viewer Messages From Past Week ======== 12/31/2010 5:50:09 PM, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. 12/30/2010 6:02:34 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. 12/30/2010 5:08:20 PM, error: Service Control Manager [7034] - The WAN Miniport (ATW) Service service terminated unexpectedly. It has done this 1 time(s). 12/30/2010 5:08:20 PM, error: Service Control Manager [7034] - The SupportSoft Listener Service service terminated unexpectedly. It has done this 1 time(s). 12/30/2010 5:08:19 PM, error: Service Control Manager [7034] - The spkrmon service terminated unexpectedly. It has done this 1 time(s). 12/30/2010 5:08:19 PM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s). 12/30/2010 5:08:19 PM, error: Service Control Manager [7031] - The AOL TopSpeed Monitor service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 12/30/2010 5:00:43 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) ==== End Of File ===========================
  7. I have a XP Pro SP1 CD, but it doesn't recognize their product key. Their Windows XP screen says Media Center Edition, yet it doesn't look like a PC that I have which has MCE on it... if you have MCE you'll know that when you click on the Start button, the left half is dark blue and the right half is a lighter blue... unlike XP Pro, the left half is white and the right half is a lighter blue (lighter than MCE) -- referring to color of the background. Yet all the logs showed XP Pro, but then why does XP screen show Media Center Edition? Not sure what version of Windows that I need, do you?
  8. Trying to perform a Windows repair from CD, but not having any luck. Friend can't find their Windows XP Pro SP2 CD for Dell... any ideas how to find 1?
  9. Yes, the only way that I am working is via another PC, downloading on it, copying to flash drive, and running on other PC via Task Manager (since that's the only thing that works). Downloaded Prevx and ran on PC (no change ... still no Start button, task bar, and just wallpaper, no icons) Attaching new GMER log below. read about uninstalling/reinstalling mmcndmgr.dll... all were successful, but still no internet. read other 1 about a "bad" KB... don't have it installed, but did check registry settings and they matched. normally MBAM or Superantispyware would correct the explorer issue, but neither has... of course Superantispyware does get errors when started, but comes up (not sure if it's "ok" tho) I have SP3 that I could put to flash drive, but dont know if it would install with all the issues that are occuring. GMER log: GMER 1.0.15.15530 - [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-12-21 22:40:54 Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD1600JS-75NCB1 rev.10.02E01 Running: gmer.exe; Driver: C:\DOCUME~1\Kay\LOCALS~1\Temp\uftdypow.sys ---- System - GMER 1.0.15 ---- SSDT 86C2F050 ZwAlertResumeThread SSDT 86C92050 ZwAlertThread SSDT 863E31A8 ZwAllocateVirtualMemory SSDT 865425F0 ZwAssignProcessToJobObject SSDT 8690F708 ZwConnectPort SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA9C9F720] SSDT 86A26428 ZwCreateMutant SSDT 86A622B8 ZwCreateSymbolicLinkObject SSDT 865A7580 ZwCreateThread SSDT 86542040 ZwDebugActiveProcess SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA9C9F9A0] SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA9C9FF00] SSDT 863DA240 ZwDuplicateObject SSDT 863A71F8 ZwFreeVirtualMemory SSDT 86A8D050 ZwImpersonateAnonymousToken SSDT 86CD1050 ZwImpersonateThread SSDT 86571738 ZwLoadDriver SSDT 86A41F10 ZwMapViewOfSection SSDT 86CC9050 ZwOpenEvent SSDT 865CC1A8 ZwOpenProcess SSDT 86B25050 ZwOpenProcessToken SSDT 86CD7050 ZwOpenSection SSDT 8651E750 ZwOpenThread SSDT 869FA1A8 ZwProtectVirtualMemory SSDT 86B6E050 ZwResumeThread SSDT 86BC2050 ZwSetContextThread SSDT 869C2C50 ZwSetInformationProcess SSDT 86539A50 ZwSetSystemInformation SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA9CA0150] SSDT 86BBD050 ZwSuspendProcess SSDT 86CB0050 ZwSuspendThread SSDT 865C1908 ZwTerminateProcess SSDT 86B8B050 ZwTerminateThread SSDT 86BFB050 ZwUnmapViewOfSection SSDT 8651C9A8 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2DB0 8050461C 2 Bytes [A8, C1] {TEST AL, 0xc1} .text ntkrnlpa.exe!ZwCallbackReturn + 2DB3 8050461F 5 Bytes [86, 50, 50, B2, 86] {XCHG [EAX+0x50], DL; MOV DL, 0x86} ? SYMDS.SYS The system cannot find the file specified. ! ? SYMEFA.SYS The system cannot find the file specified. ! ? C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101220.002\NAVEX15.SYS The system cannot find the file specified. ! ? C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\VirusDefs\20101220.002\NAVENG.SYS The system cannot find the file specified. ! ---- Devices - GMER 1.0.15 ---- Device Ntfs.sys (NT File System Driver/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) Device A83E1C8A AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) ---- Threads - GMER 1.0.15 ---- Thread System [4:2628] A99A6E80 Thread System [4:4028] A86F85E4 ---- EOF - GMER 1.0.15 ----
  10. My issue is totally different than described on that url... I have no icons on desktop and no black screen, just wallpaper. No start button or task bar. See attached internet#1, internet#2, internet#3, internet#4, internet#5 -- those are what occured in order when this command was executed "C:\Program Files\Internet Explorer\iexplore.exe" "http://info.prevx.com/download.asp?GRAB=BLACKSCREENFIX" Very similar to what occurs when just trying to run iexplore. Nothing in eventvwr, other than a error bout Google update. and when I launch services.msc I get the error in other#1 (also attached), then Services launches, but no services are listed.
