Author Topic: Virus help before I strangle teenager :) (Read 18611 times)

mtwheezer · « **on:** May 12, 2010, 06:54:21 PM »

Hi, I gave my old laptop to my 16 yo son who promptly managed to get it infected. The hijacked homepage issue seems to have been resolved after running the requested utilities. The myriad pop-ups seem to have stopped also. But Avast has caught another virus while typing this. I'd like to make sure everything is actually gone before I give the machine back to him. I am also including the log from Avast if that will help.
I am sending this from my laptop since I tried to post it from his, and it wouldn't post.

Computer with problem is a HP Pavillion DV8000, running XP sp 3.

Thanks for your help.

Sorry, attached logs by mistake. Here they are:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/12/2010 at 02:06 PM

Application Version : 4.37.1000

Core Rules Database Version : 4924
Trace Rules Database Version: 2736

Scan type : Complete Scan
Total Scan Time : 00:33:44

Memory items scanned : 503
Memory threats detected : 0
Registry items scanned : 4342
Registry threats detected : 1
File items scanned : 27488
File threats detected : 30

System.BrokenFileAssociation
   HKCR\.exe

Trojan.Agent/Gen-Rogue[AV]
   C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\AV.EXE
   C:\WINDOWS\Prefetch\AV.EXE-09240382.pf

Trojan.Agent/Gen-RogueAV
   C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\AVE.EXE
   C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\AVE.EXE
   C:\WINDOWS\Prefetch\AVE.EXE-02B79D90.pf
   C:\WINDOWS\Prefetch\AVE.EXE-08633F36.pf

Adware.Tracking Cookie
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
   C:\Documents and Settings\NetworkService\Cookies\system@adbrite[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@advertise[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@advertise[3].txt
   C:\Documents and Settings\NetworkService\Cookies\system@apmebf[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@atdmt[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@casalemedia[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
   C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@fastclick[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@invitemedia[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@media6degrees[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@pointroll[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@realmedia[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@revsci[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@revsci[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@zedo[1].txt

************************************************************************************

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4094

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/12/2010 2:33:09 PM
mbam-log-2010-05-12 (14-33-09).txt

Scan type: Quick scan
Objects scanned: 113200
Time elapsed: 7 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\NetworkService\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
***************************************************************************************
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:46:14 PM, on 5/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAcat.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\sniper.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1268096363527
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\OAcat.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

--
End of file - 6827 bytes
********************************
Avast found, put in chest

5/12/2010   1:38:01 PM   1273689481   SYSTEM   1688   Sign of "Win32:MalOb-AL [Cryp]" has been found in "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\AV.EXE" file.
5/12/2010   1:38:34 PM   1273689514   SYSTEM   1688   Sign of "Win32:MalOb-AL [Cryp]" has been found in "C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\AVE.EXE" file.
5/12/2010   1:39:31 PM   1273689571   SYSTEM   1688   Sign of "Win32:MalOb-AL [Cryp]" has been found in "C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\AVE.EXE" file.

This is what popped up while I was writing you all:
C:\Documents and Settings\NetworkService\Local Settings\Tempo
JS:FakeAV-EJ [trj]
Trojan Horse
100512-1, 05/12/2010

"was in use by another process" Had Firefox open. Closed Firefox, same issue.
no action was only thing that worked.

[recovering disk space - old attachment deleted by admin]

Dr Jay · « **Reply #1 on:** May 13, 2010, 12:36:54 AM »

Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

mtwheezer · « **Reply #2 on:** May 13, 2010, 08:26:51 AM »

Good morning and thanks. Here is the Combofix log.
There was an error message on the screen when the log popped up. This is the text from it:

debug assertation failed
c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
File: c:\programfiles\microsoft visual studio.net 2003\vc7\atlmfc\include\atlfile.h
line 188

Expression: m_h !=0
abort? retry? fail? I chose retry and the message that popped up was LightScribe encountered a problem and had to shut down.

Also, Avast caught two more viruses last night. I just had the machine on, it was connected to the internet, with Firefox open. No one was actively using it at the time. I hadn't shut it down from trying to post from it earlier.

ComboFix 10-05-12.04 - Administrator 05/13/2010 9:08.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.461 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100513-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
.

((((((((((((((((((((((((( Files Created from 2010-04-13 to 2010-05-13 )))))))))))))))))))))))))))))))
.

2010-05-13 13:55 . 2010-05-13 13:55   --------   d-----w-   c:\windows\LastGood
2010-05-12 19:44 . 2010-05-12 19:44   388096   ----a-r-   c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-12 19:44 . 2010-05-12 19:44   --------   d-----w-   c:\program files\Trend Micro
2010-05-12 19:40 . 2010-05-12 19:40   61440   ----a-w-   c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2a86e9cd-n\decora-sse.dll
2010-05-12 19:40 . 2010-05-12 19:40   12800   ----a-w-   c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2a86e9cd-n\decora-d3d.dll
2010-05-12 19:40 . 2010-05-12 19:40   503808   ----a-w-   c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-32a9d2ef-n\msvcp71.dll
2010-05-12 19:40 . 2010-05-12 19:40   499712   ----a-w-   c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-32a9d2ef-n\jmc.dll
2010-05-12 19:40 . 2010-05-12 19:40   348160   ----a-w-   c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-32a9d2ef-n\msvcr71.dll
2010-05-12 19:39 . 2010-05-12 19:39   411368   ----a-w-   c:\windows\system32\deployJava1.dll
2010-05-12 19:24 . 2010-05-12 19:24   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-05-12 19:24 . 2010-04-29 20:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-12 19:24 . 2010-05-12 19:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-12 19:24 . 2010-05-12 19:24   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-05-12 19:24 . 2010-04-29 20:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-05-12 18:28 . 2010-05-12 18:28   63488   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-12 18:28 . 2010-05-12 18:28   52224   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-05-12 18:28 . 2010-05-12 18:28   117760   ----a-w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-12 18:27 . 2010-05-12 18:27   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-12 18:26 . 2010-05-12 18:26   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-05-12 18:26 . 2010-05-12 18:26   --------   d-----w-   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-05-12 18:26 . 2010-05-12 18:26   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-13 01:08 . 2010-03-09 00:08   36352   ----a-w-   c:\windows\system32\drivers\AmdK8.sys
2010-05-12 19:41 . 2010-03-09 00:42   --------   d-----w-   c:\program files\Java
2010-05-12 18:22 . 2010-03-10 13:59   --------   d-----w-   c:\program files\CCleaner
2010-05-12 18:19 . 2010-04-11 00:37   --------   d-----w-   c:\documents and settings\All Users\Application Data\OnlineArmor
2010-04-11 00:37 . 2010-04-11 00:37   --------   d-----w-   c:\documents and settings\Administrator\Application Data\OnlineArmor
2010-04-11 00:36 . 2010-04-11 00:36   --------   d-----w-   c:\program files\Tall Emu
2010-04-11 00:24 . 2010-03-24 22:59   --------   d-----w-   c:\documents and settings\All Users\Application Data\DivX
2010-04-11 00:23 . 2010-03-24 23:01   --------   d-----w-   c:\program files\DivX
2010-04-10 18:11 . 2010-04-10 18:11   25552   ----a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-10 18:00 . 2010-04-10 18:00   --------   d-----w-   c:\program files\Common Files\Adobe
2010-04-07 20:43 . 2010-04-07 20:43   136   ----a-w-   c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2010-03-22 16:36 . 2010-03-24 23:03   986904   ----a-w-   c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-03-13 10:39 . 2010-04-11 00:36   24440   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2010-03-13 10:38 . 2010-04-11 00:36   29560   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2010-03-13 10:38 . 2010-04-11 00:36   226680   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2010-03-10 13:47 . 2010-03-10 13:47   0   ----a-w-   c:\windows\nsreg.dat
2010-03-09 01:21 . 2010-03-08 23:45   92991   ----a-w-   c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-08 23:42 . 2010-03-08 23:42   21640   ----a-w-   c:\windows\system32\emptyregdb.dat
2010-02-25 06:24 . 2004-08-10 12:00   916480   ----a-w-   c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-18 729178]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-28 344064]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-10-13 278528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-09 98304]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 409600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2010-03-13 6658552]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2010-03-13 925688]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [3/8/2010 8:40 PM 114768]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [4/10/2010 7:36 PM 226680]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [4/10/2010 7:36 PM 24440]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [4/10/2010 7:36 PM 29560]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 68168]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/8/2010 8:40 PM 20560]
R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [4/10/2010 7:36 PM 1284600]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [3/8/2010 7:10 PM 231424]
S2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [4/10/2010 7:36 PM 3360760]
.
.
------- Supplementary Scan -------
.
uStart Page = google.com
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\i576uv4j.default\
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-13 09:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?

?-??|H?

?? ???B?

???hLC?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-583907252-602162358-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bc,30,6b,c0,74,0b,db,4d,87,20,b9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bc,30,6b,c0,74,0b,db,4d,87,20,b9,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(472)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2984)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-05-13 09:12:03
ComboFix-quarantined-files.txt 2010-05-13 14:12

Pre-Run: 68,984,107,008 bytes free
Post-Run: 68,955,639,808 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 96D9511B2D0755CAFD8AD53EA9BBCE68

Dr Jay · « **Reply #3 on:** May 13, 2010, 11:30:48 AM »

Quote

2010-05-13 13:55 . 2010-05-13 13:55 -------- d-----w- c:\windows\LastGood

I see. Did you use the Last Known Good Configuration option today?

===========

We need to do some diagnostics.

1. Please download Profiles by noahdfear.

Save it to your desktop.
Double-click profiles.exe and post its log when you reply

2. Download Win32kDiag by ad13 and save it to your Desktop.

Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.

3. In your next reply, please post the following logs for my review:

Profiles log (1)
Win32kDiag log (2)

Thanks! :)

mtwheezer · « **Reply #4 on:** May 14, 2010, 07:48:01 AM »

Quote from: DragonMaster Jay on May 13, 2010, 11:30:48 AM

I see. Did you use the Last Known Good Configuration option today?

Hi,
All I did was turn the machine back on in the morning and do the next step you asked. Nothing more.

Here are the next logs you asked for.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-583907252-602162358-839522115-500
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administrator

SystemRoot REG_SZ C:\WINDOWS

*********************************************************************************
Running from: C:\Documents and Settings\Administrator\My Documents\Downloads\Win32kDiag.exe

Log file at : C:\Documents and Settings\Administrator\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Finished!

Thanks!
Mary

Dr Jay · « **Reply #5 on:** May 14, 2010, 10:27:10 PM »

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

mtwheezer · « **Reply #6 on:** May 15, 2010, 06:03:29 PM »

Here you go. Avast found a virus while I was waiting for this scan to complete. I sent it to the chest.
Thanks again for helping me out.
Mary

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4104

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/15/2010 7:06:23 PM
mbam-log-2010-05-15 (19-06-23).txt

Scan type: Quick scan
Objects scanned: 113620
Time elapsed: 8 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Dr Jay · « **Reply #7 on:** May 16, 2010, 10:01:09 PM »

Please download SpiderKill by DragonMaster Jay and save it to your Desktop.

