computer randomly freezing

[warmsummer]

Anything look unusual? Thanks for your help.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:24:23 PM, on 2/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AOL 9.5\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\AOL 9.5\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.5\AOL.EXE" -b
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install-ie/alttiff.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirements...qlabdetect.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa.gov/assessor/gis...n/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1233982324437
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 6636 bytes

[Jintan]

Welcome to HijackThis.de warmsummer,

A warm summer with a computer that is frozen, yes?

The only thing amiss in this one view is the obvious lack of security software. Did you uninstall you antivirus software at some recent point? Let's check in more detail here, and see if we spot what the problem is.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button.

If necessary allow it to locate or download a copy of HijackThis as needed.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

--------------

Also click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

[warmsummer]

Thank you very much for your help. Here are the text logs. I believe it started freezing on 1/29/10.



Logfile of random's system information tool 1.06 (written by random/random)
Run by Jason at 2010-02-04 19:11:03
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 39 GB (63%) free of 62 GB
Total RAM: 2047 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:11:10 PM, on 2/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AOL 9.5\waol.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\AOL 9.5\shellmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\Jason\Local Settings\Temporary Internet Files\Content.IE5\HX3UW0OV\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\Jason.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.5\AOL.EXE" -b
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install-ie/alttiff.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirements...qlabdetect.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa.gov/assessor/gis...n/mgaxctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1233982324437
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5819 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-02-08 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-08 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-08 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-06-15 1826816]
"HostManager"=C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe [2009-07-20 41264]
"nwiz"=nwiz.exe /installquiet []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-01-11 13666408]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-01-11 110696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AOL Fast Start"=C:\Program Files\AOL 9.5\AOL.EXE [2009-10-28 50536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot \network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shareda ccess\parameters\firewallpolicy\standardprofile\authorizedap plications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.e xe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\aol\acs\AOLDial.exe"="C:\Program Files\Common Files\aol\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer"
"C:\Program Files\Common Files\aol\acs\AOLacsd.exe"="C:\Program Files\Common Files\aol\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service"
"C:\Program Files\Common Files\aol\1234126830\ee\aolsoftware.exe"="C:\Program Files\Common Files\aol\1234126830\ee\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\Program Files\AOL 9.1\waol.exe"="C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe"="C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed"
"C:\Program Files\Common Files\aol\Loader\aolload.exe"="C:\Program Files\Common Files\aol\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\aol\System Information\sinf.exe"="C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe"="C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Enabled:BF1942"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Online Component"
"C:\Program Files\Common Files\aol\1264885384\ee\aolsoftware.exe"="C:\Program Files\Common Files\aol\1264885384\ee\aolsoftware.exe:*:Enabled:AOL Shared Components"
"C:\Program Files\AOL 9.5\waol.exe"="C:\Program Files\AOL 9.5\waol.exe:*:Enabled:AOL"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shareda ccess\parameters\firewallpolicy\domainprofile\authorizedappl ications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.e xe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Online Component"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\ explorer\mountpoints2\{57e22094-0b44-11de-9391-001fd0db78a3}]
shell\AutoRun\command - F:\wd_windows_tools\setup.exe


