Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC Antispyware 2010 Infected


  • Please log in to reply
8 replies to this topic

#1 deansterdean

deansterdean

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 08 September 2009 - 04:04 PM

Hello ...
This is my first post. I did a google search and found this site. I found this readme file from the site: http://www.bleepingcomputer.com/virus-remo...ntispyware-2010

I did everything except Malwarebytes will begin to work but then disappears and I cannot run it. Uninstalling and reinstalling produced the same effect. I have tried Ad-aware and the same things happen.

I have tried renaming the files to try to trick the virus but still cannot get them to run. I have also tried: http://free.antivirus.com/clean-up-tools and they do not run.

Any help or anything else I can try? I would rather not reinstall the OS.

Control - Alt - Delete doesn't work ... says disabled by administrator :thumbsup:

Thanks in advance.

Edited by deansterdean, 08 September 2009 - 04:13 PM.


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 08 September 2009 - 11:09 PM

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).
  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 deansterdean

deansterdean
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 09 September 2009 - 04:45 AM

Address: 0xB864E000 Size: 8192 File Visible: No Signed: -
Status: -

Name: win32k.sys:1
Image Path: C:\WINDOWS\win32k.sys:1
Address: 0xB83C8000 Size: 20480 File Visible: No Signed: -
Status: -

Name: win32k.sys:2
Image Path: C:\WINDOWS\win32k.sys:2
Address: 0xB3BBF000 Size: 61440 File Visible: No Signed: -
Status: -

Stealth Objects
-------------------
Object: Hidden Module [Name: vsfocennfdebwn.dll]
Process: svchost.exe (PID: 1688) Address: 0x10000000 Size: 49152

Hidden Services
-------------------
Service Name: vsfocemmaoxixk
Image Path: C:\WINDOWS\system32\drivers\vsfocetnuplvqc.sys

Shadow SSDT
-------------------
#: 383 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys" at address 0xb8479440

#: 414 Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys" at address 0xb84793b0

#: 416 Function Name: NtUserGetKeyState
Status: Hooked by "C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys" at address 0xb84793f0

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys" at address 0xb8479330

==EOF==


When I did this when checking the c: box .... it just closes and goes away (disappears) .. I redownloaded the program and had to rename it.

Thanks for all your help :thumbsup:

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 09 September 2009 - 03:41 PM

Download and Run Scan with SREng2

Please download SREng2 from here and save it to your desktop.
  • Please Extract it to Desktop. To do this, right-click on the Sreng2.zip file and select Extract All.... Follow the prompts to extract it. (Click here for information on how to do this if not sure. Win 2000 users click here. )
  • Open the Sreng2 folder and then Double-click on SREngLdr.exe to run it. (If you are using Vista, please right-click and select run as administrator)
  • Select Smart Scan on the left side.
  • Make sure ALL the scan options there are checked and that Verify Digital Signatures of process modules is checked at the bottom as well.
  • Please close all open programs and applications except Sreng.
  • Now click on the Scan button.
  • Please be patient until the scan is complete. Once the scan is complete, please click on the Save Reports button.
  • Save the log file on your desktop and please post back with the contents of that log file in your next reply.

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 deansterdean

deansterdean
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 09 September 2009 - 06:04 PM

2009-09-09,19:01:24



System Repair Engineer 2.8.1.1279

Smallfrogs (http://www.KZTechs.com)



Windows XP Professional Service Pack 3 (Build 2600) - Administrative User - Completed Functions Allowed



Follow item(s) have been selected:

	All Boot Items (Including Registry, Startup Folders, Services and so on)

	Browser Add-ons

	Running Processes (Including process model information)

	File Associations

	Winsock Provider

	Autorun.Inf

	HOSTS File

	Process Privileges Scan

	Scheduled Tasks

	Windows Security Update Check

	API HOOK

	Hidden Process





Boot Items

Registry

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

	<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]

	<Aim6><"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp>  [(Verified)AOL LLC]

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]

	<load><>  [N/A]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

	<RTHDCPL><RTHDCPL.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]

	<Alcmtr><ALCMTR.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]

	<nwiz><C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install>  [(Verified)NVIDIA Corporation]

	<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>  [NVIDIA Corporation]

	<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]

	<Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]

	<Microsoft Works Update Detection><C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe>  [Microsoft® Corporation]

	<GrooveMonitor><"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe">  [(Verified)Microsoft Corporation]

	<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Inc.]

	<iTunesHelper><"C:\Program Files\iTunes\iTunesHelper.exe">  [(Verified)Apple Inc.]

	<vmware-tray><C:\Program Files\VMware\VMware Workstation\vmware-tray.exe>  [(Verified)"VMware, Inc."]

	<VMware hqtray><"C:\Program Files\VMware\VMware Workstation\hqtray.exe">  [(Verified)"VMware, Inc."]