Right-click on SpiderKill.zip and click Extract All. Follow the prompts and read carefully, to save it to your Desktop.
Double-click on the SpiderKill folder, and then double-click on SpiderKill.bat and follow all the prompts in the program.
Within a minute, it will save its log titled SpiderKill.txt. Please post that in your next reply. You may have to use two or three posts to be able to fit the information in.

mtwheezer · « **Reply #8 on:** May 17, 2010, 10:40:54 AM »

SpiderKill by DragonMaster Jay

Microsoft Windows XP [Version 5.1.2600]

********************Drivers list********************

Volume in drive C has no label.
Volume Serial Number is 700B-9862

Directory of C:\Windows\System32\Drivers

05/15/2010 07:02 PM <DIR> .
05/15/2010 07:02 PM <DIR> ..
04/14/2008 01:16 AM 53,376 1394bus.sys
11/24/2009 06:47 PM 27,408 aavmker4.sys
04/14/2008 01:06 AM 187,776 acpi.sys
08/10/2004 07:00 AM 11,648 acpiec.sys
04/14/2008 06:41 AM 4,255 adv01nt5.dll
04/14/2008 06:41 AM 3,967 adv02nt5.dll
04/14/2008 06:41 AM 3,615 adv05nt5.dll
04/14/2008 06:41 AM 3,647 adv07nt5.dll
04/14/2008 06:41 AM 3,135 adv08nt5.dll
04/14/2008 06:41 AM 3,711 adv09nt5.dll
04/14/2008 06:41 AM 3,775 adv11nt5.dll
04/13/2008 11:09 PM 142,592 aec.sys
08/14/2008 05:04 AM 138,496 afd.sys
04/14/2008 01:06 AM 42,368 agp440.sys
04/14/2008 01:06 AM 44,928 agpcpq.sys
04/14/2008 01:06 AM 42,752 alim1541.sys
04/14/2008 01:06 AM 43,008 amdagp.sys
04/14/2008 01:01 AM 37,376 amdk6.sys
04/14/2008 01:01 AM 37,760 amdk7.sys
04/14/2008 01:21 AM 60,800 arp1394.sys
11/24/2009 06:50 PM 20,560 aswFsBlk.sys
11/24/2009 06:51 PM 93,424 aswmon.sys
11/24/2009 06:50 PM 94,160 aswmon2.sys
11/24/2009 06:48 PM 23,120 aswRdr.sys
11/24/2009 06:50 PM 114,768 aswSP.sys
11/24/2009 06:49 PM 48,560 aswTdi.sys
04/14/2008 01:27 AM 14,336 asyncmac.sys
04/14/2008 01:10 AM 96,512 atapi.sys
04/13/2008 11:04 PM 56,623 ati1btxx.sys
04/13/2008 11:04 PM 11,615 ati1mdxx.sys
04/13/2008 11:04 PM 12,047 ati1pdxx.sys
04/13/2008 11:04 PM 30,671 ati1raxx.sys
04/13/2008 11:04 PM 63,663 ati1rvxx.sys
04/13/2008 11:04 PM 26,367 ati1snxx.sys
04/13/2008 11:04 PM 21,343 ati1ttxx.sys
04/13/2008 11:04 PM 36,463 ati1tuxx.sys
04/13/2008 11:04 PM 29,455 ati1xbxx.sys
04/13/2008 11:04 PM 34,735 ati1xsxx.sys
09/27/2005 04:51 PM 40,960 ati2erec.dll
04/13/2008 11:04 PM 327,040 ati2mtaa.sys
09/27/2005 05:46 PM 1,345,536 ati2mtag.sys
04/13/2008 11:04 PM 57,856 atinbtxx.sys
04/13/2008 11:04 PM 13,824 atinmdxx.sys
04/13/2008 11:04 PM 14,336 atinpdxx.sys
04/13/2008 11:04 PM 52,224 atinraxx.sys
04/13/2008 11:04 PM 104,960 atinrvxx.sys
04/13/2008 11:04 PM 28,672 atinsnxx.sys
04/13/2008 11:04 PM 13,824 atinttxx.sys
04/13/2008 11:04 PM 73,216 atintuxx.sys
04/13/2008 11:04 PM 31,744 atinxbxx.sys
04/13/2008 11:04 PM 63,488 atinxsxx.sys
09/01/2005 07:51 AM 524,850 ativcaxx.cpa
09/01/2005 07:51 AM 929 ativcaxx.vp
06/08/2005 10:45 AM 58,560 ativckxx.vp
12/29/2006 09:21 PM 64,352 ativmc20.cod
09/27/2005 08:43 PM 24,000 ativvpxx.vp
04/14/2008 01:21 AM 59,904 atmarpc.sys
08/10/2004 07:00 AM 31,360 atmepvc.sys
04/14/2008 01:21 AM 55,808 atmlane.sys
08/10/2004 07:00 AM 352,256 atmuni.sys
04/14/2008 06:41 AM 21,183 atv01nt5.dll
04/14/2008 06:41 AM 11,359 atv02nt5.dll
04/14/2008 06:41 AM 25,471 atv04nt5.dll
04/14/2008 06:41 AM 14,143 atv06nt5.dll
04/14/2008 06:41 AM 17,279 atv10nt5.dll
08/17/2001 08:59 AM 3,072 audstub.sys
04/14/2008 01:06 AM 14,208 battc.sys
08/11/2005 08:47 PM 376,320 BCMWL5.SYS
08/10/2004 07:00 AM 4,224 beep.sys
04/14/2008 01:23 AM 71,552 bridge.sys
04/14/2008 01:16 AM 17,024 bthenum.sys
04/14/2008 01:16 AM 37,888 bthmodem.sys
04/14/2008 01:21 AM 101,120 bthpan.sys
06/13/2008 06:05 AM 272,128 bthport.sys
04/14/2008 01:16 AM 36,480 bthprint.sys
04/14/2008 01:16 AM 18,944 bthusb.sys
08/02/2005 05:58 AM 38,016 camc6aud.sys
08/02/2005 06:00 AM 349,312 camc6hal.sys
08/10/2004 07:00 AM 13,952 cbidf2k.sys
08/10/2004 07:00 AM 18,688 cdaudio.sys
04/14/2008 01:44 AM 63,744 cdfs.sys
04/14/2008 01:10 AM 62,976 cdrom.sys
04/14/2008 06:41 AM 15,423 ch7xxnt5.dll
08/10/2004 07:00 AM 262,528 cinemst2.sys
04/14/2008 01:46 AM 49,536 classpnp.sys
04/14/2008 01:06 AM 13,952 cmbatt.sys
04/14/2008 01:06 AM 10,240 compbatt.sys
08/10/2004 07:00 AM 11,776 cpqdap01.sys
04/14/2008 01:01 AM 36,736 crusoe.sys
04/02/2007 10:36 PM 129,045 cxthsfs2.cty
03/08/2010 05:28 AM <DIR> disdn
04/14/2008 01:10 AM 36,352 disk.sys
04/14/2008 01:10 AM 14,208 diskdump.sys
04/14/2008 01:14 AM 799,744 dmboot.sys
04/14/2008 01:14 AM 153,344 dmio.sys
08/10/2004 07:00 AM 5,888 dmload.sys
04/14/2008 01:15 AM 52,864 dmusic.sys
04/14/2008 01:15 AM 60,160 drmk.sys
04/14/2008 01:15 AM 2,944 drmkaud.sys
08/10/2004 07:00 AM 10,496 dxapi.sys
04/14/2008 01:08 AM 71,168 dxg.sys
08/10/2004 07:00 AM 3,328 dxgthk.sys
05/05/2005 11:04 AM 7,936 eabfiltr.sys
05/05/2005 11:04 AM 5,760 EabUsb.sys
08/17/2001 08:46 AM 6,400 enum1394.sys
04/10/2010 07:37 PM <DIR> etc
04/14/2008 01:44 AM 143,744 fastfat.sys
04/14/2008 01:10 AM 27,392 fdc.sys
04/14/2008 01:03 AM 44,544 fips.sys
04/14/2008 01:10 AM 20,480 flpydisk.sys
04/14/2008 01:03 AM 129,792 fltmgr.sys
08/10/2004 07:00 AM 12,160 fsvga.sys
08/10/2004 07:00 AM 7,936 fs_rec.sys
08/10/2004 07:00 AM 125,056 ftdisk.sys
04/14/2008 01:06 AM 46,464 gagp30kx.sys
09/14/2004 03:38 PM 13,872 GEARAspiWDM.sys
08/10/2004 07:00 AM 3,440,660 gm.dls
08/10/2004 07:00 AM 646 gmreadme.txt
04/13/2008 11:06 PM 144,384 hdaudbus.sys
08/12/2004 06:45 PM 113,664 Hdaudio.sys
04/14/2008 01:16 AM 25,600 hidbth.sys
04/14/2008 01:15 AM 36,864 hidclass.sys
04/14/2008 01:15 AM 19,200 hidir.sys
04/14/2008 01:15 AM 24,960 hidparse.sys
04/14/2008 01:15 AM 10,368 hidusb.sys
04/14/2008 12:53 AM 220,032 hsfbs2s2.sys
04/14/2008 12:53 AM 685,056 hsfcxts2.sys
04/14/2008 12:53 AM 1,041,536 hsfdpsp2.sys
08/22/2005 05:06 AM 231,424 HSFHWATI.sys
08/18/2005 01:13 AM 133,528 HSFProf.cty
08/22/2005 05:06 AM 718,464 HSF_CNXT.sys
08/22/2005 05:06 AM 1,035,008 HSF_DP.sys
10/20/2009 11:20 AM 265,728 http.sys
04/14/2008 01:48 AM 52,480 i8042prt.sys
04/14/2008 01:11 AM 42,112 imapi.sys
04/14/2008 01:01 AM 36,352 intelppm.sys
04/14/2008 01:23 AM 36,608 ip6fw.sys
08/10/2004 07:00 AM 32,896 ipfltdrv.sys
04/14/2008 01:27 AM 20,864 ipinip.sys
04/14/2008 01:27 AM 152,832 ipnat.sys
04/14/2008 01:49 AM 75,264 ipsec.sys
04/14/2008 01:15 AM 46,592 irbus.sys
04/14/2008 01:24 AM 11,264 irenum.sys