======List of files/folders created in the last 1 months======

2010-02-04 19:11:03 ----D---- C:\rsit
2010-02-04 17:29:00 ----D---- C:\Program Files\VideoLAN
2010-02-02 21:05:43 ----D---- C:\Program Files\Eusing Free Registry Cleaner
2010-02-02 17:23:48 ----D---- C:\Program Files\Trend Micro
2010-02-01 21:09:05 ----A---- C:\WINDOWS\system32\nvunrm.exe
2010-02-01 20:42:04 ----D---- C:\Documents and Settings\Jason\Application Data\Uniblue
2010-02-01 20:42:04 ----D---- C:\Documents and Settings\All Users\Application Data\DriverScanner
2010-01-31 16:27:24 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-01-31 16:27:24 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-31 16:13:16 ----D---- C:\Program Files\CleanUp!
2010-01-31 13:03:11 ----A---- C:\WINDOWS\system32\ieencode.dll
2010-01-30 20:17:17 ----A---- C:\WINDOWS\system32\pthreadGC2.dll
2010-01-30 20:17:17 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2010-01-30 20:17:17 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2010-01-30 20:17:16 ----D---- C:\Program Files\ffdshow
2010-01-30 20:16:13 -------- C:\WINDOWS\system32\vxblock.dll
2010-01-30 20:16:13 -------- C:\WINDOWS\system32\pxsfs.dll
2010-01-30 20:16:13 -------- C:\WINDOWS\system32\pxinsa64.exe
2010-01-30 20:16:13 -------- C:\WINDOWS\system32\pxhpinst.exe
2010-01-30 20:16:13 -------- C:\WINDOWS\system32\pxdrv.dll
2010-01-30 20:16:13 -------- C:\WINDOWS\system32\pxcpya64.exe
2010-01-30 20:16:13 -------- C:\WINDOWS\system32\pxafs.dll
2010-01-30 20:16:12 -------- C:\WINDOWS\system32\pxwave.dll
2010-01-30 20:16:12 -------- C:\WINDOWS\system32\pxmas.dll
2010-01-30 20:16:12 -------- C:\WINDOWS\system32\px.dll
2010-01-30 17:22:20 ----A---- C:\WINDOWS\system32\nvconrm.dll
2010-01-30 17:22:20 ----A---- C:\WINDOWS\system32\fdco1.dll
2010-01-30 17:22:20 ----A---- C:\WINDOWS\system32\bdco1.dll
2010-01-30 16:57:53 ----D---- C:\Documents and Settings\Jason\Application Data\Windows Search
2010-01-30 16:14:45 ----D---- C:\Config.Msi
2010-01-30 15:53:18 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2010-01-30 15:53:01 ----D---- C:\WINDOWS\system32\GroupPolicy
2010-01-30 15:53:01 ----D---- C:\Program Files\Windows Desktop Search
2010-01-30 14:03:03 ----D---- C:\Program Files\AOL
2010-01-30 14:02:58 ----D---- C:\Program Files\Common Files\aolshare
2010-01-30 14:02:58 ----D---- C:\Program Files\Common Files\aol
2010-01-30 14:02:58 ----D---- C:\Program Files\AOL 9.5
2010-01-30 13:55:46 ----A---- C:\WINDOWS\msoffice.ini
2010-01-30 12:54:59 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2010-01-30 12:54:55 ----D---- C:\Program Files\NVIDIA Corporation
2010-01-30 12:54:16 ----A---- C:\WINDOWS\system32\OpenCL.dll
2010-01-30 12:54:16 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2010-01-30 12:54:16 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2010-01-30 12:54:15 ----A---- C:\WINDOWS\system32\nvcompiler.dll
2010-01-29 18:24:45 ----D---- C:\Program Files\AVG
2010-01-11 22:17:44 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2010-01-11 22:17:44 ----A---- C:\WINDOWS\system32\nvmctray.dll
2010-01-11 22:17:44 ----A---- C:\WINDOWS\system32\nvmccs.dll
2010-01-11 22:17:44 ----A---- C:\WINDOWS\system32\nvcpl.dll
2010-01-11 22:17:44 ----A---- C:\WINDOWS\system32\nvcolor.exe
2010-01-11 22:17:40 ----A---- C:\WINDOWS\system32\nvwddi.dll
2010-01-09 21:30:16 ----D---- C:\Program Files\Rosetta Stone
2010-01-09 21:30:16 ----D---- C:\Documents and Settings\All Users\Application Data\Rosetta Stone