	<ReminderApp><C:\Program Files\Nova Development\Scrapbook Factory Deluxe 4.0\ReminderApp.exe>  [(Verified)Nova Development]

	<Microsoft Default Manager><"C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume>  [(Verified)Microsoft Corporation]

	<HotSync><"C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers>  [File is missing]

	<SunJavaUpdateSched><"C:\Program Files\Java\jre6\bin\jusched.exe">  [(Verified)"Sun Microsystems, Inc."]

	<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [File is missing]

	<AVG8_TRAY><C:\PROGRA~1\AVG\AVG8\avgtray.exe>  [(Verified)AVG Technologies]

	<AVGIDS><"C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe">  [(Verified)AVG Technologies]

	<Corel Photo Downloader><"C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup>  [(Verified)Corel Corporation]

	<Malwarebytes' Anti-Malware><"C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray>  [(Verified)Malwarebytes Corporation]

	<braviax><braviax.exe>  []

	<autochk><rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16>  [Microsoft]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

	<shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]

	<Userinit><C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,>  [File is missing]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

	<AppInit_DLLs><cru629.dat>  []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

	<UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

	<{B5A7F190-DDA6-4420-B3BA-52453494E6CD}><C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll>  [(Verified)Microsoft Corporation]

	<{56F9679E-7826-4C84-81F3-532071A8BCC5}><C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll>  [Microsoft Corporation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

	<WebCheck><C:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows]

	<PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]

	<CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]

	<SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]

	<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]

	<WinlogonNotify: avgrsstarter><avgrsstx.dll>  [(Verified)AVG Technologies]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

	<WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

	<WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

	<WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]

	<WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

	<WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

	<WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

	<WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

	<WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

	<WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

	<WinlogonNotify: WgaLogon><WgaLogon.dll>  [Microsoft Corporation]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

	<WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

	<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]

	<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]

	<{BF56A325-23F2-42AD-F4E4-00AAC39CAA53}><C:\WINDOWS\system32\tajf83ikdmf.dll>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]

	<Internet Explorer Version Update><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

	<Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]

	<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

	<Browser Customizations><"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]

	<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{89820200-ECBD-11cf-8B85-00AA005B4340}]

	<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]

	<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]

	<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]

	<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA851-CC51-11CF-AAFA-00AA00B6015C}]

	<Microsoft Web Publishing Wizard 1.52><rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\wpie4x86.inf,PerUserStub>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]

	<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

	<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]

	<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]

	<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]

	<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]

	<N/A><c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install>  [(Verified)Microsoft Corporation]

[HKEY_CURRENT_USER\Control Panel\Desktop]

	<SCRNSAVE.EXE><C:\WINDOWS\system32\ssmypics.scr>  [(Verified)Microsoft Windows Component Publisher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

	<Corel File Shell Monitor><; C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe>  [(Verified)Corel Corporation]



==================================

Startup Folders

[HotSync Manager]

  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk --> C:\PROGRA~1\Palm\Hotsync.exe [PalmSource, Inc]><N>

[Microsoft Works Calendar Reminders]

  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk --> C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\WkCalRem.exe [Microsoft® Corporation]><N>

[Windows Search]

  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk --> C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [Microsoft Corporation]><N>

[LimeWire On Startup]

  <C:\Documents and Settings\Dean\Start Menu\Programs\Startup\LimeWire On Startup.lnk --> C:\PROGRA~1\LimeWire\LimeWire.exe [Lime Wire, LLC]><N>



==================================

Services

[Adobe Active File Monitor V7 / AdobeActiveFileMonitor7.0][Stopped/Auto Start]

  <C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe><Adobe Systems Incorporated>

[AntipyProex / AntipPro2009_100][Stopped/Auto Start]

  <C:\WINDOWS\svchasts.exe><(File is missing)>

[Apple Mobile Device / Apple Mobile Device][Running/Auto Start]

  <"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple Inc.>

[AVG8 WatchDog / avg8wd][Running/Auto Start]

  <C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe><AVG Technologies CZ, s.r.o.>

[AVG8 Firewall / avgfws8][Running/Auto Start]

  <C:\PROGRA~1\AVG\AVG8\avgfws8.exe><AVG Technologies CZ, s.r.o.>

[AVGIDSAgent / AVGIDSAgent][Running/Auto Start]

  <"C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe" AVGIDSAgent><AVG>

[AVGIDSWatcher / AVGIDSWatcher][Running/Auto Start]

  <C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe><AVG>

[Bonjour Service / Bonjour Service][Running/Auto Start]

  <"C:\Program Files\Bonjour\mDNSResponder.exe"><Apple Inc.>

[FLEXnet Licensing Service / FLEXnet Licensing Service][Stopped/Manual Start]

  <"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"><Macrovision Europe Ltd.>

[ForceWare Intelligent Application Manager (IAM) / ForceWare Intelligent Application Manager (IAM)][Running/Auto Start]

  <C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe><>

[hpqcxs08 / hpqcxs08][Stopped/Manual Start]

  <C:\WINDOWS\system32\svchost.exe -k hpdevmgmt-->C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll><Hewlett-Packard Co.>