04/14/2008 01:06 AM 37,248 isapnp.sys
04/14/2008 01:09 AM 24,576 kbdclass.sys
04/14/2008 01:15 AM 172,416 kmixer.sys
04/14/2008 01:46 AM 141,056 ks.sys
06/24/2009 06:18 AM 92,928 ksecdd.sys
04/29/2010 03:39 PM 20,952 mbam.sys
04/29/2010 03:39 PM 38,224 mbamswissarmy.sys
08/10/2004 07:00 AM 7,680 mcd.sys
03/16/2004 10:04 PM 13,059 mdmxsdk.sys
04/14/2008 01:06 AM 63,744 mf.sys
08/10/2004 04:45 AM 11,008 mhndrv.sys
08/10/2004 07:00 AM 4,224 mnmdd.sys
04/14/2008 01:30 AM 30,080 modem.sys
04/14/2008 01:09 AM 23,040 mouclass.sys
08/17/2001 02:48 PM 12,160 mouhid.sys
04/14/2008 01:09 AM 42,368 mountmgr.sys
04/14/2008 01:09 AM 92,544 mqac.sys
04/14/2008 01:02 AM 180,608 mrxdav.sys
02/24/2010 08:11 AM 455,680 mrxsmb.sys
04/14/2008 01:02 AM 19,072 msfs.sys
04/14/2008 01:26 AM 35,072 msgpc.sys
04/14/2008 01:09 AM 7,552 mskssrv.sys
04/14/2008 01:09 AM 5,376 mspclock.sys
04/14/2008 01:09 AM 4,992 mspqm.sys
04/14/2008 01:06 AM 15,488 mssmbios.sys
04/14/2008 12:53 AM 126,686 mtlmnt5.sys
04/14/2008 12:53 AM 1,309,184 mtlstrm.sys
04/13/2008 11:04 PM 452,736 mtxparhm.sys
04/14/2008 01:47 AM 105,344 mup.sys
04/14/2008 01:13 AM 12,672 mutohpen.sys
04/14/2008 01:50 AM 182,656 ndis.sys
04/14/2008 01:27 AM 10,112 ndistapi.sys
04/14/2008 01:26 AM 14,592 ndisuio.sys
04/14/2008 01:50 AM 91,520 ndiswan.sys
04/14/2008 01:27 AM 40,576 ndproxy.sys
04/14/2008 01:26 AM 34,688 netbios.sys
04/14/2008 01:51 AM 162,816 netbt.sys
12/29/2006 09:02 PM 67,866 netwlan5.img
04/14/2008 01:21 AM 61,824 nic1394.sys
08/10/2004 07:00 AM 12,032 nikedrv.sys
04/14/2008 01:23 AM 40,320 nmnt.sys
04/14/2008 01:02 AM 30,848 npfs.sys
04/14/2008 01:45 AM 574,976 ntfs.sys
04/14/2008 12:53 AM 180,360 ntmtlfax.sys
08/10/2004 07:00 AM 2,944 null.sys
04/13/2008 11:04 PM 1,897,408 nv4_mini.sys
08/10/2004 07:00 AM 12,416 nwlnkflt.sys
08/10/2004 07:00 AM 32,512 nwlnkfwd.sys
04/14/2008 01:26 AM 88,320 nwlnkipx.sys
08/10/2004 07:00 AM 63,232 nwlnknb.sys
08/10/2004 07:00 AM 55,936 nwlnkspx.sys
04/14/2008 01:04 AM 163,584 nwrdr.sys
03/13/2010 05:38 AM 226,680 OADriver.sys
03/13/2010 05:39 AM 24,440 OAmon.sys
03/13/2010 05:38 AM 29,560 OAnet.sys
04/14/2008 01:16 AM 61,696 ohci1394.sys
08/10/2004 07:00 AM 3,456 oprghdlr.sys
04/14/2008 01:01 AM 42,752 p3.sys
04/14/2008 01:10 AM 80,128 parport.sys
04/14/2008 01:10 AM 19,712 partmgr.sys
08/10/2004 07:00 AM 6,784 parvdm.sys
04/14/2008 01:06 AM 68,224 pci.sys
08/10/2004 07:00 AM 3,328 pciide.sys
04/14/2008 01:10 AM 24,960 pciidex.sys
04/14/2008 01:06 AM 120,192 pcmcia.sys
04/14/2008 01:49 AM 146,048 portcls.sys
04/14/2008 01:01 AM 35,840 processr.sys
04/14/2008 01:26 AM 69,120 psched.sys
08/10/2004 07:00 AM 17,792 ptilink.sys
04/25/2005 03:03 AM 20,640 pxhelp20.sys
08/10/2004 07:00 AM 8,832 rasacd.sys
04/14/2008 01:49 AM 51,328 rasl2tp.sys
04/14/2008 01:27 AM 41,472 raspppoe.sys
04/14/2008 01:49 AM 48,384 raspptp.sys
08/10/2004 07:00 AM 16,512 raspti.sys
08/10/2004 07:00 AM 34,432 rawwan.sys
04/14/2008 01:58 AM 175,744 rdbss.sys
08/10/2004 07:00 AM 4,224 rdpcdd.sys
04/14/2008 01:02 AM 196,224 rdpdr.sys
04/14/2008 06:43 AM 139,656 rdpwd.sys
04/14/2008 12:53 AM 13,776 recagent.sys
04/14/2008 01:10 AM 57,600 redbook.sys
04/14/2008 01:16 AM 59,136 rfcomm.sys
08/10/2004 07:00 AM 12,032 rio8drv.sys
08/10/2004 07:00 AM 12,032 riodrv.sys
05/08/2008 09:02 AM 203,136 rmcast.sys
04/14/2008 01:26 AM 30,592 rndismp.sys
04/14/2008 01:26 AM 30,592 rndismpx.sys
08/10/2004 07:00 AM 5,888 rootmdm.sys
08/03/2004 05:31 PM 20,992 RTL8139.sys
06/19/2005 01:18 PM 74,496 Rtlnicxp.sys
04/13/2008 11:04 PM 166,912 s3gnbm.sys
04/14/2008 01:10 AM 96,384 scsiport.sys
04/14/2008 01:06 AM 79,232 sdbus.sys
04/13/2008 11:09 PM 20,480 secdrv.sys
04/14/2008 01:10 AM 15,744 serenum.sys
04/14/2008 01:45 AM 64,512 serial.sys
04/14/2008 01:10 AM 11,904 sffdisk.sys
04/14/2008 01:10 AM 10,240 sffp_mmc.sys
04/14/2008 01:10 AM 11,008 sffp_sd.sys
04/14/2008 01:10 AM 11,392 sfloppy.sys
04/14/2008 06:42 AM 3,901 siint5.dll
04/14/2008 01:06 AM 40,960 sisagp.sys
04/14/2008 12:53 AM 129,535 slnt7554.sys
04/14/2008 12:53 AM 404,990 slntamr.sys
04/14/2008 12:53 AM 95,424 slnthal.sys
04/14/2008 12:53 AM 13,240 slwdmsup.sys
04/14/2008 01:06 AM 5,888 smbali.sys
08/10/2004 07:00 AM 14,592 smclib.sys
04/14/2008 01:16 AM 25,344 sonydcam.sys
04/14/2008 01:15 AM 6,272 splitter.sys
04/14/2008 01:06 AM 73,472 sr.sys
12/31/2009 11:50 AM 353,792 srv.sys
04/14/2008 01:15 AM 49,408 stream.sys
04/14/2008 01:09 AM 4,352 swenum.sys
04/14/2008 01:15 AM 56,576 swmidi.sys
06/18/2005 11:33 AM 190,400 SynTP.sys
04/14/2008 01:45 AM 60,800 sysaudio.sys
04/14/2008 01:10 AM 14,976 tape.sys
06/20/2008 06:51 AM 361,600 tcpip.sys
02/11/2010 07:02 AM 226,880 tcpip6.sys
04/14/2008 01:30 AM 19,072 tdi.sys
04/14/2008 06:43 AM 12,040 tdpipe.sys
04/14/2008 06:43 AM 21,896 tdtcp.sys
04/14/2008 06:43 AM 40,840 termdd.sys
06/22/2005 02:16 PM 162,176 tifm21.sys
08/10/2004 07:00 AM 51,712 tosdvd.sys
08/10/2004 07:00 AM 21,376 tsbvcap.sys
04/14/2008 01:26 AM 12,288 tunmp.sys
04/14/2008 01:06 AM 44,672 uagp35.sys
04/14/2008 01:02 AM 66,048 udfs.sys
04/14/2008 01:09 AM 384,768 update.sys
04/14/2008 01:26 AM 12,800 usb8023.sys
04/14/2008 01:26 AM 12,800 usb8023x.sys
04/14/2008 01:15 AM 25,600 usbcamd.sys
04/14/2008 01:15 AM 25,728 usbcamd2.sys
08/10/2004 07:00 AM 4,736 usbd.sys
04/14/2008 01:15 AM 30,208 usbehci.sys
04/14/2008 01:15 AM 59,520 usbhub.sys
04/14/2008 01:15 AM 15,872 usbintel.sys
04/14/2008 01:15 AM 17,152 usbohci.sys
04/14/2008 01:15 AM 143,872 usbport.sys
04/14/2008 01:15 AM 26,368 usbstor.sys
04/14/2008 01:16 AM 121,984 usbvideo.sys
04/14/2008 06:42 AM 11,325 vchnt5.dll
08/10/2004 07:00 AM 58,112 vdmindvd.sys
04/14/2008 01:14 AM 20,992 vga.sys
04/14/2008 01:06 AM 42,240 viaagp.sys
04/14/2008 01:14 AM 81,664 videoprt.sys
04/14/2008 01:11 AM 52,352 volsnap.sys
04/14/2008 01:13 AM 14,208 wacompen.sys
04/13/2008 11:04 PM 11,807 wadv07nt.sys
04/13/2008 11:04 PM 11,295 wadv08nt.sys
04/13/2008 11:04 PM 11,871 wadv09nt.sys
04/13/2008 11:04 PM 11,935 wadv11nt.sys
04/14/2008 01:27 AM 34,560 wanarp.sys
04/13/2008 11:04 PM 22,271 watv06nt.sys
04/13/2008 11:04 PM 25,471 watv10nt.sys
04/14/2008 01:47 AM 83,072 wdmaud.sys
04/14/2008 01:06 AM 8,832 wmiacpi.sys
08/10/2004 07:00 AM 4,352 wmilib.sys
08/03/2005 07:29 PM 18,944 wpdusb.sys
08/10/2004 07:00 AM 12,032 ws2ifsl.sys
304 File(s) 31,748,063 bytes