======List of files/folders modified in the last 1 months======

2010-02-04 19:11:09 ----D---- C:\Documents and Settings\Jason\Application Data\uTorrent
2010-02-04 19:10:57 ----D---- C:\WINDOWS\Prefetch
2010-02-04 19:00:04 ----D---- C:\WINDOWS\Temp
2010-02-04 18:58:25 ----A---- C:\WINDOWS\win.ini
2010-02-04 18:58:21 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-04 18:57:55 ----D---- C:\WINDOWS\system32\LogFiles
2010-02-04 18:57:55 ----D---- C:\WINDOWS
2010-02-04 17:29:00 ----D---- C:\Program Files
2010-02-04 17:16:02 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-02-04 06:07:16 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-02-04 06:07:11 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-03 19:25:25 ----D---- C:\Program Files\Mozilla Firefox
2010-02-03 18:53:47 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-02-03 18:09:18 ----HD---- C:\WINDOWS\inf
2010-02-02 21:33:50 ----D---- C:\WINDOWS\system32
2010-02-02 21:33:50 ----D---- C:\Program Files\Internet Explorer
2010-02-02 21:29:15 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-02 21:29:14 ----D---- C:\WINDOWS\system32\en-US
2010-02-02 21:28:47 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-02 20:17:38 ----D---- C:\WINDOWS\Media
2010-02-02 20:17:38 ----D---- C:\WINDOWS\Help
2010-02-02 20:16:24 ----D---- C:\WINDOWS\ie8updates
2010-02-02 19:08:24 ----D---- C:\WINDOWS\system32\wbem
2010-02-01 21:09:14 ----D---- C:\WINDOWS\system32\drivers
2010-02-01 21:09:06 ----D---- C:\WINDOWS\system32\CatRoot
2010-02-01 20:45:43 ----SHD---- C:\WINDOWS\Installer
2010-02-01 20:42:11 ----D---- C:\WINDOWS\system32\config
2010-02-01 20:36:48 ----D---- C:\Program Files\SpeedFan
2010-02-01 06:07:41 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-01-31 21:15:52 ----SD---- C:\WINDOWS\Tasks
2010-01-31 14:27:53 ----D---- C:\WINDOWS\Debug
2010-01-31 12:32:11 ----D---- C:\WINDOWS\Network Diagnostic
2010-01-31 08:43:51 ----D---- C:\WINDOWS\pss
2010-01-30 17:29:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-30 16:57:48 ----D---- C:\Documents and Settings\All Users\Application Data\AOL
2010-01-30 16:57:39 ----D---- C:\Program Files\Common Files
2010-01-30 16:57:32 ----D---- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2010-01-30 16:51:48 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-01-30 16:45:37 ----D---- C:\Documents and Settings\Jason\Application Data\GetRightToGo
2010-01-30 16:13:40 ----D---- C:\WINDOWS\system32\Restore
2010-01-30 15:53:20 ----D---- C:\WINDOWS\security
2010-01-30 15:53:19 ----SD---- C:\Documents and Settings\Jason\Application Data\Microsoft
2010-01-30 15:53:07 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-01-30 14:00:42 ----D---- C:\Documents and Settings\Jason\Application Data\Mozilla
2010-01-30 13:57:07 ----D---- C:\WINDOWS\WinSxS
2010-01-30 13:56:02 ----D---- C:\Documents and Settings\Jason\Application Data\AOL
2010-01-30 12:55:33 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-30 12:55:26 ----D---- C:\Program Files\AGEIA Technologies
2010-01-30 12:54:59 ----D---- C:\WINDOWS\nview
2010-01-30 12:54:13 ----D---- C:\NVIDIA
2010-01-29 18:24:40 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-28 20:33:57 ----D---- C:\WINDOWS\twain_32
2010-01-28 06:42:34 ----D---- C:\Documents and Settings
2010-01-24 08:30:13 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-13 17:58:04 ----D---- C:\WINDOWS\AppPatch
2010-01-11 21:03:33 ----A---- C:\WINDOWS\system32\nvudisp.exe
2010-01-11 21:03:33 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2010-01-11 21:03:33 ----A---- C:\WINDOWS\system32\nvcuda.dll
2010-01-11 21:03:33 ----A---- C:\WINDOWS\system32\nvcodins.dll
2010-01-11 21:03:33 ----A---- C:\WINDOWS\system32\nvcod.dll
2010-01-11 21:03:33 ----A---- C:\WINDOWS\system32\nvapi.dll
2010-01-11 21:03:33 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2010-01-05 03:00:29 ----A---- C:\WINDOWS\system32\wininet.dll
2010-01-05 03:00:28 ----A---- C:\WINDOWS\system32\webcheck.dll
2010-01-05 03:00:28 ----A---- C:\WINDOWS\system32\urlmon.dll
2010-01-05 03:00:28 ----A---- C:\WINDOWS\system32\url.dll
2010-01-05 03:00:28 ----A---- C:\WINDOWS\system32\pngfilt.dll
2010-01-05 03:00:28 ----A---- C:\WINDOWS\system32\occache.dll
2010-01-05 03:00:28 ----A---- C:\WINDOWS\system32\mstime.dll
2010-01-05 03:00:27 ----A---- C:\WINDOWS\system32\msrating.dll
2010-01-05 03:00:27 ----A---- C:\WINDOWS\system32\mshtmled.dll
2010-01-05 03:00:26 ----A---- C:\WINDOWS\system32\mshtml.dll
2010-01-05 03:00:25 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2010-01-05 03:00:24 ----A---- C:\WINDOWS\system32\msfeeds.dll
2010-01-05 03:00:24 ----A---- C:\WINDOWS\system32\jsproxy.dll
2010-01-05 03:00:24 ----A---- C:\WINDOWS\system32\iertutil.dll
2010-01-05 03:00:24 ----A---- C:\WINDOWS\system32\iernonce.dll
2010-01-05 03:00:24 ----A---- C:\WINDOWS\system32\iepeers.dll
2010-01-05 03:00:23 ----A---- C:\WINDOWS\system32\ieframe.dll
2010-01-05 03:00:21 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2010-01-05 03:00:21 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2010-01-05 03:00:21 ----A---- C:\WINDOWS\system32\ieaksie.dll
2010-01-05 03:00:21 ----A---- C:\WINDOWS\system32\ieakeng.dll
2010-01-05 03:00:21 ----A---- C:\WINDOWS\system32\icardie.dll
2010-01-05 03:00:21 ----A---- C:\WINDOWS\system32\dxtrans.dll
2010-01-05 03:00:21 -------- C:\WINDOWS\system32\extmgr.dll
2010-01-05 03:00:20 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2010-01-05 03:00:20 ----A---- C:\WINDOWS\system32\corpol.dll
2010-01-05 03:00:20 ----A---- C:\WINDOWS\system32\advpack.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;AMD HwPState Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-11-02 56572]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-18 4547584]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-01-11 10276768]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-27 58368]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-27 19968]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Brother XP spl Service;BrSplService; C:\WINDOWS\system32\brsvc01a.exe [2001-11-23 57344]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-08 152984]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-01-11 154216]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-02-14 66872]
R3 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.e xe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-06 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFont Cache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2010-02-04 19:11:11