[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]

  <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>

[iPod Service / iPod Service][Stopped/Manual Start]

  <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>

[Java Quick Starter / JavaQuickStarterService][Running/Auto Start]

  <"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"><Sun Microsystems, Inc.>

[Lavasoft Ad-Aware Service / Lavasoft Ad-Aware Service][Stopped/Auto Start]

  <"C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe"><(File is missing)>

[MBAMService / MBAMService][Running/Auto Start]

  <"C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"><Malwarebytes Corporation>

[Nero BackItUp Scheduler 4.0 / Nero BackItUp Scheduler 4.0][Running/Auto Start]

  <C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe><Nero AG>

[ForceWare IP service / nSvcIp][Running/Auto Start]

  <C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe><>

[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]

  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>

[ProtexisLicensing / ProtexisLicensing][Running/Auto Start]

  <C:\WINDOWS\system32\PSIService.exe><>

[VMware Agent Service / ufad-ws60][Stopped/Manual Start]

  <"C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files\VMware\VMware Workstation\\" -s ufad-p2v.xml><VMware, Inc.>

[Viewpoint Manager Service / Viewpoint Manager Service][Running/Auto Start]

  <"C:\Program Files\Viewpoint\Common\ViewpointService.exe"><Viewpoint Corporation>

[VMware Authorization Service / VMAuthdService][Running/Auto Start]

  <"C:\Program Files\VMware\VMware Workstation\vmware-authd.exe"><VMware, Inc.>

[VMware DHCP Service / VMnetDHCP][Running/Auto Start]

  <C:\WINDOWS\system32\vmnetdhcp.exe><VMware, Inc.>

[VMware Virtual Mount Manager Extended / vmount2][Running/Auto Start]

  <"C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe"><VMware, Inc.>

[VMware NAT Service / VMware NAT Service][Running/Auto Start]

  <C:\WINDOWS\system32\vmnat.exe><VMware, Inc.>



==================================

Drivers

[AMD HwPState Processor Driver / AmdPPM][Running/System Start]

  <system32\DRIVERS\AmdPPM.sys><Advanced Micro Devices>

[AnyDVD / AnyDVD][Running/Manual Start]

  <System32\Drivers\AnyDVD.sys><SlySoft, Inc.>

[Avgfwdx / Avgfwdx][Running/Manual Start]

  <system32\DRIVERS\avgfwdx.sys><AVG Technologies CZ, s.r.o.>

[AVG network filter service / Avgfwfd][Stopped/Manual Start]

  <system32\DRIVERS\avgfwdx.sys><AVG Technologies CZ, s.r.o.>

[AVGIDSDriver / AVGIDSDriver][Running/Manual Start]

  <\??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys><AVG Technologies>

[AVGIDSErHr / AVGIDSErHr][Running/Boot Start]

  <\SystemRoot\System32\Drivers\AVGIDSErHr.sys><AVG Technologies>

[AVGIDSFilter / AVGIDSFilter][Running/Manual Start]

  <\??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys><AVG Technologies>

[AVGIDSShim / AVGIDSShim][Running/Manual Start]

  <\??\C:\Program Files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys><AVG Technologies>

[AVG AVI Loader Driver x86 / AvgLdx86][Running/System Start]

  <\SystemRoot\System32\Drivers\avgldx86.sys><AVG Technologies CZ, s.r.o.>

[AVG On-access Scanner Minifilter Driver x86 / AvgMfx86][Running/System Start]

  <\SystemRoot\System32\Drivers\avgmfx86.sys><AVG Technologies CZ, s.r.o.>

[avgrkx86.sys / AvgRkx86][Running/Boot Start]

  <\SystemRoot\System32\Drivers\avgrkx86.sys><AVG Technologies CZ, s.r.o.>

[AVG8 Network Redirector / AvgTdiX][Running/System Start]

  <\SystemRoot\System32\Drivers\avgtdix.sys><AVG Technologies CZ, s.r.o.>

[calculator2 / calculator2][Stopped/]

  <2 - The system cannot find the file specified.

><N/A>

[cpuz132 / cpuz132][Stopped/Manual Start]

  <\??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys><Windows (R) Codename Longhorn DDK provider>

[ElbyCDIO Driver / ElbyCDIO][Running/System Start]

  <System32\Drivers\ElbyCDIO.sys><Elaborate Bytes AG>

[GEAR ASPI Filter Driver / GEARAspiWDM][Running/Manual Start]

  <system32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>

[VMware hcmon / hcmon][Running/Auto Start]

  <\??\C:\WINDOWS\system32\Drivers\hcmon.sys><VMware, Inc.>

[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]

  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>

[IEEE-1284.4 Driver HPZid412 / HPZid412][Running/Manual Start]

  <system32\DRIVERS\HPZid412.sys><HP>

[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Running/Manual Start]

  <system32\DRIVERS\HPZipr12.sys><HP>

[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Running/Manual Start]