  11. additionally, before starting this topic, I had uninstalled 1. Limewire 2. Google Chrome 3. Apple Safari 4. Google Desktop and then ran cleanups via Spybot, Superantispyware, and MalwareBytes... before all of this, there was a Start button, and icons on the desktop and the internet worked.
  12. also, I have removed O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Qwest Live - {E9AF0A86-C58A-4CE6-A558-3BD8D1404156} - [url="http://qwest.live.com"]http://qwest.live.com[/url] (file missing) (HKCU) O15 - Trusted Zone: http://*.rapmls.com O15 - Trusted Zone: http://*.swmric.com
  13. ok... I have uninstalled Viewpoint Media Player... had to use appwiz.cpl can't find c:\windows\system3260b227ef3.sys BUT you have to remember, I have no Start button and Windows Explorer/My Computer doesn't work, since Explorer.EXE won't stay running, so if it's hidden I can't unhide it (via Folder Options) to find it and copy it to my flash drive (since the internet doesn't work either) to get it this computer to load onto that website. So I am severely "handicapped" on that infected PC.
  14. Attached are the 2 MalwareBytes logs before a clean 1... 1st has 1097 errors, 2nd has 5 errors (both attached). and here is the Combofix log. ComboFix 10-12-18.01 - Kay 12/18/2010 22:58:23.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.562 [GMT -6:00] Running from: c:\documents and settings\Kay\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Norton AntiVirus Online *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Kay\My Documents\DPE.DUS . ((((((((((((((((((((((((( Files Created from 2010-11-19 to 2010-12-19 ))))))))))))))))))))))))))))))) . 2010-12-18 21:00 . 2010-12-18 21:00 -------- d-----w- C:\_OTM 2010-12-16 05:34 . 2010-12-16 05:34 -------- d-----w- c:\documents and settings\Kay\Application Data\SUPERAntiSpyware.com 2010-12-15 05:40 . 2010-12-15 05:40 -------- d-----w- c:\documents and settings\Kay\Application Data\Malwarebytes 2010-12-15 05:39 . 2010-11-29 23:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-15 05:39 . 2010-12-15 05:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-12-15 05:39 . 2010-12-15 05:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-12-15 05:39 . 2010-11-29 23:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-15 00:23 . 2010-12-15 00:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2010-11-19 15:40 . 2010-11-19 15:40 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2010-11-19 15:40 . 2010-11-19 15:40 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-11-19 15:40 . 2010-11-19 15:40 -------- d-----w- c:\program files\Symantec 2010-11-19 15:40 . 2010-11-19 15:40 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-11-19 15:39 . 2010-11-19 15:39 -------- d-----w- c:\windows\system32\drivers\NAV 2010-11-19 15:39 . 2010-11-19 15:39 -------- d-----w- c:\program files\Norton AntiVirus 2010-11-19 15:39 . 2010-11-19 15:39 -------- d-----w- c:\program files\Windows Sidebar 2010-11-19 15:39 . 2010-11-19 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2010-11-19 15:39 . 2010-11-19 15:39 -------- d-----w- c:\program files\NortonInstaller 2010-11-19 14:10 . 2010-11-19 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Qwest . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-12 21:29 . 2006-07-27 19:27 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2009-01-12 21:29 . 2006-07-27 19:27 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2009-01-12 21:29 . 2007-06-30 13:12 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2009-01-12 21:29 . 2007-06-30 13:12 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2009-01-12 21:29 . 2006-07-27 19:27 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . ------- Sigcheck ------- [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\qmgr.dll [-] 2007-03-29 . CC431E6DEAAD867A583EE5E804EE4CF2 . 409600 . . [6.7.2600.3109] . . c:\windows\system32\qmgr.dll [-] 2007-03-29 . CC431E6DEAAD867A583EE5E804EE4CF2 . 409600 . . [6.7.2600.3109] . . c:\windows\system32\bits\qmgr.dll [-] 2007-03-29 . CC431E6DEAAD867A583EE5E804EE4CF2 . 409600 . . [6.7.2600.3109] . . c:\windows\system32\dllcache\qmgr.dll [-] 2007-03-29 . 65E23953D337574E549B1EF34FE0B1DA . 409600 . . [6.7.2600.3109] . . c:\windows\$hf_mig$\KB923845\SP2QFE\qmgr.dll [7] 2004-08-10 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtUninstallKB923845$\qmgr.