======Uninstall list======

-->C:\WINDOWS\UNINST.EXE -f"C:\Program Files\PhotoDeluxe HE 3.0\DeIsL1.isu" -c"C:\Program Files\PhotoDeluxe HE 3.0\Uninst.dll"
-->MsiExec /X{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /X{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Adobe Acrobat 9 Pro - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000004}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Battlefield 1942-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,Lau nchSetup "C:\Program Files\InstallShield Installation Information\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}\setup.exe" -l0x9
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe
DCXtended .9-->C:\Program Files\EA GAMES\Battlefield 1942\Mods\DC_Extended\uninstall.exe
Defraggler-->"C:\Program Files\Defraggler\uninst.exe"
DesertCombat 0.7-->C:\WINDOWS\iun6002.exe "C:\Program Files\EA GAMES\Battlefield 1942\DesertCombat.ini"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
Eusing Free Registry Cleaner-->C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG
ffdshow [rev 1523] [2007-10-09]-->"C:\Program Files\ffdshow\unins000.exe"
Garmin USB Drivers-->MsiExec.exe /X{B1102A25-3AA3-446B-AA0F-A699B07A02FD}
Garmin WebUpdater-->MsiExec.exe /X{E0783143-EAE2-4047-A8D6-E155523C594C}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Iron Woody Super Gripper Suite 2.2-->"C:\Program Files\Iron Woody Fitness\unins000.exe"
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfi x.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M95329 7\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuni nst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spu ninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
Microsoft VC9 runtime libraries-->MsiExec.exe /I{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvuide.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA PhysX-->MsiExec.exe /X{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickLOAD-->C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\QuickLOAD\ST5UNST.LOG"
Real Alternative 1.9.0-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32 \Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.EXE" -l0x9 -removeonly
Rosetta Stone V3-->MsiExec.exe /X{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
System Requirements Lab-->MsiExec.exe /I{1E99F5D7-4262-4C7C-9135-F066E7485811}
Uninstall AOL Emergency Connect Utility 1.0-->C:\Program Files\Common Files\AOL\ECU\uninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VLC media player 1.0.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Who Dares Wins 0.23 client-->C:\Program Files\EA GAMES\Battlefield 1942\Mods\WhoDaresWins\Uninstal.exe
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)-->rundll32.exe C:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\grmnusb_09F3E629557EBE4D2BA1A94 69BDAE635AC0807AE\grmnusb.inf
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xvid 1.2.1 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

=====HijackThis Backups=====

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-02-02]
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2010-02-03]
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) [2010-02-03]
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2010-02-03]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======System event log======

Computer Name: DEN
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 33050
Source Name: Tcpip
Time Written: 20100127173523.000000-420
Event Type: warning
User:

Computer Name: DEN
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 33042
Source Name: W32Time
Time Written: 20100127065234.000000-420
Event Type: warning
User:

Computer Name: DEN
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 33012
Source Name: Tcpip
Time Written: 20100126181106.000000-420
Event Type: warning
User:

Computer Name: DEN
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 32808
Source Name: W32Time
Time Written: 20100124034802.000000-420
Event Type: warning
User:

Computer Name: DEN
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 32735
Source Name: W32Time
Time Written: 20100123071612.000000-420
Event Type: warning
User:

=====Application event log=====

Computer Name: DEN
Event Code: 1000
Message: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module embd3260.dll, version 6.0.13.68, fault address 0x0002f11d.

Record Number: 1356
Source Name: Application Error
Time Written: 20090821100443.000000-420
Event Type: error
User:

Computer Name: DEN
Event Code: 11706
Message: Product: Microsoft Office XP Professional with FrontPage -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP.

Record Number: 1206
Source Name: MsiInstaller
Time Written: 20090801094219.000000-420
Event Type: error
User: DEN\Jason

Computer Name: DEN
Event Code: 1001
Message: Detection of product '{90280409-6000-11D3-8CFE-0050048383C9}', feature 'TCWP5Files' failed during request for component '{CC29EC7F-7BC2-11D1-A921-00A0C91E2AA2}'

Record Number: 1205
Source Name: MsiInstaller
Time Written: 20090801094208.000000-420
Event Type: warning
User: DEN\Jason

Computer Name: DEN
Event Code: 20
Message:
Record Number: 1177
Source Name: Google Update
Time Written: 20090728193207.000000-420
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: DEN
Event Code: 1002
Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 1108
Source Name: Application Hang
Time Written: 20090719214534.000000-420
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%; %SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.W SH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

[Jintan]

Nothing malicious or amiss in those views, and no error log info that might suggest a culprit to check further. You did not post the Gmer log, so please run and post that for review.

[warmsummer]

Here is the Gmer log. Again, many thanks for your help.

Once I get this problem sorted out I need to install an antivirus program to prevent this from happening again. I have used Norton in the past but not been happy with its performance. What would you recommend?