  <system32\DRIVERS\HPZius12.sys><HP>

[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]

  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>

[MBAMProtector / MBAMProtector][Running/Manual Start]

  <\??\C:\WINDOWS\system32\drivers\mbam.sys><Malwarebytes Corporation>

[ATK0110 ACPI UTILITY / MTsensor][Running/Manual Start]

  <system32\DRIVERS\ASACPI.sys><>

[nv / nv][Running/Manual Start]

  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>

[NVIDIA nForce 10/100/1000 Mbps Ethernet  / NVENETFD][Running/Manual Start]

  <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>

[Service for NVIDIA High Definition Audio Driver / NVHDA][Running/Manual Start]

  <system32\drivers\nvhda32.sys><NVIDIA Corporation>

[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]

  <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>

[nvsmu / nvsmu][Running/Manual Start]

  <system32\DRIVERS\nvsmu.sys><NVIDIA Corporation>

[PalmUSBD / PalmUSBD][Stopped/Manual Start]

  <system32\drivers\PalmUSBD.sys><PalmSource, Inc.>

[Padus ASPI Shell / pfc][Running/Manual Start]

  <system32\drivers\pfc.sys><Padus, Inc.>

[Direct Parallel Link Driver / Ptilink][Running/Manual Start]

  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>

[PxHelp20 / PxHelp20][Running/Boot Start]

  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>

[rootrepeal / rootrepeal][Stopped/Manual Start]

  <\??\C:\WINDOWS\system32\drivers\rootrepeal.sys><N/A>

[rootrepeal[1] / rootrepeal[1]][Stopped/Manual Start]

  <\??\C:\WINDOWS\system32\drivers\rootrepeal[1].sys><N/A>

[Secdrv / Secdrv][Stopped/Manual Start]

  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>

[Apple Mobile USB Driver / USBAAPL][Stopped/Manual Start]

  <System32\Drivers\usbaapl.sys><Apple, Inc.>

[VMware kbd / vmkbd][Running/Manual Start]

  <\??\C:\WINDOWS\system32\drivers\VMkbd.sys><VMware, Inc.>

[VMware Virtual Ethernet Adapter Driver / VMnetAdapter][Running/Manual Start]

  <system32\DRIVERS\vmnetadapter.sys><VMware, Inc.>

[VMware Bridge Protocol / VMnetBridge][Running/Auto Start]

  <system32\DRIVERS\vmnetbridge.sys><VMware, Inc.>

[VMware Network Application Interface / VMnetuserif][Running/Auto Start]

  <\??\C:\WINDOWS\system32\drivers\vmnetuserif.sys><VMware, Inc.>

[VMware VMparport / VMparport][Running/Auto Start]

  <\??\C:\WINDOWS\system32\Drivers\VMparport.sys><VMware, Inc.>

[VMware vmx86 / vmx86][Running/Auto Start]

  <\??\C:\WINDOWS\system32\Drivers\vmx86.sys><VMware, Inc.>

[Vstor2 Virtual Storage Driver / vstor2][Running/Auto Start]

  <\??\C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys><VMware, Inc.>

[Vstor2 WS60 Virtual Storage Driver / vstor2-ws60][Running/Auto Start]

  <\??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys><VMware, Inc.>

[Windows Driver Foundation - User-mode Driver Framework Platform Driver / WudfPf][Stopped/Boot Start]

  <\SystemRoot\C:\WINDOWS\system32\WudfPf.sys><N/A>

[Windows Driver Foundation - User-mode Driver Framework Reflector / WudfRd][Stopped/Manual Start]

  <C:\WINDOWS\system32\wudfrd.sys><N/A>



==================================

Browser Add-ons

[Send to OneNote from Internet Explorer button]

  {2670000A-7350-4f3c-8081-5663EE0C6C49} <C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll, (Signed) Microsoft Corporation>

[&Research]

  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL, (Signed) Microsoft Corporation>

[]

  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>

[Messenger]

  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>

[MSN Toolbar]

  {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} <C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll, (Signed) Microsoft Corp.>

[AVG Security Toolbar]

  {CCC7A320-B3CA-4199-B1A6-9F516DD69829} <C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll, (Signed) >

[System Requirements Lab Class]

  {1E54D648-B804-468d-BC78-4AFFED8E262F} <C:\WINDOWS\Downloaded Program Files\sysreqlab_nvd.dll, (Signed) Husdawg, LLC>

[Java Plug-in 1.6.0_15]

  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >

[Java Plug-in 1.6.0_15]

  {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >

[Java Plug-in 1.6.0_15]

  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_15.dll, (Signed) Sun Microsystems, Inc.>

[QuickTime Object]

  {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, (Signed) Apple Inc.>

[MetaStreamCtl Class]

  {03F998B2-0E00-11D3-A498-00104B6EB52E} <C:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll, Viewpoint Corporation>

[Outlook Today's Data-binding control]