mtwheezer · « **Reply #9 on:** May 17, 2010, 10:41:59 AM »

part 2:

Directory of C:\Windows\System32\Drivers\disdn

03/08/2010 05:28 AM <DIR> .
03/08/2010 05:28 AM <DIR> ..
0 File(s) 0 bytes

Directory of C:\Windows\System32\Drivers\etc

04/10/2010 07:37 PM <DIR> .
04/10/2010 07:37 PM <DIR> ..
08/10/2004 07:00 AM 734 hosts
04/10/2010 07:37 PM 44 hosts.idx
08/10/2004 07:00 AM 3,683 lmhosts.sam
08/10/2004 07:00 AM 407 networks
08/10/2004 07:00 AM 799 protocol
08/10/2004 07:00 AM 7,116 services
6 File(s) 12,783 bytes

Total Files Listed:
310 File(s) 31,760,846 bytes
8 Dir(s) 68,874,387,456 bytes free

***********************Hidden Drivers********************
Volume in drive C has no label.
Volume Serial Number is 700B-9862

Directory of C:\Windows\System32\Drivers

03/08/2010 07:18 PM 1,615 103C_HP_NTBK_Pavilion dv8000 (EP410UA#ABA)_YN_0Pavi_QCND601069V_EU_46_I309B_SHP_V 49.25_BF.22_T051107_WXP2_L409_M767_J80_ 7AMD_8Turion 64 Technology ML-32_91.79_#100308_N10EC8139_(EP410UA#ABA)_XMOBILE_CN10_Z10024378.MRK
1 File(s) 1,615 bytes
0 Dir(s) 68,874,399,744 bytes free

*********************Processes*******************

PROCESS PID PRIO PATH
smss.exe 384 Normal C:\WINDOWS\System32\smss.exe
csrss.exe 436 Normal C:\WINDOWS\system32\csrss.exe
winlogon.exe 464 High C:\WINDOWS\system32\winlogon.exe
services.exe 508 Normal C:\WINDOWS\system32\services.exe
lsass.exe 520 Normal C:\WINDOWS\system32\lsass.exe
Ati2evxx.exe 676 Normal C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe 692 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 756 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 800 Normal C:\WINDOWS\System32\svchost.exe
svchost.exe 864 Normal C:\WINDOWS\system32\svchost.exe
svchost.exe 1012 Normal C:\WINDOWS\system32\svchost.exe
Ati2evxx.exe 1104 Normal C:\WINDOWS\system32\Ati2evxx.exe
Explorer.EXE 1164 Normal C:\WINDOWS\Explorer.EXE
OAcat.exe 1336 Normal C:\Program Files\Tall Emu\Online Armor\OAcat.exe
oasrv.exe 1392 High C:\Program Files\Tall Emu\Online Armor\oasrv.exe
aswUpdSv.exe 1568 Normal C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
ashServ.exe 1616 High C:\Program Files\Alwil Software\Avast4\ashServ.exe
spoolsv.exe 196 Normal C:\WINDOWS\system32\spoolsv.exe
svchost.exe 1324 Normal C:\WINDOWS\system32\svchost.exe
ehRecvr.exe 1664 Above Normal C:\WINDOWS\eHome\ehRecvr.exe
ehSched.exe 1724 Normal C:\WINDOWS\eHome\ehSched.exe
jqs.exe 1872 Idle C:\Program Files\Java\jre6\bin\jqs.exe
LSSrvc.exe 292 Normal C:\Program Files\Common Files\LightScribe\LSSrvc.exe
svchost.exe 1512 Normal C:\WINDOWS\system32\svchost.exe
mcrdsvc.exe 2056 Normal C:\WINDOWS\ehome\mcrdsvc.exe
ashMaiSv.exe 2400 Normal C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
wmiprvse.exe 2548 Normal C:\WINDOWS\system32\wbem\wmiprvse.exe
ashWebSv.exe 2660 Normal C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
dllhost.exe 2768 Normal C:\WINDOWS\system32\dllhost.exe
alg.exe 3052 Normal C:\WINDOWS\System32\alg.exe
ehtray.exe 3256 Normal C:\WINDOWS\ehome\ehtray.exe
SynTPEnh.exe 3300 Normal C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
atiptaxx.exe 3336 Normal C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
HPWuSchd2.exe 3448 Normal C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
iTunesHelper.exe 3504 Normal C:\Program Files\iTunes\iTunesHelper.exe
qttask.exe 3608 Normal C:\Program Files\QuickTime\qttask.exe
EabServr.exe 3688 Normal C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
jusched.exe 3756 Normal C:\Program Files\Common Files\Java\Java Update\jusched.exe
ehmsas.exe 3764 Normal C:\WINDOWS\eHome\ehmsas.exe
svchost.exe 3868 Normal C:\WINDOWS\System32\svchost.exe
HP Wireless Assistant.exe 3924 Normal C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
lsburnwatcher.exe 3968 Normal C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
ashDisp.exe 4052 Normal C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
oaui.exe 900 Normal C:\Program Files\Tall Emu\Online Armor\oaui.exe
iPodService.exe 1800 Normal C:\Program Files\iPod\bin\iPodService.exe
hpqwmi.exe 3080 Normal C:\Program Files\HPQ\shared\hpqwmi.exe
OAhlp.exe 3228 Normal C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
firefox.exe 3476 Normal C:\Program Files\Mozilla Firefox\firefox.exe
cmd.exe 3644 Normal C:\WINDOWS\system32\cmd.exe
processes.exe 2224 Normal C:\Documents and Settings\Administrator\Desktop\spiderkill\processes.exe