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-12-14 2424560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904] "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976] c:\documents and settings\Delana\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [N/A] c:\documents and settings\Katie\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [N/A] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk.disabled [2008-7-20 1757] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-1-26 24576] HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Corel Photo Downloader"=c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe "ehTray"=c:\windows\ehome\ehtray.exe "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3670:UDP"= 3670:UDP:Windows Media Format SDK (iexplore.exe) "3671:UDP"= 3671:UDP:Windows Media Format SDK (iexplore.exe) "5353:TCP"= 5353:TCP:Adobe CSI CS4 R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1201000.025\SymDS.sys [11/19/2010 9:40 AM 339504] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1201000.025\SymEFA.sys [11/19/2010 9:40 AM 666672] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [11/22/2010 8:20 PM 691248] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1201000.025\Ironx86.sys [11/19/2010 9:40 AM 134704] R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe [11/19/2010 9:39 AM 126904] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/26/2007 10:34 AM 24652] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/1/2010 9:59 AM 102448] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.1.0.37\Definitions\IPSDefs\20101215.001\IDSXpx86.sys [12/16/2010 8:38 PM 341944] S2 gupdate1ca3b7a551c263c;Google Update Service (gupdate1ca3b7a551c263c);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?] . Contents of the 'Scheduled Tasks' folder 2010-12-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34] 2010-12-16 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job - c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2008-08-29 19:45] 2010-12-14 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job - c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2008-08-29 19:45] . . ------- Supplementary Scan ------- . uStart Page = hxxp://qwest.live.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://qwest.live.com uInternet Settings,ProxyOverride = <local>;*.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html Trusted Zone: rapmls.com Trusted Zone: swmric.com Trusted Zone: musicmatch.com\online FF - ProfilePath - c:\documents and settings\Kay\Application Data\Mozilla\Firefox\Profiles\7d2zt7kl.default\ FF - prefs.js: browser.search.selectedEngine - MyWebSearch FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=RGxdm029YTUS&fl=0&ptb=AByCYudGNTwsE8WQc7Lcrw&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77ce7d01&searchfor= . - - - - ORPHANS REMOVED - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-DXDllRegExe - dxdllreg.exe Notify-avgrsstarter - avgrsstx.dll AddRemove-6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA - c:\program files\WildTangent\Apps\GameChannel\Games\6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA\Uninstall.exe AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-12-18 23:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV] "ImagePath"="\"c:\program files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\18.1.0.37\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(660) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . Completion time: 2010-12-18 23:13:35 ComboFix-quarantined-files.txt 2010-12-19 05:13 Pre-Run: 86,805,835,776 bytes free Post-Run: 87,358,464,000 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect [spybotsd] timeout.old=30 - - End Of File - - 80F3205AB82019C2BFD1A97935D5983C
  15. Ok, sorry ... missed that topic (13639), ran OTM, ran ERUNT, Adware isn't installed, ran GMER (see log below), reran HiJackThis (log below). It also mentions ATF cleaner, but no links to it (needed?). Friend loaded Norton to correct issue, since I prefer Norton (believe that it's "better", let me know if I'm wrong), I have uninstalled AVG. And ran Norton. Not sure what you mean by "Please, attach (or paste) those logs from antivirus and antimalware programs where malware has been removed." ? Have ran DDS (see logs below) Here is GMER log. GMER 1.0.15.15530 - [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-12-18 18:40:12 Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD1600JS-75NCB1 rev.10.02E01 Running: gmer.exe; Driver: C:\DOCUME~1\Kay\LOCALS~1\Temp\uftdypow.sys ---- System - GMER 1.0.15 ---- SSDT 8687BBF8 ZwAlertResumeThread SSDT 865420F0 ZwAlertThread SSDT 869E4240 ZwAllocateVirtualMemory SSDT 865520C0 ZwAssignProcessToJobObject SSDT 865DAED8 ZwConnectPort SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAA2D2720] SSDT 