  {0468C085-CA5B-11D0-AF08-00609797F0E0} <C:\PROGRA~1\MI1933~1\Office12\OUTLCTL.DLL, (Signed) >

[]

  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >

[Windows Genuine Advantage Validation Tool]

  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.dll, (Signed) Microsoft Corporation>

[Adobe PDF Link Helper]

  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>

[InformationCardSigninHelper Class]

  {19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, (Signed) Microsoft Corporation>

[System Requirements Lab Class]

  {1E54D648-B804-468D-BC78-4AFFED8E262F} <C:\WINDOWS\Downloaded Program Files\sysreqlab_nvd.dll, (Signed) Husdawg, LLC>

[MSN Toolbar]

  {1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414} <C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll, (Signed) Microsoft Corp.>

[Windows Media Player]

  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>

[HTML Document]

  {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>

[]

  {2670000A-7350-4F3C-8081-5663EE0C6C49} <, >

[XML DOM Document]

  {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>

[DHTML Edit Control Safe for Scripting for IE5]

  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>

[HtmlDlgSafeHelper Class]

  {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, (Signed) Microsoft Corporation>

[AVG Safe Search]

  {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} <C:\Program Files\AVG\AVG8\avgssie.dll, (Signed) AVG Technologies CZ, s.r.o.>

[QuickTime Object]

  {4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:\Program Files\QuickTime\QTPlugin.ocx, (Signed) Apple Inc.>

[XML Document]

  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>

[Shell Name Space]

  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>

[]

  {5C255C8A-E604-49B4-9D64-90988571CECB} <, >

[WUWebControl Class]

  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>

[Windows Media Player]

  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>

[MUWebControl Class]

  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>

[Search Helper]

  {6EBF7485-159F-4BFF-A14F-B9E3AAC4465B} <C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll, (Signed) Microsoft Corporation>

[Groove GFS Browser Helper]

  {72853161-30C5-4D22-B7F9-0BBC1D38A37E} <C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll, (Signed) Microsoft Corporation>

[]

  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <, >

[ICQSys (IE PlugIn)]

  {76DC0B63-1533-4BA9-8BE8-D59EB676FA02} <C:\WINDOWS\system32\dddesot.dll, N/A>

[Microsoft Web Browser]

  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>

[XML DOM Document 6.0]

  {88D96A05-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>

[Free Threaded XML DOM Document 6.0]

  {88D96A06-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>

[XSL Template 6.0]

  {88D96A08-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>

[XML HTTP 6.0]

  {88D96A0A-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>

[Windows Live Sign-in Helper]

  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>

[]

  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >

[AVG Security Toolbar BHO]

  {A3BC75A2-1F87-4686-AA43-5347D756017C} <C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll, (Signed) >

[C:\WINDOWS\system32\tajf83ikdmf.dll]

  {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} <C:\WINDOWS\system32\tajf83ikdmf.dll, N/A>

[Microsoft Office 12 Authorization Control]

  {C9712B19-838B-45A5-ABF2-9A315DDDED50} <C:\PROGRA~1\MI1933~1\Office12\AUTHZAX.DLL, (Signed) Microsoft Corporation>

[Adobe PDF Reader]

  {CA8A9780-280D-11CF-A24D-444553540000} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll, (Signed) Adobe Systems, Inc.>

[Microsoft Url Search Hook]

  {CFBFAE00-17A6-11D0-99CB-00C04FD64497} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>

[Msxml]

  {CFC399AF-D876-11D0-9C10-00C04FC99C8E} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>

[Windows Live Sign-in Control]

  {D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>

[Shockwave Flash Object]

  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>

[MSN Toolbar Helper]

  {D2CE3E00-F94A-4740-988E-03DC2F38C34F} <C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll, (Signed) Microsoft Corp.>

[iTunesDetector Class]

  {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} <C:\Program Files\iTunes\ITDetector.ocx, (Signed) Apple Inc.>

[Java(tm) Plug-In 2 SSV Helper]

  {DBC80044-A445-435B-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, (Signed) Sun Microsystems, Inc.>

[QuickTimeCheck Class]

  {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx, (Signed) Apple Inc.>

[Microsoft Silverlight]

  {DFEAF541-F3E1-4C24-ACAC-99C30715084A} <c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll, (Signed)  Microsoft Corporation>

[]

  {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC1~1.DLL, (Signed) Microsoft Corporation>

[]

  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >

[JQSIEStartDetectorImpl Class]

  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.>

[XML HTTP Request]

  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>

[XML HTTP 3.0]

  {F5078F35-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>

[XML DOM Document]

  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>

[XML HTTP]

  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>

[]

  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >

[E&xport to Microsoft Excel]

  <res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000, N/A>



==================================

Running Processes

[PID: 1348][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

[PID: 1372][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5587 (xpsp_sp3_qfe.080424-1259)]

	[C:\WINDOWS\system32\avgrsstx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]

	[C:\WINDOWS\system32\WgaLogon.dll]  [Microsoft Corporation, 1.9.0040.0]