*********************Modules of explorer.exe and svchost.exe*******************
Module information for 'Explorer.EXE'(1164)
MODULE BASE SIZE PATH
Explorer.EXE 1000000 1044480 C:\WINDOWS\Explorer.EXE 6.00.2900.5512 (xpsp.080413-2105) Windows Explorer
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINDOWS\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.5795 (xpsp_sp3_gdr.090415-1241) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
BROWSEUI.dll 75f80000 1036288 C:\WINDOWS\system32\BROWSEUI.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
GDI32.dll 77f10000 299008 C:\WINDOWS\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
USER32.dll 7e410000 593920 C:\WINDOWS\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft OLE for Windows
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.5912 (xpsp_sp3_gdr.091207-1454) Shell Light-weight Utility Library
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.5512 5.1.2600.5512
SHDOCVW.dll 7e290000 1519616 C:\WINDOWS\system32\SHDOCVW.dll 6.00.2900.5921 (xpsp_sp3_gdr.091221-1718) Shell Doc Object and Control Library
CRYPT32.dll 77a80000 610304 C:\WINDOWS\system32\CRYPT32.dll 5.131.2600.5512 (xpsp.080413-2113) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\system32\MSASN1.dll 5.1.2600.5875 (xpsp_sp3_gdr.090904-1413) ASN.1 Runtime APIs
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\system32\CRYPTUI.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust UI Provider
NETAPI32.dll 5b860000 348160 C:\WINDOWS\system32\NETAPI32.dll 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312) Net Win32 API DLL
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
WININET.dll 3d930000 942080 C:\WINDOWS\system32\WININET.dll 8.00.6001.18904 (longhorn_ie8_gdr.100222-1700) Internet Extensions for Win32
Normaliz.dll 400000 36864 C:\WINDOWS\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
urlmon.dll 78130000 1257472 C:\WINDOWS\system32\urlmon.dll 8.00.6001.18904 (longhorn_ie8_gdr.100222-1700) OLE32 Extensions for Win32
iertutil.dll 3dfd0000 1998848 C:\WINDOWS\system32\iertutil.dll 8.00.6001.18904 (longhorn_ie8_gdr.100222-1700) Run time utility for Internet Explorer
WINTRUST.dll 76c30000 188416 C:\WINDOWS\system32\WINTRUST.dll 5.131.2600.5922 (xpsp_sp3_gdr.091223-1907) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.5512 (xpsp.080413-2105) Windows NT Image Helper
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319) Windows Shell Common Dll
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.5512 (xpsp.080413-0845) MCI API DLL
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
USERENV.dll 769c0000 737280 C:\WINDOWS\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 6.0 (xpsp.080413-2105) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.080413-2105) Common Controls Library
msctfime.ime 755c0000 188416 C:\WINDOWS\system32\msctfime.ime 5.1.2600.5512 (xpsp.080413-2105) Microsoft Text Frame Work Service IME
appHelp.dll 77b40000 139264 C:\WINDOWS\system32\appHelp.dll 5.1.2600.5512 (xpsp.080413-2105) Application Compatibility Client Library
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
cscui.dll 77a20000 344064 C:\WINDOWS\System32\cscui.dll 5.1.2600.5512 (xpsp.080413-2105) Client Side Caching UI
CSCDLL.dll 76600000 118784 C:\WINDOWS\System32\CSCDLL.dll 5.1.2600.5512 (xpsp.080413-2111) Offline Network Agent
themeui.dll 5ba60000 462848 C:\WINDOWS\system32\themeui.dll 6.00.2900.5512 (xpsp.080413-2105) Windows Theme API
MSIMG32.dll 76380000 20480 C:\WINDOWS\system32\MSIMG32.dll 5.1.2600.5512 (xpsp.080413-2105) GDIEXT Client DLL
xpsp2res.dll 13f0000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
OAwatch.dll 1890000 966656 C:\Program Files\Tall Emu\Online Armor\OAwatch.dll 4.0.0.35 Online Armor Component
wsock32.dll 71ad0000 36864 C:\WINDOWS\system32\wsock32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 32-Bit DLL
WS2_32.dll 71ab0000 94208 C:\WINDOWS\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
IPHLPAPI.DLL 76d60000 102400 C:\WINDOWS\system32\IPHLPAPI.DLL 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
wtsapi32.dll 76f50000 32768 C:\WINDOWS\system32\wtsapi32.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Terminal Server SDK APIs
WINSTA.dll 76360000 65536 C:\WINDOWS\system32\WINSTA.dll 5.1.2600.5512 (xpsp.080413-2111) Winstation Library
actxprxy.dll 71d40000 110592 C:\WINDOWS\system32\actxprxy.dll 6.00.2900.5512 (xpsp.080413-2113) ActiveX Interface Marshaling Library
msutb.dll 5fc10000 208896 C:\WINDOWS\system32\msutb.dll 5.1.2600.5512 (xpsp.080413-2105) MSUTB Server DLL
MSCTF.dll 74720000 311296 C:\WINDOWS\system32\MSCTF.dll 5.1.2600.5512 (xpsp.080413-2105) MSCTF Server DLL
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
ntshrui.dll 76990000 151552 C:\WINDOWS\system32\ntshrui.dll 5.1.2600.5512 (xpsp.080413-2105) Shell extensions for sharing
ATL.DLL 76b20000 69632 C:\WINDOWS\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
SETUPAPI.dll 77920000 995328 C:\WINDOWS\system32\SETUPAPI.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Setup API
msi.dll 7d1e0000 2867200 C:\WINDOWS\system32\msi.dll 3.1.4001.5512 Windows Installer
ieframe.dll 3e1c0000 11087872 C:\WINDOWS\system32\ieframe.dll 8.00.6001.18904 (longhorn_ie8_gdr.100222-1700) Internet Explorer
NETSHELL.dll 76400000 1724416 C:\WINDOWS\system32\NETSHELL.dll 5.1.2600.5512 (xpsp.080413-0852) Network Connections Shell
credui.dll 76c00000 188416 C:\WINDOWS\system32\credui.dll 5.1.2600.5512 (xpsp.080413-2113) Credential Manager User Interface
dot3api.dll 478c0000 40960 C:\WINDOWS\system32\dot3api.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 Autoconfiguration API
rtutils.dll 76e80000 57344 C:\WINDOWS\system32\rtutils.dll 5.1.2600.5512 (xpsp.080413-0852) Routing Utilities
dot3dlg.dll 736d0000 24576 C:\WINDOWS\system32\dot3dlg.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 UI Helper
OneX.DLL 5dca0000 163840 C:\WINDOWS\system32\OneX.DLL 5.1.2600.5512 (xpsp.080413-0852) IEEE 802.1X supplicant library
eappcfg.dll 745b0000 139264 C:\WINDOWS\system32\eappcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Eap Peer Config
MSVCP60.dll 76080000 413696 C:\WINDOWS\system32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
eappprxy.dll 5dcd0000 57344 C:\WINDOWS\system32\eappprxy.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft EAPHost Peer Client DLL
webcheck.dll 2400000 249856 C:\WINDOWS\system32\webcheck.dll 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) Web Site Monitor
MLANG.dll 75cf0000 593920 C:\WINDOWS\system32\MLANG.dll 6.00.2900.5512 (xpsp.080413-2105) Multi Language Support DLL
stobject.dll 76280000 135168 C:\WINDOWS\system32\stobject.dll 5.1.2600.5512 (xpsp.080413-2105) Systray shell service object
BatMeter.dll 74af0000 40960 C:\WINDOWS\system32\BatMeter.dll 6.00.2900.5512 (xpsp.080413-2105) Battery Meter Helper DLL
POWRPROF.dll 74ad0000 32768 C:\WINDOWS\system32\POWRPROF.dll 6.00.2900.5512 (xpsp.080413-2105) Power Profile Helper DLL
wdmaud.drv 72d20000 36864 C:\WINDOWS\system32\wdmaud.drv 5.1.2600.5512 (xpsp.080413-2108) WDM Audio driver mapper
msacm32.drv 72d10000 32768 C:\WINDOWS\system32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft Sound Mapper
midimap.dll 77bd0000 28672 C:\WINDOWS\system32\midimap.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft MIDI Mapper
WZCSAPI.DLL 73030000 65536 C:\WINDOWS\system32\WZCSAPI.DLL 5.1.2600.5512 (xpsp.080413-0852) Wireless Zero Configuration service API
MPR.dll 71b20000 73728 C:\WINDOWS\system32\MPR.dll 5.1.2600.5512 (xpsp.080413-0852) Multiple Provider Router DLL
drprov.dll 75f60000 28672 C:\WINDOWS\System32\drprov.dll 5.1.2600.5512 (xpsp.080413-2111) Microsoft Terminal Server Network Provider
ntlanman.dll 71c10000 57344 C:\WINDOWS\System32\ntlanman.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft® Lan Manager
NETUI0.dll 71cd0000 94208 C:\WINDOWS\System32\NETUI0.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - GUI Classes
NETUI1.dll 71c90000 262144 C:\WINDOWS\System32\NETUI1.dll 5.1.2600.5512 (xpsp.080413-2108) NT LM UI Common Code - Networking classes
NETRAP.dll 71c80000 28672 C:\WINDOWS\System32\NETRAP.dll 5.1.2600.5512 (xpsp.080413-2113) Net Remote Admin Protocol DLL
davclnt.dll 75f70000 40960 C:\WINDOWS\System32\davclnt.dll 5.1.2600.5512 (xpsp.080413-2111) Web DAV Client DLL
LINKINFO.dll 76980000 32768 C:\WINDOWS\system32\LINKINFO.dll 5.1.2600.5512 (xpsp.080413-2105) Windows Volume Tracking
rsaenh.dll 68000000 221184 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
SXS.DLL 7e720000 720896 C:\WINDOWS\system32\SXS.DLL 5.1.2600.5512 (xpsp.080413-2111) Fusion 2.5
browselc.dll 71600000 73728 C:\WINDOWS\system32\browselc.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Browser UI Library
AcroIEHelper.dll 10000000 49152 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll 6.0.1.2003110300 Adobe Acrobat IE Helper Version 6.0 for ActivieX
msxml3.dll 74980000 1191936 C:\WINDOWS\system32\msxml3.dll 8.100.1051.0 MSXML 3.0 SP10
RASAPI32.dll 76ee0000 245760 C:\WINDOWS\system32\RASAPI32.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access API
rasman.dll 76e90000 73728 C:\WINDOWS\system32\rasman.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access Connection Manager
TAPI32.dll 76eb0000 192512 C:\WINDOWS\system32\TAPI32.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft® Windows(TM) Telephony API Client DLL
jscript.dll 3d7a0000 737280 C:\WINDOWS\system32\jscript.dll 5.8.6001.22960 Microsoft (R) JScript
msv1_0.dll 77c70000 151552 C:\WINDOWS\system32\msv1_0.dll 5.1.2600.5876 (xpsp_sp3_gdr.090909-1234) Microsoft Authentication Package v1.0
cryptdll.dll 76790000 49152 C:\WINDOWS\system32\cryptdll.dll 5.1.2600.5512 (xpsp.080413-2113) Cryptography Manager
sensapi.dll 722b0000 20480 C:\WINDOWS\system32\sensapi.dll 5.1.2600.5512 (xpsp.080413-2108) SENS Connectivity API DLL
mswsock.dll 71a50000 258048 C:\WINDOWS\System32\mswsock.dll 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) Microsoft Windows Sockets 2.0 Service Provider
DUSER.dll 6c1b0000 315392 C:\WINDOWS\system32\DUSER.dll 5.1.2600.5512 (xpsp.080413-2105) Windows DirectUser Engine
rasadhlp.dll 76fc0000 24576 C:\WINDOWS\system32\rasadhlp.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access AutoDial Helper
DNSAPI.dll 76f20000 159744 C:\WINDOWS\system32\DNSAPI.dll 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) DNS Client API DLL
hnetcfg.dll 662b0000 360448 C:\WINDOWS\system32\hnetcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Home Networking Configuration Manager
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Sockets Helper DLL
MSGINA.dll 75970000 1015808 C:\WINDOWS\system32\MSGINA.dll 5.1.2600.5512 (xpsp.080413-2113) Windows NT Logon GINA DLL
ODBC32.dll 74320000 249856 C:\WINDOWS\system32\ODBC32.dll 3.525.1132.0 (xpsp.080413-0852) Microsoft Data Access - ODBC Driver Manager
comdlg32.dll 763b0000 299008 C:\WINDOWS\system32\comdlg32.dll 6.00.2900.5512 (xpsp.080413-2105) Common Dialogs DLL
odbcint.dll 34d0000 94208 C:\WINDOWS\system32\odbcint.dll 3.525.1132.0 (xpsp.080413-0852) Microsoft Data Access - ODBC Resources
CPQINFO.DLL 34f0000 282624 C:\Program Files\HPQ\Quick Launch Buttons\CPQINFO.DLL 5, 20, 4, 2 Quick Launch Buttons
dfshim.dll 60510000 102400 C:\WINDOWS\system32\dfshim.dll 2.0.50727.3053 (netfxsp.050727-3000) Application Deployment Support Library
mscoree.dll 79000000 286720 C:\WINDOWS\system32\mscoree.dll 2.0.50727.3053 (netfxsp.050727-3000) Microsoft .NET Runtime Execution Engine
MSVCR80.dll 35b0000 634880 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll 8.00.50727.3053 Microsoft® C Runtime Library
mscorwks.dll 79e70000 5832704 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll 2.0.50727.3603 (GDR.050727-3600) Microsoft .NET Runtime Common Language Runtime - WorkStation
Shfusion.dll 641f0000 122880 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Shfusion.dll 2.0.50727.3053 (netfxsp.050727-3000) Microsoft COM Runtime Fusion Assembly Viewer
Fusion.dll 60610000 24576 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Fusion.dll 2.0.50727.3053 (netfxsp.050727-3000) Assembly manager
culture.dll 60340000 32768 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll 2.0.50727.3053 (netfxsp.050727-3000) Microsoft Globalization Support
ShFusRes.dll 64220000 98304 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll 2.0.50727.3053 (netfxsp.050727-3000) Microsoft COM Runtime Fusion Assembly Viewer Resources
mstask.dll 75830000 282624 C:\WINDOWS\system32\mstask.dll 5.1.2600.5512 (xpsp.080413-2108) Task Scheduler interface DLL
NTDSAPI.dll 767a0000 77824 C:\WINDOWS\system32\NTDSAPI.dll 5.1.2600.5512 (xpsp.080413-2113) NT5DS
oaevent.dll c10000 958464 C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll 4.0.0.35 Online Armor Component
SASSEH.DLL d70000 81920 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL 1, 0, 0, 1012 ShellExecuteHook
zipfldr.dll 73380000 356352 C:\WINDOWS\system32\zipfldr.dll 6.00.2900.5512 (xpsp.080413-2105) Compressed (zipped) Folders
NTMARTA.DLL 77690000 135168 C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.5512 (xpsp.080413-2113) Windows NT MARTA provider
SASCTXMN.DLL de0000 61440 C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL 1, 0, 0, 1004 SUPERAntiSpyware Context Menu Extension
mbamext.dll 1110000 98304 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 1.45 Malwarebytes' Anti-Malware
ashShell.dll 64f00000 73728 C:\Program Files\Alwil Software\Avast4\ashShell.dll 4, 8, 1367, 0 avast! Shell Extension
mydocs.dll 72410000 106496 C:\WINDOWS\system32\mydocs.dll 6.00.2900.5512 (xpsp.080413-2105) My Documents Folder UI
shdoclc.dll 71800000 557056 C:\WINDOWS\system32\shdoclc.dll 6.00.2900.5512 (xpsp.080413-2105) Shell Doc Object and Control Library
wuapi.dll 506a0000 581632 C:\WINDOWS\system32\wuapi.dll 7.4.7600.226 (winmain_wtr_wsus3sp2(wmbla).090806-1834) Windows Update Client API
Cabinet.dll 75150000 77824 C:\WINDOWS\system32\Cabinet.dll 5.1.2600.5512 (xpsp.080413-2105) Microsoft® Cabinet File API