869930E8 ZwCreateMutant SSDT 869D70A0 ZwCreateSymbolicLinkObject SSDT 863D91D0 ZwCreateThread SSDT 86552180 ZwDebugActiveProcess SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xAA2D29A0] SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAA2D2F00] SSDT 86A34F28 ZwDuplicateObject SSDT 865BD978 ZwFreeVirtualMemory SSDT 86993008 ZwImpersonateAnonymousToken SSDT 8687BB38 ZwImpersonateThread SSDT 86C73050 ZwLoadDriver SSDT 86A4D008 ZwMapViewOfSection SSDT 869A1008 ZwOpenEvent SSDT 86513290 ZwOpenProcess SSDT 8655A368 ZwOpenProcessToken SSDT 86DDF380 ZwOpenSection SSDT 86545AF0 ZwOpenThread SSDT 869D7170 ZwProtectVirtualMemory SSDT 86542008 ZwResumeThread SSDT 8643B1F0 ZwSetContextThread SSDT 869CF130 ZwSetInformationProcess SSDT 86DDF278 ZwSetSystemInformation SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAA2D3150] SSDT 869A10F8 ZwSuspendProcess SSDT 866140F0 ZwSuspendThread SSDT 86452E78 ZwTerminateProcess SSDT 868635D0 ZwTerminateThread SSDT 86553C98 ZwUnmapViewOfSection SSDT 86A2ECE0 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2C74 805044E0 4 Bytes CALL 30D6DE15 .text ntkrnlpa.exe!ZwCallbackReturn + 2D14 80504580 2 Bytes [78, D9] {JS 0xffffffffffffffdb} ? SYMDS.SYS The system cannot find the file specified. ! ? SYMEFA.SYS The system cannot find the file specified. ! ---- Devices - GMER 1.0.15 ---- Device Ntfs.sys (NT File System Driver/Microsoft Corporation) Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions) ---- EOF - GMER 1.0.15 ---- Here is HiJackThis log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:41:34 PM, on 12/18/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17055) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\HPZipm12.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe C:\Documents and Settings\Kay\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://qwest.live.com"]http://qwest.live.com[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://qwest.live.com"]http://qwest.live.com[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://qwest.live.com"]http://qwest.live.com[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://qwest.live.com"]http://qwest.live.com[/url] R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Qwest O1 - Hosts: ÿþ127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\IPSBHO.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\Hotsync.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Search - ?p=RGxdm029YTUS O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Qwest Live - {E9AF0A86-C58A-4CE6-A558-3BD8D1404156} - [url="http://qwest.live.com"]http://qwest.live.com[/url] (file missing) (HKCU) O15 - Trusted Zone: http://*.rapmls.com O15 - Trusted Zone: http://*.swmric.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url="http://go.microsoft.com/fwlink/?linkid=39204"]http://go.microsoft.com/fwlink/?linkid=39204[/url] O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [url="http://www.costcophotocenter.com/CostcoActivia.cab"]http://www.costcophotocenter.com/CostcoActivia.cab[/url] O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - [url="http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab"]http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.8.cab[/url] O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - [url="http://www.linkedin.com/cab/LinkedInContactFinderControl.cab"]http://www.linkedin.com/cab/LinkedInContactFinderControl.cab[/url] O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [url="http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab"]http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab[/url] O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate1ca3b7a551c263c) (gupdate1ca3b7a551c263c) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 9051 bytes Here is DDS.txt log. DDS (Ver_10-12-12.02) - NTFSx86 Run by Kay at 18:52:31.18 on Sat 12/18/2010 Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.437 [GMT -6:00] AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} AV: Norton AntiVirus Online *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Dell Support Center\bin\sprtsvc.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Norton AntiVirus\Engine\18.1.0.37\ccSvcHst.exe C:\Documents and Settings\Kay\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://qwest.live.com uSearch Page = hxxp://www.google.com uWindow Title = Windows Internet Explorer provided by Qwest uDefault_Page_URL = hxxp://qwest.live.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mDefault_Page_URL = hxxp://qwest.live.com mStart Page = hxxp://qwest.live.com uInternet Settings,ProxyOverride = <local>;*.