[PID: 1416][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)]

[PID: 1428][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]

	[C:\WINDOWS\system32\nvLsp.dll]  [NVIDIA, 2, 2, 0, 6793]

[PID: 1636][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.11.9038]

	[C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.11.9038]

[PID: 1688][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

	[\\?\globalroot\Device\__max++>\05BB7DD4.x86.dll]  [N/A, ]

	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]

	[C:\WINDOWS\system32\nvLsp.dll]  [NVIDIA, 2, 2, 0, 6793]

[PID: 1756][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

	[\\?\globalroot\Device\__max++>\05BB7DD4.x86.dll]  [N/A, ]

	[C:\WINDOWS\system32\nvLsp.dll]  [NVIDIA, 2, 2, 0, 6793]

	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]

[PID: 1124][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

	[C:\WINDOWS\system32\nvLsp.dll]  [NVIDIA, 2, 2, 0, 6793]

	[\\?\globalroot\Device\__max++>\05BB7DD4.x86.dll]  [N/A, ]

	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]

[PID: 1248][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

	[C:\WINDOWS\system32\nvLsp.dll]  [NVIDIA, 2, 2, 0, 6793]

	[\\?\globalroot\Device\__max++>\05BB7DD4.x86.dll]  [N/A, ]

	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]

[PID: 1064][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

	[C:\WINDOWS\system32\nvLsp.dll]  [NVIDIA, 2, 2, 0, 6793]

	[\\?\globalroot\Device\__max++>\05BB7DD4.x86.dll]  [N/A, ]

	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]

[PID: 1792][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]

	[\\?\globalroot\Device\__max++>\05BB7DD4.x86.dll]  [N/A, ]

	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]

	[C:\WINDOWS\system32\hpz3l5ha.dll]  [Hewlett-Packard Company, 61.071.244.00]

	[C:\WINDOWS\system32\Primomonnt.dll]  [N/A, ]

	[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp5ha.dll]  [Hewlett-Packard Corporation, 61.071.244.00]

[PID: 752][C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe]  [AVG, 8.5.2.718]

	[C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]

	[C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]

	[C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\boost_thread-vc71-mt-1_32.dll]  [N/A, ]

	[C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\boost_log-vc71-mt-1_32.dll]  [N/A, ]

	[C:\Program Files\AVG\AVG8\avgapix.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]

	[C:\Program Files\AVG\AVG8\avgcfgx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]

	[C:\Program Files\AVG\AVG8\avglogx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]

	[C:\Program Files\AVG\AVG8\avglngx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]

	[\\?\globalroot\Device\__max++>\05BB7DD4.x86.dll]  [N/A, ]

	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]

	[C:\WINDOWS\system32\nvLsp.dll]  [NVIDIA, 2, 2, 0, 6793]

[PID: 940][C:\WINDOWS\RTHDCPL.EXE]  [Realtek Semiconductor Corp., 2.2.5.2]

[PID: 1036][C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe]  [Microsoft® Corporation, 6.00.3215.0]

[PID: 1020][C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe]  [Microsoft Corporation, 12.0.6413.1000]

	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.4053]

[PID: 2020][C:\WINDOWS\explorer.exe]  [(Verified) Microsoft Corporation, 6.00.2900.5634 (xpsp_sp3_qfe.080703-1303)]

	[\\?\globalroot\systemroot\system32\vsfocequqexscr.dll]  [N/A, ]

	[\\?\globalroot\Device\__max++>\05BB7DD4.x86.dll]  [N/A, ]

	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.4053]

	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]

	[C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll]  [Microsoft Corporation, 7.00.6001.18260 (vistasp1_gdr_oobsvc.090524-1500)]

	[C:\Program Files\Common Files\Nero\SMC\NeroDigitalExt.dll]  [Nero AG, 6, 2, 10, 31]

	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL]  [Microsoft Corporation, 8.00.50727.762]

	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.762]

	[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 9.1.0.2009022700]

	[C:\WINDOWS\system32\nvLsp.dll]  [NVIDIA, 2, 2, 0, 6793]

	[C:\Program Files\WinRAR\rarext.dll]  [N/A, ]

	[C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll]  [Nero AG, 4.0.5.100]

	[C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll]  [Malwarebytes Corporation, 1, 2, 0, 0]

	[C:\Program Files\AVG\AVG8\avgse.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]

[PID: 484][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

[PID: 516][C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe]  [Apple Inc., 2.50.39.0]

	[C:\WINDOWS\system32\nvLsp.dll]  [NVIDIA, 2, 2, 0, 6793]

	[\\?\globalroot\Device\__max++>\05BB7DD4.x86.dll]  [N/A, ]

	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]

[PID: 688][C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe]  [AVG Technologies CZ, s.r.o., 8.5.0.401]

	[C:\Program Files\AVG\AVG8\avglogx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]

	[C:\PROGRA~1\AVG\AVG8\avgwd.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]

	[C:\PROGRA~1\AVG\AVG8\avgcfgx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]