mtwheezer · « **Reply #10 on:** May 17, 2010, 10:48:24 AM »

part 3:

Module information for 'svchost.exe'(692)
MODULE BASE SIZE PATH
svchost.exe 1000000 24576 C:\WINDOWS\system32\svchost.exe 5.1.2600.5512 (xpsp.080413-2111) Generic Host Process for Win32 Services
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINDOWS\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.5795 (xpsp_sp3_gdr.090415-1241) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
USER32.dll 7e410000 593920 C:\WINDOWS\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
GDI32.dll 77f10000 299008 C:\WINDOWS\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.5512 (xpsp.080413-0845) MCI API DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft OLE for Windows
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.5512 5.1.2600.5512
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319) Windows Shell Common Dll
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.5912 (xpsp_sp3_gdr.091207-1454) Shell Light-weight Utility Library
USERENV.dll 769c0000 737280 C:\WINDOWS\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 6.0 (xpsp.080413-2105) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.080413-2105) Common Controls Library
NTMARTA.DLL 77690000 135168 C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.5512 (xpsp.080413-2113) Windows NT MARTA provider
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
rpcss.dll 76a80000 409600 c:\windows\system32\rpcss.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Distributed COM Services
WS2_32.dll 71ab0000 94208 c:\windows\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 c:\windows\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
xpsp2res.dll 670000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
termsrv.dll 760f0000 339968 c:\windows\system32\termsrv.dll 5.1.2600.5512 (xpsp.080413-2111) Terminal Server Service
ICAAPI.dll 74f70000 24576 c:\windows\system32\ICAAPI.dll 5.1.2600.5512 (xpsp.080413-2111) DLL Interface to TermDD Device Driver
SETUPAPI.dll 77920000 995328 c:\windows\system32\SETUPAPI.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Setup API
WINTRUST.dll 76c30000 188416 c:\windows\system32\WINTRUST.dll 5.131.2600.5922 (xpsp_sp3_gdr.091223-1907) Microsoft Trust Verification APIs
CRYPT32.dll 77a80000 610304 c:\windows\system32\CRYPT32.dll 5.131.2600.5512 (xpsp.080413-2113) Crypto API32
MSASN1.dll 77b20000 73728 c:\windows\system32\MSASN1.dll 5.1.2600.5875 (xpsp_sp3_gdr.090904-1413) ASN.1 Runtime APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.5512 (xpsp.080413-2105) Windows NT Image Helper
AUTHZ.dll 776c0000 73728 c:\windows\system32\AUTHZ.dll 5.1.2600.5512 (xpsp.080413-2113) Authorization Framework
mstlsapi.dll 75110000 126976 c:\windows\system32\mstlsapi.dll 5.1.2600.5512 (xpsp.080413-2111) Microsoft® Terminal Server Licensing
ACTIVEDS.dll 77cc0000 204800 c:\windows\system32\ACTIVEDS.dll 5.1.2600.5512 (xpsp.080413-2113) ADs Router Layer DLL
adsldpc.dll 76e10000 151552 c:\windows\system32\adsldpc.dll 5.1.2600.5512 (xpsp.080413-2113) ADs LDAP Provider C DLL
NETAPI32.dll 5b860000 348160 c:\windows\system32\NETAPI32.dll 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312) Net Win32 API DLL
ATL.DLL 76b20000 69632 c:\windows\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
REGAPI.dll 76bc0000 61440 C:\WINDOWS\system32\REGAPI.dll 5.1.2600.5512 (xpsp.080413-2111) Registry Configuration APIs
rsaenh.dll 68000000 221184 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
Apphelp.dll 77b40000 139264 C:\WINDOWS\system32\Apphelp.dll 5.1.2600.5512 (xpsp.080413-2105) Application Compatibility Client Library
msi.dll 7d1e0000 2867200 C:\WINDOWS\system32\msi.dll 3.1.4001.5512 Windows Installer
Module information for 'svchost.exe'(756)
MODULE BASE SIZE PATH
svchost.exe 1000000 24576 C:\WINDOWS\system32\svchost.exe 5.1.2600.5512 (xpsp.080413-2111) Generic Host Process for Win32 Services
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINDOWS\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.5795 (xpsp_sp3_gdr.090415-1241) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
USER32.dll 7e410000 593920 C:\WINDOWS\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
GDI32.dll 77f10000 299008 C:\WINDOWS\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.5512 (xpsp.080413-0845) MCI API DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft OLE for Windows
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.5512 5.1.2600.5512
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319) Windows Shell Common Dll
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.5912 (xpsp_sp3_gdr.091207-1454) Shell Light-weight Utility Library
USERENV.dll 769c0000 737280 C:\WINDOWS\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 6.0 (xpsp.080413-2105) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.080413-2105) Common Controls Library
rpcss.dll 76a80000 409600 c:\windows\system32\rpcss.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Distributed COM Services
WS2_32.dll 71ab0000 94208 c:\windows\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 c:\windows\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
xpsp2res.dll 670000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
rsaenh.dll 68000000 221184 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
mswsock.dll 71a50000 258048 C:\WINDOWS\system32\mswsock.dll 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) Microsoft Windows Sockets 2.0 Service Provider
hnetcfg.dll 662b0000 360448 C:\WINDOWS\system32\hnetcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Home Networking Configuration Manager
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Sockets Helper DLL
DNSAPI.dll 76f20000 159744 C:\WINDOWS\system32\DNSAPI.dll 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) DNS Client API DLL
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
winrnr.dll 76fb0000 32768 C:\WINDOWS\System32\winrnr.dll 5.1.2600.5512 (xpsp.080413-2113) LDAP RnR Provider DLL
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
rasadhlp.dll 76fc0000 24576 C:\WINDOWS\system32\rasadhlp.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access AutoDial Helper
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
msi.dll 7d1e0000 2867200 C:\WINDOWS\system32\msi.dll 3.1.4001.5512 Windows Installer
Module information for 'svchost.exe'(800)
MODULE BASE SIZE PATH
svchost.exe 1000000 24576 C:\WINDOWS\System32\svchost.exe 5.1.2600.5512 (xpsp.080413-2111) Generic Host Process for Win32 Services
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINDOWS\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.5795 (xpsp_sp3_gdr.090415-1241) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
ShimEng.dll 5cb70000 155648 C:\WINDOWS\System32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
USER32.dll 7e410000 593920 C:\WINDOWS\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
GDI32.dll 77f10000 299008 C:\WINDOWS\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\System32\WINMM.dll 5.1.2600.5512 (xpsp.080413-0845) MCI API DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft OLE for Windows
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.5512 5.1.2600.5512
MSACM32.dll 77be0000 86016 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319) Windows Shell Common Dll
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.5912 (xpsp_sp3_gdr.091207-1454) Shell Light-weight Utility Library
USERENV.dll 769c0000 737280 C:\WINDOWS\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
UxTheme.dll 5ad70000 229376 C:\WINDOWS\System32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 6.0 (xpsp.080413-2105) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.080413-2105) Common Controls Library
NTMARTA.DLL 77690000 135168 C:\WINDOWS\System32\NTMARTA.DLL 5.1.2600.5512 (xpsp.080413-2113) Windows NT MARTA provider
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
xpsp2res.dll 630000 2904064 C:\WINDOWS\System32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
shsvcs.dll 776e0000 143360 c:\windows\system32\shsvcs.dll 6.00.2900.5512 (xpsp.080413-2105) Windows Shell Services Dll
WINSTA.dll 76360000 65536 C:\WINDOWS\System32\WINSTA.dll 5.1.2600.5512 (xpsp.080413-2111) Winstation Library
NETAPI32.dll 5b860000 348160 C:\WINDOWS\System32\NETAPI32.dll 5.1.2600.5694 (xpsp_sp3_gdr.081015-1312) Net Win32 API DLL
dhcpcsvc.dll 7d4b0000 139264 c:\windows\system32\dhcpcsvc.dll 5.1.2600.5512 (xpsp.080413-0852) DHCP Client Service
DNSAPI.dll 76f20000 159744 c:\windows\system32\DNSAPI.dll 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) DNS Client API DLL
WS2_32.dll 71ab0000 94208 c:\windows\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 c:\windows\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
iphlpapi.dll 76d60000 102400 c:\windows\system32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
rsaenh.dll 68000000 221184 C:\WINDOWS\System32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
wzcsvc.dll 7db10000 573440 c:\windows\system32\wzcsvc.dll 5.1.2600.5512 (xpsp.080413-0852) Wireless Zero Configuration Service
rtutils.dll 76e80000 57344 c:\windows\system32\rtutils.dll 5.1.2600.5512 (xpsp.080413-0852) Routing Utilities
WMI.dll 76d30000 16384 c:\windows\system32\WMI.dll 5.1.2600.5512 (xpsp.080413-2113) WMI DC and DP functionality
CRYPT32.dll 77a80000 610304 c:\windows\system32\CRYPT32.dll 5.131.2600.5512 (xpsp.080413-2113) Crypto API32
MSASN1.dll 77b20000 73728 c:\windows\system32\MSASN1.dll 5.1.2600.5875 (xpsp_sp3_gdr.090904-1413) ASN.1 Runtime APIs
EapolQec.dll 72810000 45056 c:\windows\system32\EapolQec.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft EAPOL NAP Enforcement Client
ATL.DLL 76b20000 69632 c:\windows\system32\ATL.DLL 3.05.2284 ATL Module for Windows XP (Unicode)
QUtil.dll 726c0000 90112 c:\windows\system32\QUtil.dll 5.1.2600.5512 (xpsp.080413-0852) Quarantine Utilities
MSVCP60.dll 76080000 413696 c:\windows\system32\MSVCP60.dll 6.02.3104.0 Microsoft (R) C++ Runtime Library
dot3api.dll 478c0000 40960 c:\windows\system32\dot3api.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 Autoconfiguration API
WTSAPI32.dll 76f50000 32768 c:\windows\system32\WTSAPI32.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Terminal Server SDK APIs
ESENT.dll 606b0000 1101824 c:\windows\system32\ESENT.dll 5.1.2600.5512 (xpsp.080413-2113) Server Database Storage Engine
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
COMRes.dll 77050000 806912 C:\WINDOWS\System32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
rastls.dll 76b70000 159744 C:\WINDOWS\System32\rastls.dll 5.1.2600.5886 (xpsp_sp3_gdr.091012-1253) Remote Access PPP EAP-TLS
CRYPTUI.dll 754d0000 524288 C:\WINDOWS\System32\CRYPTUI.dll 5.131.2600.5512 (xpsp.080413-2113) Microsoft Trust UI Provider
WININET.dll 3d930000 942080 C:\WINDOWS\system32\WININET.dll 8.00.6001.18904 (longhorn_ie8_gdr.100222-1700) Internet Extensions for Win32
Normaliz.dll 1490000 36864 C:\WINDOWS\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
urlmon.dll 78130000 1257472 C:\WINDOWS\system32\urlmon.dll 8.00.6001.18904 (longhorn_ie8_gdr.100222-1700) OLE32 Extensions for Win32
iertutil.dll 3dfd0000 1998848 C:\WINDOWS\system32\iertutil.dll 8.00.6001.18904 (longhorn_ie8_gdr.100222-1700) Run time utility for Internet Explorer
WINTRUST.dll 76c30000 188416 C:\WINDOWS\System32\WINTRUST.dll 5.131.2600.5922 (xpsp_sp3_gdr.091223-1907) Microsoft Trust Verification APIs
IMAGEHLP.dll 76c90000 163840 C:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.5512 (xpsp.080413-2105) Windows NT Image Helper
MPRAPI.dll 76d40000 98304 C:\WINDOWS\System32\MPRAPI.dll 5.1.2600.5512 (xpsp.080413-0852) Windows NT MP Router Administration DLL
ACTIVEDS.dll 77cc0000 204800 C:\WINDOWS\System32\ACTIVEDS.dll 5.1.2600.5512 (xpsp.080413-2113) ADs Router Layer DLL
adsldpc.dll 76e10000 151552 C:\WINDOWS\System32\adsldpc.dll 5.1.2600.5512 (xpsp.080413-2113) ADs LDAP Provider C DLL
SETUPAPI.dll 77920000 995328 C:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.5512 (xpsp.080413-2111) Windows Setup API
RASAPI32.dll 76ee0000 245760 C:\WINDOWS\System32\RASAPI32.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access API