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-06 07:53:22
Windows 5.1.2600 Service Pack 3
Running: 0g0l7bgl.exe; Driver: C:\DOCUME~1\Jason\LOCALS~1\Temp\pxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xB80F887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xB80F8BFE]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7287380, 0x550AF5, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[188] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00FB28F5
.text C:\WINDOWS\Explorer.EXE[188] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00FB2781
.text C:\WINDOWS\Explorer.EXE[188] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00FB2873
.text C:\WINDOWS\Explorer.EXE[188] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00FB27B9
.text C:\WINDOWS\Explorer.EXE[188] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00FB27F1
.text C:\WINDOWS\system32\nvsvc32.exe[1004] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 013628F5
.text C:\WINDOWS\system32\nvsvc32.exe[1004] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01362781
.text C:\WINDOWS\system32\nvsvc32.exe[1004] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01362873
.text C:\WINDOWS\system32\nvsvc32.exe[1004] WS2_32.dll!recv 71AB676F 5 Bytes JMP 013627B9
.text C:\WINDOWS\system32\nvsvc32.exe[1004] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 013627F1
.text C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 022C28F5
.text C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] WS2_32.dll!send 71AB4C27 5 Bytes JMP 022C2781
.text C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 022C2873
.text C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] WS2_32.dll!recv 71AB676F 5 Bytes JMP 022C27B9
.text C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 022C27F1
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1560] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C628F5
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1560] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C62781
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1560] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C62873
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1560] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00C627B9
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1560] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00C627F1
.text C:\WINDOWS\system32\RUNDLL32.EXE[1696] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E728F5
.text C:\WINDOWS\system32\RUNDLL32.EXE[1696] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E72781
.text C:\WINDOWS\system32\RUNDLL32.EXE[1696] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E72873
.text C:\WINDOWS\system32\RUNDLL32.EXE[1696] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E727B9
.text C:\WINDOWS\system32\RUNDLL32.EXE[1696] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E727F1
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 017D28F5
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] WS2_32.dll!send 71AB4C27 5 Bytes JMP 017D2781
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 017D2873
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] WS2_32.dll!recv 71AB676F 5 Bytes JMP 017D27B9
.text C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 017D27F1
.text C:\Program Files\AOL 9.5\waol.exe[3168] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 05AE28F5
.text C:\Program Files\AOL 9.5\waol.exe[3168] WS2_32.dll!send 71AB4C27 5 Bytes JMP 05AE2781
.text C:\Program Files\AOL 9.5\waol.exe[3168] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 05AE2873
.text C:\Program Files\AOL 9.5\waol.exe[3168] WS2_32.dll!recv 71AB676F 5 Bytes JMP 05AE27B9
.text C:\Program Files\AOL 9.5\waol.exe[3168] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 05AE27F1
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3348] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E128F5
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3348] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E12781
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3348] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E12873
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3348] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E127B9
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3348] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E127F1
.text C:\Program Files\Java\jre6\bin\jqs.exe[3500] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 012B28F5
.text C:\Program Files\Java\jre6\bin\jqs.exe[3500] WS2_32.dll!send 71AB4C27 5 Bytes JMP 012B2781
.text C:\Program Files\Java\jre6\bin\jqs.exe[3500] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 012B2873
.text C:\Program Files\Java\jre6\bin\jqs.exe[3500] WS2_32.dll!recv 71AB676F 5 Bytes JMP 012B27B9
.text C:\Program Files\Java\jre6\bin\jqs.exe[3500] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 012B27F1
.text C:\WINDOWS\System32\alg.exe[3656] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B928F5
.text C:\WINDOWS\System32\alg.exe[3656] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B92781
.text C:\WINDOWS\System32\alg.exe[3656] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00B92873
.text C:\WINDOWS\System32\alg.exe[3656] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00B927B9
.text C:\WINDOWS\System32\alg.exe[3656] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B927F1

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\1264885384\ee\AOLSoftware.exe[1484] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe[1716] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9DEB] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AOL 9.5\waol.exe[3168] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI \Device\00000042 891F4708
Device \Driver\ACPI \Device\00000050 891F4708
Device \Driver\ACPI \Device\00000053 891F4708
Device \Driver\ACPI \Device\00000046 891F4708
Device \Driver\ACPI \Device\00000054 891F4708
Device \Driver\ACPI \Device\00000047 891F4708
Device \Driver\ACPI \Device\00000055 891F4708
Device \Driver\ACPI \Device\00000048 891F4708

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\ACPI \Device\00000056 891F4708
Device \Driver\ACPI \Device\00000049 891F4708
Device \Driver\ACPI \Device\00000057 891F4708
Device \Driver\ACPI \Device\00000058 891F4708
Device \Driver\ACPI \Device\0000003b 891F4708
Device \Driver\ACPI \Device\0000003e 891F4708
Device \Driver\ACPI \Device\0000005c 891F4708
Device \Driver\ACPI \Device\0000005d 891F4708

---- EOF - GMER 1.0.15 ----

[Jintan]

The log does show a pattern of something altering the Winsock net access process there, which is typical of some of the known rootkit variants. And some unusual and nameless devices as well. But no outright pointing to a malware source.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.