	[C:\PROGRA~1\AVG\AVG8\avgsched.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]

	[C:\PROGRA~1\AVG\AVG8\avgwdwsc.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]

	[C:\PROGRA~1\AVG\AVG8\avglngx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]

[PID: 344][C:\PROGRA~1\AVG\AVG8\avgfws8.exe]  [AVG Technologies CZ, s.r.o., 8.5.0.401]

	[C:\Program Files\AVG\AVG8\avglogx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]

	[C:\PROGRA~1\AVG\AVG8\avgcfgx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]

[PID: 532][C:\PROGRA~1\AVG\AVG8\avgam.exe]  [AVG Technologies CZ, s.r.o., 8.5.0.401]

	[C:\Program Files\AVG\AVG8\avglogx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]

	[C:\Program Files\AVG\AVG8\avgcfgx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]

	[C:\Program Files\AVG\AVG8\avglngx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]

	[C:\Program Files\AVG\AVG8\avgameh.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]

	[C:\Program Files\AVG\AVG8\avgamnot.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]

[PID: 656][C:\PROGRA~1\AVG\AVG8\avgrsx.exe]  [AVG Technologies CZ, s.r.o., 8.5.0.401]

	[C:\Program Files\AVG\AVG8\avglogx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]

	[C:\PROGRA~1\AVG\AVG8\avgcorex.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.411]

	[C:\PROGRA~1\AVG\AVG8\avgcrlpx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]

[PID: 808][C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe]  [AVG, 8.5.2.718]

	[C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]

	[C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]

	[C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\boost_thread-vc71-mt-1_32.dll]  [N/A, ]

	[C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\boost_log-vc71-mt-1_32.dll]  [N/A, ]

[PID: 1884][C:\Program Files\Bonjour\mDNSResponder.exe]  [Apple Inc., 1,0,6,2]

	[C:\WINDOWS\system32\nvLsp.dll]  [NVIDIA, 2, 2, 0, 6793]

	[\\?\globalroot\Device\__max++>\05BB7DD4.x86.dll]  [N/A, ]

	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]

[PID: 2144][C:\Program Files\Java\jre6\bin\jqs.exe]  [Sun Microsystems, Inc., 6.0.150.3]

	[C:\Program Files\Java\jre6\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]

	[C:\WINDOWS\system32\nvLsp.dll]  [NVIDIA, 2, 2, 0, 6793]

	[\\?\globalroot\Device\__max++>\05BB7DD4.x86.dll]  [N/A, ]

	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]

[PID: 3408][C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe]  [Malwarebytes Corporation, 1.02]

[PID: 3712][C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe]  [Nero AG, 4.0.0.114]

	[C:\Program Files\Common Files\Nero\Nero BackItUp 4\NB.dll]  [Nero AG, 4.0.0.114]

	[C:\Program Files\Common Files\Nero\Nero BackItUp 4\LBFC.dll]  [Nero AG, 4.0.0.114]

	[C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBBurn.dll]  [Nero AG, 4.0.0.114]

	[C:\Program Files\Common Files\Nero\Nero BackItUp 4\NeroAPIGlueLayerUnicode.dll]  [Nero AG, 9.0.0.100]

[PID: 3728][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

	[c:\windows\system32\hpzinw12.dll]  [Hewlett-Packard, 12,1,1,52]

[PID: 3756][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

	[c:\windows\system32\hpzipm12.dll]  [Hewlett-Packard, 12,1,1,52]

[PID: 3832][C:\WINDOWS\system32\PSIService.exe]  [, 2.0.0.1]

	[C:\WINDOWS\system32\PSIKey.dll]  [Protexis Inc., 2.0.0.1]

[PID: 2184][C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe]  [Microsoft Corporation, 1.3.59.0]

	[C:\WINDOWS\system32\nvLsp.dll]  [NVIDIA, 2, 2, 0, 6793]

	[\\?\globalroot\Device\__max++>\05BB7DD4.x86.dll]  [N/A, ]

	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]

[PID: 2268][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]

	[C:\WINDOWS\system32\hpowiax5.dll]  [Hewlett-Packard, 9.0.0.135]

[PID: 2332][C:\Program Files\Viewpoint\Common\ViewpointService.exe]  [Viewpoint Corporation, 2, 0, 0, 54]

[PID: 2372][C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe]  [VMware, Inc., 1.5.2 build-42958]

	[C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmxScsiLib.dll]  [VMware, Inc., 1.5.2 build-42958]

	[C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\SSLEAY32.dll]  [N/A, ]

	[C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\LIBEAY32.dll]  [N/A, ]

[PID: 2472][C:\WINDOWS\system32\vmnat.exe]  [VMware, Inc., 6.0.2 build-59824]

	[C:\WINDOWS\system32\nvLsp.dll]  [NVIDIA, 2, 2, 0, 6793]

	[\\?\globalroot\Device\__max++>\05BB7DD4.x86.dll]  [N/A, ]

	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]