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\18.1.0.37\IPSBHO.DLL BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [DXDllRegExe] dxdllreg.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Adobe Reader Speed Launch.lnk.disabled StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe IE: &Search - ?p=RGxdm029YTUS IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: rapmls.com Trusted Zone: swmric.com Trusted Zone: musicmatch.com\online DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: avgrsstarter - avgrsstx.dll Notify: igfxcui - igfxdev.dll AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\kay\applic~1\mozilla\firefox\profiles\7d2zt7kl.default\ FF - prefs.js: browser.search.selectedEngine - MyWebSearch FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=RGxdm029YTUS&fl=0&ptb=AByCYudGNTwsE8WQc7Lcrw&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=kwd&n=77ce7d01&searchfor= FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\ipsffplgn\components\IPSFFPl.dll FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll ============= SERVICES / DRIVERS =============== R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1201000.025\SymDS.sys [2010-11-19 339504] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1201000.025\SymEFA.sys [2010-11-19 666672] R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\bashdefs\20101123.003\BHDrvx86.sys [2010-11-22 691248] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1201000.025\Ironx86.sys [2010-11-19 134704] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\18.1.0.37\ccSvcHst.exe [2010-11-19 126904] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-26 24652] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-12-1 102448] R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\ipsdefs\20101215.001\IDSXpx86.sys [2010-12-16 341944] R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20101218.003\NAVENG.SYS [2010-12-18 86008] R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\definitions\virusdefs\20101218.003\NAVEX15.SYS [2010-12-18 1360760] S2 gupdate1ca3b7a551c263c;Google Update Service (gupdate1ca3b7a551c263c);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?] =============== Created Last 30 ================ 2010-12-18 21:00:41 -------- d-----w- C:\_OTM 2010-12-16 05:34:45 -------- d-----w- c:\docume~1\kay\applic~1\SUPERAntiSpyware.com 2010-12-15 05:40:02 -------- d-----w- c:\docume~1\kay\applic~1\Malwarebytes 2010-12-15 05:39:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-15 05:39:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-12-15 05:39:48 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-12-15 05:39:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-11-19 15:40:44 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL 2010-11-19 15:40:44 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS 2010-11-19 15:40:43 -------- d-----w- c:\program files\Symantec 2010-11-19 15:40:43 -------- d-----w- c:\program files\common files\Symantec Shared 2010-11-19 15:40:01 369072 ----a-r- c:\windows\system32\drivers\nav\1201000.025\symtdi.sys 2010-11-19 15:40:01 331312 ----a-r- c:\windows\system32\drivers\nav\1201000.025\symtdiv.sys 2010-11-19 15:40:01 294448 ----a-r- c:\windows\system32\drivers\nav\1201000.025\symnets.sys 2010-11-19 15:40:00 666672 ----a-r- c:\windows\system32\drivers\nav\1201000.025\SymEFA.sys 2010-11-19 15:40:00 50096 ----a-r- c:\windows\system32\drivers\nav\1201000.025\srtspx.sys 2010-11-19 15:40:00 489008 ----a-r- c:\windows\system32\drivers\nav\1201000.025\srtsp.sys 2010-11-19 15:40:00 339504 ----a-r- c:\windows\system32\drivers\nav\1201000.025\SymDS.sys 2010-11-19 15:40:00 134704 ----a-r- c:\windows\system32\drivers\nav\1201000.025\Ironx86.sys 2010-11-19 15:39:32 -------- d-----w- c:\windows\system32\drivers\nav\1201000.025 2010-11-19 15:39:32 -------- d-----w- c:\windows\system32\drivers\NAV 2010-11-19 15:39:28 -------- d-----w- c:\program files\Norton AntiVirus 2010-11-19 15:39:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\Norton 2010-11-19 15:39:19 -------- d-----w- c:\program files\NortonInstaller 2010-11-19 15:39:19 -------- d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller 2010-11-19 14:10:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\Qwest ==================== Find3M ==================== 2010-10-27 20:30:50 5852 --sha-w- c:\windows\system32\KGyGaAvL.sys 2010-10-27 20:30:42 88 --sh--r- c:\windows\system3260B227EF3.sys ============= FINISH: 18:53:56.85 =============== Here is Attach.txt (has been zipped and attached)