Download ComboFix.exe from here to your desktop, but I would like you to rename the file as you download it (do not download it directly without renaming it - use right click "Save Target/Link As" ). For this, rename the downloading file to 456out.com, then click the renamed 456out.com to run that scan.

Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

[warmsummer]

ComboFix 10-02-06.01 - Jason 02/06/2010 19:04:11.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1611 [GMT -7:00]
Running from: c:\documents and settings\Jason\Desktop\456out.com
.

((((((((((((((((((((((((( Files Created from 2010-01-07 to 2010-02-07 )))))))))))))))))))))))))))))))
.

2010-02-06 21:42 . 2010-02-07 00:30 -------- d-----w- c:\documents and settings\Jason\Application Data\vlc
2010-02-06 21:11 . 2010-02-06 21:23 -------- d-----w- c:\documents and settings\Jason\Application Data\Winamp
2010-02-06 21:11 . 2010-02-06 21:12 -------- d-----w- c:\program files\Winamp
2010-02-06 17:58 . 2003-01-10 21:13 33588 ----a-r- c:\windows\system32\drivers\wanatw4.sys
2010-02-06 17:58 . 2010-02-06 21:04 -------- d-----w- c:\program files\AOL 9.5
2010-02-06 17:58 . 2010-02-06 17:59 -------- d-----w- c:\program files\Common Files\aol
2010-02-06 17:58 . 2010-02-06 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-02-06 17:58 . 2010-02-06 17:59 -------- d-----w- c:\program files\Common Files\aolshare
2010-02-06 16:38 . 2010-02-06 16:38 -------- d-----w- c:\program files\VideoLAN
2010-02-06 16:25 . 2010-02-06 17:59 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\AOL
2010-02-06 15:52 . 2007-10-22 10:37 17928 ----a-w- c:\windows\system32\X3DAudio1_2.dll
2010-02-06 15:51 . 2010-02-06 15:51 -------- d-----w- c:\windows\Logs
2010-02-06 01:58 . 2010-02-06 01:58 -------- d-----w- c:\program files\Common Files\Java
2010-02-06 01:58 . 2010-02-06 01:58 61440 ----a-w- c:\documents and settings\Jason\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-643513c5-n\decora-sse.dll
2010-02-06 01:58 . 2010-02-06 01:58 503808 ----a-w- c:\documents and settings\Jason\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4486da3e-n\msvcp71.dll
2010-02-06 01:58 . 2010-02-06 01:58 499712 ----a-w- c:\documents and settings\Jason\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4486da3e-n\jmc.dll
2010-02-06 01:58 . 2010-02-06 01:58 348160 ----a-w- c:\documents and settings\Jason\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-4486da3e-n\msvcr71.dll
2010-02-06 01:58 . 2010-02-06 01:58 12800 ----a-w- c:\documents and settings\Jason\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-643513c5-n\decora-d3d.dll
2010-02-06 01:05 . 2010-02-06 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-02-05 02:11 . 2010-02-05 02:11 -------- d-----w- C:\rsit
2010-02-03 04:05 . 2010-02-03 04:05 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-02-03 00:23 . 2010-02-03 00:23 -------- d-----w- c:\program files\Trend Micro
2010-02-02 04:09 . 2006-11-07 06:58 356352 ----a-w- c:\windows\system32\nvunrm.exe
2010-02-02 04:09 . 2006-10-24 05:13 1732 ----a-w- c:\windows\system32\drivers\nvphy.bin
2010-02-02 03:42 . 2010-02-02 03:45 -------- d-----w- c:\documents and settings\Jason\Application Data\Uniblue
2010-02-02 03:42 . 2010-02-02 03:45 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2010-01-31 23:27 . 2010-02-07 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-31 23:27 . 2010-01-31 23:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-31 23:26 . 2010-01-31 23:26 -------- d-----w- c:\documents and settings\HelpAssistant\log
2010-01-31 23:18 . 2010-01-31 23:18 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-01-31 23:18 . 2010-01-31 23:18 -------- d-----w- c:\documents and settings\Jason\log
2010-01-31 23:13 . 2010-01-31 23:13 -------- d-----w- c:\program files\CleanUp!
2010-01-31 20:03 . 2010-01-05 10:00 78336 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2010-01-31 20:03 . 2010-01-05 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-31 03:17 . 2007-07-30 00:51 7680 ----a-w- c:\windows\system32\ff_vfw.dll
2010-01-31 03:17 . 2007-04-25 00:30 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-01-31 03:17 . 2010-02-06 21:14 -------- d-----w- c:\program files\ffdshow
2010-01-31 00:27 . 2010-01-31 00:27 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-31 00:22 . 2006-11-27 08:33 19968 ----a-w- c:\windows\system32\drivers\nvnetbus.sys
2010-01-31 00:22 . 2006-11-27 08:33 58368 ----a-w- c:\windows\system32\drivers\NVENETFD.sys
2010-01-31 00:22 . 2006-11-27 08:33 110592 ----a-w- c:\windows\system32\drivers\nvtcp.sys
2010-01-31 00:22 . 2006-11-27 08:33 895744 ----a-w- c:\windows\system32\drivers\nvnrm.sys
2010-01-31 00:22 . 2006-11-27 08:33 261632 ----a-w- c:\windows\system32\drivers\nvsnpu.sys
2010-01-31 00:22 . 2006-11-27 08:31 192512 ----a-w- c:\windows\system32\fdco1.dll
2010-01-31 00:22 . 2006-11-27 08:31 9216 ----a-w- c:\windows\system32\bdco1.dll
2010-01-31 00:22 . 2006-11-07 06:58 35840 ----a-w- c:\windows\system32\nvconrm.dll
2010-01-30 23:57 . 2010-01-30 23:57 -------- d-----w- c:\documents and settings\Jason\Application Data\Windows Search
2010-01-30 22:53 . 2010-01-30 22:53 -------- d-----w- c:\documents and settings\Jason\Local Settings\Application Data\Identities
2010-01-30 22:53 . 2010-01-30 22:53 -------- d-----w- c:\windows\system32\GroupPolicy
2010-01-30 21:56 . 2010-01-30 21:56 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AOL
2010-01-30 21:01 . 2010-01-30 21:01 43732816 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol_single\4337.155.1.1\setup.exe
2010-01-30 21:01 . 2010-01-30 21:01 42960 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol_single\4337.155.1.1\noneCodesignFilesBundle.e xe
2010-01-30 19:54 . 2010-01-30 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-01-30 19:54 . 2010-01-30 19:55 -------- d-----w- c:\program files\NVIDIA Corporation
2010-01-30 19:54 . 2010-01-12 04:03 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-01-30 19:54 . 2010-01-12 04:03 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-01-30 19:54 . 2010-01-12 04:03 2259560 ----a-w- c:\windows\system32\nvcuvid.dll
2010-01-30 19:54 . 2010-01-12 04:03 11632640 ----a-w- c:\windows\system32\nvcompiler.dll
2010-01-30 19:54 . 2010-01-12 04:03 2283526 ----a-w- c:\windows\system32\nvdata.bin
2010-01-30 01:24 . 2010-01-30 01:24 -------- d-----w- c:\program files\AVG
2010-01-12 05:17 . 2010-01-12 05:17 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-01-12 05:17 . 2010-01-12 05:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-01-12 05:17 . 2010-01-12 05:17 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-01-12 05:17 . 2010-01-12 05:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll
2010-01-12 05:17 . 2010-01-12 05:17 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-01-12 05:17 . 2010-01-12 05:17 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-01-10 04:30 . 2010-01-10 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosetta Stone
2010-01-10 04:30 . 2010-01-10 04:30 -------- d-----w- c:\program files\Rosetta Stone