rasman.dll 76e90000 73728 C:\WINDOWS\System32\rasman.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access Connection Manager
TAPI32.dll 76eb0000 192512 C:\WINDOWS\System32\TAPI32.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft® Windows(TM) Telephony API Client DLL
SCHANNEL.dll 767f0000 163840 C:\WINDOWS\System32\SCHANNEL.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) TLS / SSL Security Provider
WinSCard.dll 723d0000 114688 C:\WINDOWS\System32\WinSCard.dll 5.1.2600.5512 (xpsp.080413-2113) Microsoft Smart Card API
PSAPI.DLL 76bf0000 45056 C:\WINDOWS\System32\PSAPI.DLL 5.1.2600.5512 (xpsp.080413-2105) Process Status Helper
raschap.dll 76bd0000 90112 C:\WINDOWS\System32\raschap.dll 5.1.2600.5886 (xpsp_sp3_gdr.091012-1253) Remote Access PPP CHAP
msv1_0.dll 77c70000 151552 C:\WINDOWS\system32\msv1_0.dll 5.1.2600.5876 (xpsp_sp3_gdr.090909-1234) Microsoft Authentication Package v1.0
cryptdll.dll 76790000 49152 C:\WINDOWS\System32\cryptdll.dll 5.1.2600.5512 (xpsp.080413-2113) Cryptography Manager
WZCSAPI.DLL 73030000 65536 C:\WINDOWS\System32\WZCSAPI.DLL 5.1.2600.5512 (xpsp.080413-0852) Wireless Zero Configuration service API
mswsock.dll 71a50000 258048 C:\WINDOWS\system32\mswsock.dll 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) Microsoft Windows Sockets 2.0 Service Provider
hnetcfg.dll 662b0000 360448 C:\WINDOWS\System32\hnetcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Home Networking Configuration Manager
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Sockets Helper DLL
schedsvc.dll 77300000 208896 c:\windows\system32\schedsvc.dll 5.1.2600.5512 (xpsp.080413-2108) Task Scheduler Engine
NTDSAPI.dll 767a0000 77824 c:\windows\system32\NTDSAPI.dll 5.1.2600.5512 (xpsp.080413-2113) NT5DS
MSIDLE.DLL 74f50000 20480 C:\WINDOWS\System32\MSIDLE.DLL 6.00.2900.5512 (xpsp.080413-2105) User Idle Monitor
audiosrv.dll 708b0000 53248 c:\windows\system32\audiosrv.dll 5.1.2600.5512 (xpsp.080413-0845) Windows Audio Service
wkssvc.dll 76e40000 143360 c:\windows\system32\wkssvc.dll 5.1.2600.5826 (xpsp_sp3_gdr.090609-1434) Workstation Service DLL
cryptsvc.dll 76ce0000 73728 c:\windows\system32\cryptsvc.dll 5.1.2600.5512 (xpsp.080413-2113) Cryptographic Services
certcli.dll 77b90000 204800 c:\windows\system32\certcli.dll 5.1.2600.5512 (xpsp.080413-2113) Microsoft® Certificate Services Client
dmserver.dll 74f90000 36864 c:\windows\system32\dmserver.dll 2600.5512.503.0 Logical Disk Manager service dll
ersvc.dll 74f80000 36864 c:\windows\system32\ersvc.dll 5.1.2600.5512 (xpsp.080413-2108) Windows Error Reporting Service
es.dll 77710000 278528 c:\windows\system32\es.dll 2001.12.4414.706 2001.12.4414.706
pchsvc.dll 74f40000 49152 c:\windows\pchealth\helpctr\binaries\pchsvc.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft PCHealth Service Holder
srvsvc.dll 75090000 106496 c:\windows\system32\srvsvc.dll 5.1.2600.5512 (xpsp.080413-2113) Server Service DLL
netman.dll 77d00000 208896 c:\windows\system32\netman.dll 5.1.2600.5512 (xpsp.080413-0852) Network Connections Manager
netshell.dll 76400000 1724416 c:\windows\system32\netshell.dll 5.1.2600.5512 (xpsp.080413-0852) Network Connections Shell
credui.dll 76c00000 188416 c:\windows\system32\credui.dll 5.1.2600.5512 (xpsp.080413-2113) Credential Manager User Interface
dot3dlg.dll 736d0000 24576 c:\windows\system32\dot3dlg.dll 5.1.2600.5512 (xpsp.080413-0852) 802.3 UI Helper
OneX.DLL 5dca0000 163840 c:\windows\system32\OneX.DLL 5.1.2600.5512 (xpsp.080413-0852) IEEE 802.1X supplicant library
eappcfg.dll 745b0000 139264 c:\windows\system32\eappcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Eap Peer Config
eappprxy.dll 5dcd0000 57344 c:\windows\system32\eappprxy.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft EAPHost Peer Client DLL
seclogon.dll 73d20000 32768 c:\windows\system32\seclogon.dll 5.1.2600.5512 (xpsp.080413-2113) Secondary Logon Service DLL
sens.dll 722d0000 53248 c:\windows\system32\sens.dll 5.1.2600.5512 (xpsp.080413-2108) System Event Notification Service (SENS)
srsvc.dll 751a0000 188416 c:\windows\system32\srsvc.dll 5.1.2600.5512 (xpsp.080413-2108) System Restore Service
POWRPROF.dll 74ad0000 32768 c:\windows\system32\POWRPROF.dll 6.00.2900.5512 (xpsp.080413-2105) Power Profile Helper DLL
trkwks.dll 75070000 102400 c:\windows\system32\trkwks.dll 5.1.2600.5512 (xpsp.080413-2108) Distributed Link Tracking Client
w32time.dll 767c0000 180224 c:\windows\system32\w32time.dll 5.1.2600.5512 (xpsp.080413-2113) Windows Time Service
wmisvc.dll 59490000 163840 c:\windows\system32\wbem\wmisvc.dll 5.1.2600.5512 (xpsp.080413-2108) WMI
VSSAPI.DLL 753e0000 446464 C:\WINDOWS\system32\VSSAPI.DLL 5.1.2600.5512 (xpsp.080413-2108) Microsoft® Volume Shadow Copy Requestor/Writer Services API DLL
wuauserv.dll 50000000 20480 c:\windows\system32\wuauserv.dll 5.4.3790.5512 (xpsp.080413-0852) Windows Update AutoUpdate Service
wuaueng.dll 50040000 1937408 C:\WINDOWS\system32\wuaueng.dll 7.4.7600.226 (winmain_wtr_wsus3sp2(wmbla).090806-1834) Windows Update Agent
WINSPOOL.DRV 73000000 155648 C:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.5512 (xpsp.080413-0852) Windows Spooler Driver
WINHTTP.dll 4d4f0000 364544 C:\WINDOWS\System32\WINHTTP.dll 5.1.2600.5868 (xpsp_sp3_gdr.090824-1328) Windows HTTP Services
Cabinet.dll 75150000 77824 C:\WINDOWS\System32\Cabinet.dll 5.1.2600.5512 (xpsp.080413-2105) Microsoft® Cabinet File API
mspatcha.dll 600a0000 45056 C:\WINDOWS\System32\mspatcha.dll 5.1.2600.5512 (xpsp.080413-2111) Microsoft(R) Patch Engine
browser.dll 76da0000 90112 c:\windows\system32\browser.dll 5.1.2600.5512 (xpsp.080413-2113) Computer Browser Service DLL
wscsvc.dll 4c0a0000 94208 c:\windows\system32\wscsvc.dll 5.1.2600.5512 (xpsp.080413-2108) Windows Security Center Service
msi.dll 7d1e0000 2867200 c:\windows\system32\msi.dll 3.1.4001.5512 Windows Installer
winrnr.dll 76fb0000 32768 C:\WINDOWS\System32\winrnr.dll 5.1.2600.5512 (xpsp.080413-2113) LDAP RnR Provider DLL
wbemcomn.dll 75290000 225280 C:\WINDOWS\system32\wbem\wbemcomn.dll 5.1.2600.5512 (xpsp.080413-2108) WMI
wbemcore.dll 762c0000 544768 C:\WINDOWS\system32\wbem\wbemcore.dll 5.1.2600.5512 (xpsp.080413-2108) WMI
esscli.dll 75310000 258048 C:\WINDOWS\system32\wbem\esscli.dll 5.1.2600.5512 (xpsp.080413-2108) WMI
FastProx.dll 75690000 483328 C:\WINDOWS\system32\wbem\FastProx.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) WMI
wbemsvc.dll 74ed0000 57344 C:\WINDOWS\system32\wbem\wbemsvc.dll 5.1.2600.5512 (xpsp.080413-2108) WMI
sfc.dll 76bb0000 20480 C:\WINDOWS\System32\sfc.dll 5.1.2600.5512 (xpsp.080413-2111) Windows File Protection
sfc_os.dll 76c60000 172032 C:\WINDOWS\System32\sfc_os.dll 5.1.2600.5512 (xpsp.080413-2111) Windows File Protection
ipnathlp.dll 66460000 348160 c:\windows\system32\ipnathlp.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft NAT Helper Components
AUTHZ.dll 776c0000 73728 c:\windows\system32\AUTHZ.dll 5.1.2600.5512 (xpsp.080413-2113) Authorization Framework
wmiutils.dll 75020000 110592 C:\WINDOWS\system32\wbem\wmiutils.dll 5.1.2600.5512 (xpsp.080413-2108) WMI
repdrvfs.dll 75200000 192512 C:\WINDOWS\system32\wbem\repdrvfs.dll 5.1.2600.5512 (xpsp.080413-2108) WMI
SXS.DLL 7e720000 720896 C:\WINDOWS\System32\SXS.DLL 5.1.2600.5512 (xpsp.080413-2111) Fusion 2.5
wmiprvsd.dll 3f1e0000 466944 C:\WINDOWS\system32\wbem\wmiprvsd.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) WMI
NCObjAPI.DLL 5f770000 49152 C:\WINDOWS\system32\NCObjAPI.DLL 5.1.2600.5512 (xpsp.080413-2108)
Apphelp.dll 77b40000 139264 C:\WINDOWS\system32\Apphelp.dll 5.1.2600.5512 (xpsp.080413-2105) Application Compatibility Client Library
wbemess.dll 75390000 286720 C:\WINDOWS\system32\wbem\wbemess.dll 5.1.2600.5512 (xpsp.080413-2108) WMI
comsvcs.dll 76620000 1294336 C:\WINDOWS\system32\comsvcs.dll 2001.12.4414.702 2001.12.4414.702
colbact.DLL 75130000 81920 C:\WINDOWS\system32\colbact.DLL 2001.12.4414.700 2001.12.4414.700
MTXCLU.DLL 750f0000 77824 C:\WINDOWS\system32\MTXCLU.DLL 2001.12.4414.706 MS DTC amd MTS clustering support DLL
WSOCK32.dll 71ad0000 36864 C:\WINDOWS\system32\WSOCK32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 32-Bit DLL
CLUSAPI.DLL 76d10000 73728 C:\WINDOWS\System32\CLUSAPI.DLL 5.1.2600.5512 (xpsp.080413-2111) Cluster API Library
RESUTILS.DLL 750b0000 73728 C:\WINDOWS\System32\RESUTILS.DLL 5.1.2600.5512 (xpsp.080413-2111) Microsoft Cluster Resource Utility DLL
ncprov.dll 5f740000 57344 C:\WINDOWS\system32\wbem\ncprov.dll 5.1.2600.5512 (xpsp.080413-2108) Non-COM WMI Event Provision APIs
wups2.dll 50f00000 53248 C:\WINDOWS\system32\wups2.dll 7.4.7600.226 (winmain_wtr_wsus3sp2(wmbla).090806-1834) Windows Update client proxy stub 2
rasadhlp.dll 76fc0000 24576 C:\WINDOWS\System32\rasadhlp.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access AutoDial Helper
netcfgx.dll 755f0000 630784 C:\WINDOWS\system32\netcfgx.dll 5.1.2600.5512 (xpsp.080413-0852) Network Configuration Objects
upnp.dll 76de0000 147456 C:\WINDOWS\system32\upnp.dll 5.1.2600.5512 (xpsp.080413-0852) Universal Plug and Play API
SSDPAPI.dll 74f00000 49152 C:\WINDOWS\system32\SSDPAPI.dll 5.1.2600.5512 (xpsp.080413-0852) SSDP Client API DLL
msxml3.dll 74980000 1191936 C:\WINDOWS\system32\msxml3.dll 8.100.1051.0 MSXML 3.0 SP10
rasmans.dll 7df30000 204800 C:\WINDOWS\System32\rasmans.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access Connection Manager
WINIPSEC.DLL 74370000 45056 C:\WINDOWS\System32\WINIPSEC.DLL 5.1.2600.5512 (xpsp.080413-0852) Windows IPSec SPD Client DLL
tapisrv.dll 733e0000 262144 c:\windows\system32\tapisrv.dll 5.1.2600.5512 (xpsp.080413-0852) Microsoft® Windows(TM) Telephony Server
rastapi.dll 75880000 69632 C:\WINDOWS\System32\rastapi.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access TAPI Compliance Layer
unimdm.tsp 57cc0000 221184 C:\WINDOWS\System32\unimdm.tsp 5.1.2600.5512 (xpsp.080413-0852) Unimodem 5 Service Provider
uniplat.dll 72000000 28672 C:\WINDOWS\System32\uniplat.dll 5.1.2600.5512 (xpsp.080413-0852) Unimodem AT Mini Driver Platform Driver for Windows NT
unimdmat.dll 5b070000 81920 C:\WINDOWS\System32\unimdmat.dll 5.1.2600.5512 (xpsp.080413-0852) Unimodem Service Provider AT Mini Driver
modemui.dll 61650000 163840 C:\WINDOWS\system32\modemui.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Modem Properties
kmddsp.tsp 57d40000 45056 C:\WINDOWS\System32\kmddsp.tsp 5.1.2600.5512 (xpsp.080413-0852) TAPI Kernel-Mode Service Provider
ndptsp.tsp 57d20000 65536 C:\WINDOWS\System32\ndptsp.tsp 5.1.2600.5512 (xpsp.080413-0852) NDIS Proxy TAPI Service Provider
ipconf.tsp 57d50000 32768 C:\WINDOWS\System32\ipconf.tsp 5.1.2600.5512 (xpsp.080413-0852) Microsoft Multicast Conference TAPI Service Provider
h323.tsp 57d70000 286720 C:\WINDOWS\System32\h323.tsp 5.1.2600.5512 (xpsp.080413-0852) Microsoft H.323 Telephony Service Provider
hidphone.tsp 57d60000 40960 C:\WINDOWS\System32\hidphone.tsp 5.1.2600.5512 (xpsp.080413-0852) Microsoft HID Phone TSP
HID.DLL 688f0000 36864 C:\WINDOWS\System32\HID.DLL 5.1.2600.5512 (xpsp.080413-2108) Hid User Library
rasppp.dll 72240000 225280 C:\WINDOWS\System32\rasppp.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access PPP
ntlsapi.dll 724b0000 24576 C:\WINDOWS\System32\ntlsapi.dll 5.1.2600.5512 (xpsp.080413-2113) Microsoft® License Server Interface DLL
kerberos.dll 71cf0000 311296 C:\WINDOWS\system32\kerberos.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Kerberos Security Package
RASQEC.DLL 72ae0000 77824 C:\WINDOWS\System32\RASQEC.DLL 5.1.2600.5512 (xpsp.080413-0852) RAS Quarantine Enforcement Client
RASDLG.dll 768d0000 671744 C:\WINDOWS\System32\RASDLG.dll 5.1.2600.5512 (xpsp.080413-0852) Remote Access Common Dialog API
dssenh.dll 68100000 155648 C:\WINDOWS\System32\dssenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider
advpack.dll 65000000 188416 C:\WINDOWS\system32\advpack.dll 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) ADVPACK
mlang.dll 75cf0000 593920 C:\WINDOWS\system32\mlang.dll 6.00.2900.5512 (xpsp.080413-2105) Multi Language Support DLL
xmlprovi.dll 4cb90000 65536 C:\WINDOWS\System32\xmlprovi.dll 5.1.2600.5512 (xpsp.080413-0852) Network Provisioning Service Client API

mtwheezer · « **Reply #11 on:** May 17, 2010, 10:50:28 AM »

part 4:

Module information for 'svchost.exe'(864)
MODULE BASE SIZE PATH
svchost.exe 1000000 24576 C:\WINDOWS\system32\svchost.exe 5.1.2600.5512 (xpsp.080413-2111) Generic Host Process for Win32 Services
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINDOWS\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.5795 (xpsp_sp3_gdr.090415-1241) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
USER32.dll 7e410000 593920 C:\WINDOWS\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
GDI32.dll 77f10000 299008 C:\WINDOWS\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.5512 (xpsp.080413-0845) MCI API DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft OLE for Windows
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.5512 5.1.2600.5512
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319) Windows Shell Common Dll
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.5912 (xpsp_sp3_gdr.091207-1454) Shell Light-weight Utility Library
USERENV.dll 769c0000 737280 C:\WINDOWS\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 6.0 (xpsp.080413-2105) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.080413-2105) Common Controls Library
dnsrslvr.dll 76770000 53248 c:\windows\system32\dnsrslvr.dll 5.1.2600.5512 (xpsp.080413-2113) DNS Caching Resolver Service
DNSAPI.dll 76f20000 159744 c:\windows\system32\DNSAPI.dll 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) DNS Client API DLL
WS2_32.dll 71ab0000 94208 c:\windows\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 c:\windows\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
iphlpapi.dll 76d60000 102400 c:\windows\system32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
rsaenh.dll 68000000 221184 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
mswsock.dll 71a50000 258048 C:\WINDOWS\system32\mswsock.dll 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) Microsoft Windows Sockets 2.0 Service Provider
hnetcfg.dll 662b0000 360448 C:\WINDOWS\system32\hnetcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Home Networking Configuration Manager
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Sockets Helper DLL
Module information for 'svchost.exe'(1012)
MODULE BASE SIZE PATH
svchost.exe 1000000 24576 C:\WINDOWS\system32\svchost.exe 5.1.2600.5512 (xpsp.080413-2111) Generic Host Process for Win32 Services
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINDOWS\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.5795 (xpsp_sp3_gdr.090415-1241) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
USER32.dll 7e410000 593920 C:\WINDOWS\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
GDI32.dll 77f10000 299008 C:\WINDOWS\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.5512 (xpsp.080413-0845) MCI API DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft OLE for Windows
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.5512 5.1.2600.5512
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319) Windows Shell Common Dll
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.5912 (xpsp_sp3_gdr.091207-1454) Shell Light-weight Utility Library
USERENV.dll 769c0000 737280 C:\WINDOWS\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 6.0 (xpsp.080413-2105) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.080413-2105) Common Controls Library
NTMARTA.DLL 77690000 135168 C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.5512 (xpsp.080413-2113) Windows NT MARTA provider
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
xpsp2res.dll 630000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
lmhsvc.dll 74c40000 24576 c:\windows\system32\lmhsvc.dll 5.1.2600.5512 (xpsp.080413-0852) TCPIP NetBios Transport Services DLL
iphlpapi.dll 76d60000 102400 c:\windows\system32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
WS2_32.dll 71ab0000 94208 c:\windows\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 c:\windows\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
regsvc.dll 76af0000 73728 c:\windows\system32\regsvc.dll 5.1.2600.5512 (xpsp.080413-2111) Remote Registry Service
Module information for 'svchost.exe'(1324)
MODULE BASE SIZE PATH
svchost.exe 1000000 24576 C:\WINDOWS\system32\svchost.exe 5.1.2600.5512 (xpsp.080413-2111) Generic Host Process for Win32 Services
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINDOWS\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.5795 (xpsp_sp3_gdr.090415-1241) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
USER32.dll 7e410000 593920 C:\WINDOWS\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
GDI32.dll 77f10000 299008 C:\WINDOWS\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.5512 (xpsp.080413-0845) MCI API DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft OLE for Windows
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.5512 5.1.2600.5512
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319) Windows Shell Common Dll
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.5912 (xpsp_sp3_gdr.091207-1454) Shell Light-weight Utility Library
USERENV.dll 769c0000 737280 C:\WINDOWS\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 6.0 (xpsp.080413-2105) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.080413-2105) Common Controls Library
NTMARTA.DLL 77690000 135168 C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.5512 (xpsp.080413-2113) Windows NT MARTA provider
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
xpsp2res.dll 630000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
webclnt.dll 5a6e0000 86016 c:\windows\system32\webclnt.dll 5.1.2600.5512 (xpsp.080413-2111) Web DAV Service DLL
WININET.dll 3d930000 942080 C:\WINDOWS\system32\WININET.dll 8.00.6001.18904 (longhorn_ie8_gdr.100222-1700) Internet Extensions for Win32
Normaliz.dll 940000 36864 C:\WINDOWS\system32\Normaliz.dll 6.0.5441.0 (winmain(wmbla).060628-1735) Unicode Normalization DLL
urlmon.dll 78130000 1257472 C:\WINDOWS\system32\urlmon.dll 8.00.6001.18904 (longhorn_ie8_gdr.100222-1700) OLE32 Extensions for Win32
iertutil.dll 3dfd0000 1998848 C:\WINDOWS\system32\iertutil.dll 8.00.6001.18904 (longhorn_ie8_gdr.100222-1700) Run time utility for Internet Explorer
WS2_32.dll 71ab0000 94208 c:\windows\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 c:\windows\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
Module information for 'svchost.exe'(1512)
MODULE BASE SIZE PATH
svchost.exe 1000000 24576 C:\WINDOWS\system32\svchost.exe 5.1.2600.5512 (xpsp.080413-2111) Generic Host Process for Win32 Services
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINDOWS\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.5795 (xpsp_sp3_gdr.090415-1241) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
ShimEng.dll 5cb70000 155648 C:\WINDOWS\system32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
USER32.dll 7e410000 593920 C:\WINDOWS\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
GDI32.dll 77f10000 299008 C:\WINDOWS\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\system32\WINMM.dll 5.1.2600.5512 (xpsp.080413-0845) MCI API DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft OLE for Windows
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.5512 5.1.2600.5512
MSACM32.dll 77be0000 86016 C:\WINDOWS\system32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319) Windows Shell Common Dll
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.5912 (xpsp_sp3_gdr.091207-1454) Shell Light-weight Utility Library
USERENV.dll 769c0000 737280 C:\WINDOWS\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
UxTheme.dll 5ad70000 229376 C:\WINDOWS\system32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 6.0 (xpsp.080413-2105) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.080413-2105) Common Controls Library
NTMARTA.DLL 77690000 135168 C:\WINDOWS\system32\NTMARTA.DLL 5.1.2600.5512 (xpsp.080413-2113) Windows NT MARTA provider
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\system32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
xpsp2res.dll 630000 2904064 C:\WINDOWS\system32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
ssdpsrv.dll 765e0000 81920 c:\windows\system32\ssdpsrv.dll 5.1.2600.5512 (xpsp.080413-0852) SSDP Service DLL
WS2_32.dll 71ab0000 94208 c:\windows\system32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 c:\windows\system32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT
hnetcfg.dll 662b0000 360448 C:\WINDOWS\system32\hnetcfg.dll 5.1.2600.5512 (xpsp.080413-0852) Home Networking Configuration Manager
iphlpapi.dll 76d60000 102400 C:\WINDOWS\system32\iphlpapi.dll 5.1.2600.5512 (xpsp.080413-0852) IP Helper API
CLBCATQ.DLL 76fd0000 520192 C:\WINDOWS\system32\CLBCATQ.DLL 2001.12.4414.700 2001.12.4414.700
COMRes.dll 77050000 806912 C:\WINDOWS\system32\COMRes.dll 2001.12.4414.700 2001.12.4414.700
mswsock.dll 71a50000 258048 C:\WINDOWS\system32\mswsock.dll 5.1.2600.5625 (xpsp_sp3_gdr.080620-1249) Microsoft Windows Sockets 2.0 Service Provider
wshtcpip.dll 71a90000 32768 C:\WINDOWS\System32\wshtcpip.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Sockets Helper DLL
rsaenh.dll 68000000 221184 C:\WINDOWS\system32\rsaenh.dll 5.1.2600.5507 (xpsp.080318-1711) Microsoft Enhanced Cryptographic Provider
httpapi.dll 67570000 40960 C:\WINDOWS\system32\httpapi.dll 5.1.2600.5891 (xpsp_sp3_gdr.091020-1758) HTTP Protocol Stack API
WINHTTP.dll 4d4f0000 364544 C:\WINDOWS\system32\WINHTTP.dll 5.1.2600.5868 (xpsp_sp3_gdr.090824-1328) Windows HTTP Services
Module information for 'svchost.exe'(3868)
MODULE BASE SIZE PATH
svchost.exe 1000000 24576 C:\WINDOWS\System32\svchost.exe 5.1.2600.5512 (xpsp.080413-2111) Generic Host Process for Win32 Services
ntdll.dll 7c900000 729088 C:\WINDOWS\system32\ntdll.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) NT Layer DLL
kernel32.dll 7c800000 1007616 C:\WINDOWS\system32\kernel32.dll 5.1.2600.5781 (xpsp_sp3_gdr.090321-1317) Windows NT BASE API Client DLL
ADVAPI32.dll 77dd0000 634880 C:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234) Advanced Windows 32 Base API
RPCRT4.dll 77e70000 598016 C:\WINDOWS\system32\RPCRT4.dll 5.1.2600.5795 (xpsp_sp3_gdr.090415-1241) Remote Procedure Call Runtime
Secur32.dll 77fe0000 69632 C:\WINDOWS\system32\Secur32.dll 5.1.2600.5834 (xpsp_sp3_gdr.090624-1305) Security Support Provider Interface
ShimEng.dll 5cb70000 155648 C:\WINDOWS\System32\ShimEng.dll 5.1.2600.5512 (xpsp.080413-2105) Shim Engine DLL
AcGenral.DLL 6f880000 1875968 C:\WINDOWS\AppPatch\AcGenral.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows Compatibility DLL
USER32.dll 7e410000 593920 C:\WINDOWS\system32\USER32.dll 5.1.2600.5512 (xpsp.080413-2105) Windows XP USER API Client DLL
GDI32.dll 77f10000 299008 C:\WINDOWS\system32\GDI32.dll 5.1.2600.5698 (xpsp_sp3_gdr.081022-1932) GDI Client DLL
WINMM.dll 76b40000 184320 C:\WINDOWS\System32\WINMM.dll 5.1.2600.5512 (xpsp.080413-0845) MCI API DLL
ole32.dll 774e0000 1298432 C:\WINDOWS\system32\ole32.dll 5.1.2600.5512 (xpsp.080413-2108) Microsoft OLE for Windows
msvcrt.dll 77c10000 360448 C:\WINDOWS\system32\msvcrt.dll 7.0.2600.5512 (xpsp.080413-2111) Windows NT CRT DLL
OLEAUT32.dll 77120000 569344 C:\WINDOWS\system32\OLEAUT32.dll 5.1.2600.5512 5.1.2600.5512
MSACM32.dll 77be0000 86016 C:\WINDOWS\System32\MSACM32.dll 5.1.2600.5512 (xpsp.080413-0845) Microsoft ACM Audio Filter
VERSION.dll 77c00000 32768 C:\WINDOWS\system32\VERSION.dll 5.1.2600.5512 (xpsp.080413-2105) Version Checking and File Installation Libraries
SHELL32.dll 7c9c0000 8482816 C:\WINDOWS\system32\SHELL32.dll 6.00.2900.5622 (xpsp_sp3_gdr.080617-1319) Windows Shell Common Dll
SHLWAPI.dll 77f60000 483328 C:\WINDOWS\system32\SHLWAPI.dll 6.00.2900.5912 (xpsp_sp3_gdr.091207-1454) Shell Light-weight Utility Library
USERENV.dll 769c0000 737280 C:\WINDOWS\system32\USERENV.dll 5.1.2600.5512 (xpsp.080413-2113) Userenv
UxTheme.dll 5ad70000 229376 C:\WINDOWS\System32\UxTheme.dll 6.00.2900.5512 (xpsp.080413-2105) Microsoft UxTheme Library
IMM32.DLL 76390000 118784 C:\WINDOWS\system32\IMM32.DLL 5.1.2600.5512 (xpsp.080413-2105) Windows XP IMM32 API Client DLL
comctl32.dll 773d0000 1060864 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll 6.0 (xpsp.080413-2105) User Experience Controls Library
comctl32.dll 5d090000 630784 C:\WINDOWS\system32\comctl32.dll 5.82 (xpsp.080413-2105) Common Controls Library
NTMARTA.DLL 77690000 135168 C:\WINDOWS\System32\NTMARTA.DLL 5.1.2600.5512 (xpsp.080413-2113) Windows NT MARTA provider
SAMLIB.dll 71bf0000 77824 C:\WINDOWS\System32\SAMLIB.dll 5.1.2600.5512 (xpsp.080413-2113) SAM Library DLL
WLDAP32.dll 76f60000 180224 C:\WINDOWS\system32\WLDAP32.dll 5.1.2600.5512 (xpsp.080413-2113) Win32 LDAP API DLL
xpsp2res.dll 630000 2904064 C:\WINDOWS\System32\xpsp2res.dll 5.1.2600.5512 (xpsp.080413-2113) Service Pack 2 Messages
w3ssl.dll 5aa90000 28672 c:\windows\system32\w3ssl.dll 6.0.2600.5512 (xpsp.080413-0852) SSL service for HTTP
strmfilt.dll 6f290000 90112 C:\WINDOWS\System32\strmfilt.dll 6.0.2600.5891 (xpsp_sp3_gdr.091020-1758) Stream Filter Library
CRYPT32.dll 77a80000 610304 C:\WINDOWS\System32\CRYPT32.dll 5.131.2600.5512 (xpsp.080413-2113) Crypto API32
MSASN1.dll 77b20000 73728 C:\WINDOWS\System32\MSASN1.dll 5.1.2600.5875 (xpsp_sp3_gdr.090904-1413) ASN.1 Runtime APIs
HTTPAPI.dll 67570000 40960 C:\WINDOWS\System32\HTTPAPI.dll 5.1.2600.5891 (xpsp_sp3_gdr.091020-1758) HTTP Protocol Stack API
WS2_32.dll 71ab0000 94208 C:\WINDOWS\System32\WS2_32.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 32-Bit DLL
WS2HELP.dll 71aa0000 32768 C:\WINDOWS\System32\WS2HELP.dll 5.1.2600.5512 (xpsp.080413-0852) Windows Socket 2.0 Helper for Windows NT

******************************************
EOF

Dr Jay · « **Reply #12 on:** May 18, 2010, 01:55:40 PM »

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

mtwheezer · « **Reply #13 on:** May 19, 2010, 08:51:49 AM »

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=8ec9ed106d3f4341a4153bbc451a6b48
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-19 02:56:03
# local_time=2010-05-19 09:56:03 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 498424 498424 0 0
# compatibility_mode=769 16775141 100 98 0 209637831 0 0
# compatibility_mode=6401 16777214 66 100 0 4881661 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=28402
# found=0
# cleaned=0
# scan_time=2686

Dr Jay · « **Reply #14 on:** May 19, 2010, 05:50:15 PM »

How is your computer running?

Ready for cleanup?

mtwheezer · « **Reply #15 on:** May 20, 2010, 06:40:39 PM »

Seems to be okay

Online Armor is asking at start up if I want to allow MRT.exe (microsoft recovery tool)
Am I to allow it?

and yep, ready for cleanup. I really appreciate all the help.

Dr Jay · « **Reply #16 on:** May 20, 2010, 09:17:44 PM »

Go ahead and allow. It is required for Windows to finish its update process.

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:

Select Start > All Programs > Accessories > System tools > System Restore.
On the dialogue box that appears select Create a Restore Point
Click NEXT
Enter a name e.g. Clean
Click CREATE

You now have a clean restore point, to get rid of the bad ones:

Select Start > All Programs > Accessories > System tools > Disk Cleanup.
In the Drop down box that appears select your main drive e.g. C
Click OK
The System will do some calculation and the display a dialogue box with TABS
Select the More Options Tab.
At the bottom will be a system restore box with a CLEANUP button click this
Accept the Warning and select OK again, the program will close and you are done

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

Save it to your Desktop.
Double click OTC.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download TFC by OldTimer to your desktop

Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
It will close all programs when run, so make sure you have saved all your work before you begin.
Click the Start
button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

mtwheezer · « **Reply #17 on:** May 20, 2010, 09:51:04 PM »

Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
avast! Antivirus
Online Armor 4.0
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 20
Adobe Flash Player 10.0.45.2
Adobe Reader 6.0.1
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Tall Emu Online Armor OAcat.exe
Tall Emu Online Armor oasrv.exe
Tall Emu Online Armor oaui.exe
Tall Emu Online Armor OAhlp.exe
Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 ashServ.exe
Alwil Software Avast4 ashDisp.exe
Alwil Software Avast4 ashMaiSv.exe
Alwil Software Avast4 ashWebSv.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

(and I've updated the Adobe reader)

Dr Jay · « **Reply #18 on:** May 20, 2010, 10:16:30 PM »

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

SpywareBlaster
SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
Spybot - Search & Destroy.
Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

Firefox may be downloaded from here: http://www.getfirefox.com
Opera is available here: http://www.opera.com/download/

See this page for more info about malware and prevention.

Computer Hope Forum

News:

Author Topic: Virus help before I strangle teenager :) (Read 18611 times)

mtwheezer

Dr Jay

mtwheezer

Dr Jay

mtwheezer

Dr Jay

mtwheezer

Dr Jay

mtwheezer

mtwheezer

mtwheezer

mtwheezer

Dr Jay

mtwheezer

Dr Jay

mtwheezer

Dr Jay

mtwheezer

Dr Jay