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-06 17:59 . 2009-02-08 21:02 -------- d-----w- c:\documents and settings\Jason\Application Data\AOL
2010-02-06 16:29 . 2009-02-07 23:08 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-06 15:33 . 2009-02-22 05:40 -------- d-----w- c:\program files\SpeedFan
2010-02-06 03:57 . 2009-02-08 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-06 01:58 . 2009-02-08 20:45 -------- d-----w- c:\program files\Java
2010-02-05 05:59 . 2009-02-09 00:24 -------- d-----w- c:\documents and settings\Jason\Application Data\uTorrent
2010-02-04 17:01 . 2010-02-06 15:53 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 17:01 . 2010-02-06 15:53 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 17:01 . 2010-02-06 15:53 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 17:01 . 2010-02-06 15:53 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-02-04 01:53 . 2009-02-14 19:36 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-04 01:53 . 2009-02-14 19:36 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-30 23:57 . 2009-02-08 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2010-01-30 23:45 . 2009-10-30 22:49 -------- d-----w- c:\documents and settings\Jason\Application Data\GetRightToGo
2010-01-30 19:55 . 2009-02-07 22:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-30 19:55 . 2009-02-07 22:35 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-24 15:30 . 2009-02-08 22:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-24 15:30 . 2009-02-12 03:21 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-12 04:03 . 2009-02-07 04:51 592488 ----a-w- c:\windows\system32\nvudisp.exe
2010-01-12 04:03 . 2009-01-15 15:19 4104192 ----a-w- c:\windows\system32\nvcuda.dll
2010-01-12 04:03 . 2006-10-31 06:35 6359168 ----a-w- c:\windows\system32\nv4_disp.dll
2010-01-12 04:03 . 2006-10-31 06:35 182888 ----a-w- c:\windows\system32\nvcodins.dll
2010-01-12 04:03 . 2006-10-31 06:35 182888 ----a-w- c:\windows\system32\nvcod.dll
2010-01-12 04:03 . 2006-10-31 06:35 14458880 ----a-w- c:\windows\system32\nvoglnt.dll
2010-01-12 04:03 . 2006-10-31 06:35 1081344 ----a-w- c:\windows\system32\nvapi.dll
2010-01-12 04:03 . 2006-10-31 06:35 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-01-07 23:07 . 2009-02-08 22:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 23:07 . 2009-02-08 22:01 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 10:00 . 2008-04-14 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2008-04-14 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 00:35 . 2009-12-31 00:35 -------- d-----w- c:\documents and settings\Jason\Application Data\VirtualStore
2009-12-18 00:14 . 2009-02-08 20:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-21 15:51 . 2008-04-14 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 04:42 . 2009-02-07 04:38 592488 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-11-11 01:49 . 2009-02-07 04:44 20336 ----a-w- c:\documents and settings\Jason\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ Run]
"AOL Fast Start"="c:\program files\AOL 9.5\AOL.EXE" [2009-10-28 50536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion \Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"SkyTel"="SkyTel.EXE" [2007-06-15 1826816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"HostManager"="c:\program files\Common Files\AOL\1265479102\ee\AOLSoftware.exe" [2009-07-20 41264]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\G:\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 05:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 09:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-28 00:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\stand ardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\1265479102\\ee\\aolsoftware.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\stand ardprofile\GloballyOpenPorts\List]
"<NO NAME>"=
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3246:TCP"= 3246:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"2426:TCP"= 2426:TCP:Services
"8144:TCP"= 8144:TCP:Services
"9004:TCP"= 9004:TCP:Services
"5832:TCP"= 5832:TCP:Services
"6425:TCP"= 6425:TCP:Services
"5613:TCP"= 5613:TCP:Services
"5941:TCP"= 5941:TCP:Services
"9316:TCP"= 9316:TCP:Services
"7879:TCP"= 7879:TCP:Services
"2020:TCP"= 2020:TCP:Services
"3458:TCP"= 3458:TCP:Services
"5004:TCP"= 5004:TCP:Services
"2847:TCP"= 2847:TCP:Services
"6753:TCP"= 6753:TCP:Services
"5191:TCP"= 5191:TCP:Services
"6050:TCP"= 6050:TCP:Services
"5550:TCP"= 5550:TCP:Services
"1691:TCP"= 1691:TCP:Services
"5113:TCP"= 5113:TCP:Services
"8019:TCP"= 8019:TCP:Services
"5082:TCP"= 5082:TCP:Services
"5441:TCP"= 5441:TCP:Services
"4910:TCP"= 4910:TCP:Services

.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Jason\Application Data\Mozilla\Firefox\Profiles\149bzoj5.default\
FF - prefs.js: browser.startup.homepage -
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-nwiz - nwiz.exe



************************************************************ **************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 19:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************************ **************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x890A66D0]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb80ecf28
\Driver\ACPI -> 0x890a66d0
\Driver\atapi -> atapi.sys @ 0xb7f37852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> 0x888af330
PacketIndicateHandler -> NDIS.sys @ 0xb7e36a21
SendHandler -> NDIS.sys @ 0xb7e1487b
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x012A14C00
malicious code @ sector 0x012A14C03 !
PE file found in sector at 0x012A14C19 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

************************************************************ **************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2744)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-06 19:07:34
ComboFix-quarantined-files.txt 2010-02-07 02:07

Pre-Run: 40,267,591,680 bytes free
Post-Run: 40,245,297,152 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 31B1EDA9C520436EC1407E99B11126C2

[Jintan]

The log shows an MBR (Master Boot Record) infection there, which adds a little complexity to the repairs. To avoid making the wrong changes what is the make and model on this computer please?

[warmsummer]

Thanks again for helping to sort this out.

Gigabyte Motherboard GA-M61PME
AMD Athlon 64x2 Dual Core Processor 4800+ 2.51 GHz
2.00 GB of RAM
NVIDIA GeForce 9500 GT
Windows XP Home Edition SP 3

[Jintan]

This is not a factory built then? Let's run a specific repair scan for now, then assess after.

Click here and download Kaspersky's TDSSKiller to your desktop, then unzip that and place a copy of the TDSSKiller.exe file directly on your desktop.

Code:

@ECHO OFF
START /WAIT TDSSKILLER.exe -l Logit.txt -v
START Logit.txt

Open Notepad (Start - Run, type Notepad then press OK), and copy the text inside the Code box above and paste it into the open Notepad textbox.

Save this to your desktop as "tdsskill.bat"

Be sure to include the "" quotes in the name. You should now have both the TDSSKILLER.exe file and that tdsskill.bat on your desktop.

Then click tdsskill.bat to start the scan. A command window will open, and when the scan completes a log file will open. Copy/paste those contents back here please (the log will also be saved to your desktop as logit.txt).

However, if the scan prompts for a reboot be sure to do that.

------------------

Then run a new ComboFix scan, and post that log and the logit.txt log please.