[PID: 2540][C:\WINDOWS\system32\SearchIndexer.exe]  [Microsoft Corporation, 7.0.6001.16503 (longhorn(wmbla).080526-2159)]

[PID: 2920][C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe]  [, 1, 0, 1, 0]

	[C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\NMI.dll]  [NVIDIA Corporation, 2, 2, 0, 6793]

	[C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll]  [N/A, ]

	[C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll]  [NVIDIA Corporation, 2, 2, 0, 6793]

	[C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common_firewall.dll]  [NVIDIA, 2, 2, 0, 6793]

	[C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_resource_L1033.dll]  [NVIDIA Corporation, 1, 0, 1, 0]

[PID: 3000][C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe]  [, 2, 2, 0, 6793]

	[C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll]  [N/A, ]

	[C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\NMI.dll]  [NVIDIA Corporation, 2, 2, 0, 6793]

	[C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll]  [NVIDIA Corporation, 2, 2, 0, 6793]

	[C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common_firewall.dll]  [NVIDIA, 2, 2, 0, 6793]

[PID: 3068][C:\Program Files\VMware\VMware Workstation\vmware-authd.exe]  [VMware, Inc., 6.0.2 build-59824]

	[C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]

	[C:\Program Files\VMware\VMware Workstation\vmwarebase.DLL]  [VMware, Inc., 6.0.2 build-59824]

	[C:\Program Files\VMware\VMware Workstation\vmcryptolib.DLL]  [VMware, Inc., 6.0.0 build-43577]

	[C:\Program Files\VMware\VMware Workstation\libxml2.dll]  [N/A, ]

	[C:\Program Files\VMware\VMware Workstation\iconv.dll]  [Free Software Foundation, 1.9]

	[C:\Program Files\VMware\VMware Workstation\zlib1.dll]  [, 1.2.3]

	[C:\WINDOWS\system32\nvLsp.dll]  [NVIDIA, 2, 2, 0, 6793]

	[\\?\globalroot\Device\__max++>\05BB7DD4.x86.dll]  [N/A, ]

	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]

[PID: 3540][C:\WINDOWS\system32\vmnetdhcp.exe]  [VMware, Inc., 6.0.2 build-59824]

	[C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]

[PID: 4464][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]

[PID: 5380][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]

	[C:\WINDOWS\TEMP\rundll32.dll]  [Microsoft, 1, 0, 0, 1]

[PID: 1264][C:\Program Files\AIM6\aim6.exe]  [AOL LLC, 1.4.9.1]

	[C:\Program Files\AIM6\xprt5.dll]  [AOL LLC, 5.2.7.5225]

	[C:\Program Files\AIM6\AOLSvcMgr.dll]  [AOL LLC, 16.2.3.1]

	[C:\Program Files\AIM6\xprt6.dll]  [AOL LLC, 6.8.3.6195]

	[C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll]  [AOL LLC, 3.3.15.2]

	[c:\program files\aim6\services\notification\ver7_1_1_1\Notify.dll]  [AOL LLC, 7.1.1.1]

	[c:\program files\aim6\services\imApp\ver6_9_17_2\imAppService.dll]  [AOL LLC, 6.9.17.2]

	[C:\Program Files\AIM6\acccore.dll]  [AOL LLC, 1.8.1.2187]

	[C:\Program Files\AIM6\coolcore57.dll]  [AOL LLC, 5.7.1.6195]

	[C:\Program Files\AIM6\image.dll]  [AOL LLC, 1, 0, 0, 1]

	[c:\program files\aim6\services\preferences\ver6_1_1_1\preferences.dll]  [AOL LLC, 6.1.1.1]

	[c:\program files\aim6\services\localStorage\ver8_1_1_1\clsSvc.dll]  [AOL LLC, 8.1.1.1]

	[c:\program files\aim6\services\osInfo\ver2_1_1_1\OSInfo.dll]  [AOL LLC, 2.1.1.1]

	[c:\program files\aim6\services\osInfo\ver2_1_1_1\AOLIdleMon.dll]  [AOL LLC, 2.1.1.1]

	[C:\Program Files\AIM6\nss3.dll]  [Netscape Communications Corporation, 3.9.2]

	[C:\Program Files\AIM6\softokn3.dll]  [Netscape Communications Corporation, 3.9.2]

	[C:\Program Files\AIM6\plc4.dll]  [Netscape Communications Corporation, 4.4.1]

	[C:\Program Files\AIM6\nspr4.dll]  [Netscape Communications Corporation, 4.4.1]

	[C:\Program Files\AIM6\plds4.dll]  [Netscape Communications Corporation, 4.4.1]

	[C:\Program Files\AIM6\ssl3.dll]  [Netscape Communications Corporation, 3.9.2]

	[C:\Program Files\AIM6\smime3.dll]  [Netscape Communications Corporation, 3.9.2]

	[C:\Program Files\AIM6\nssckbi.dll]  [N/A, ]

	[C:\Program Files\AIM6\jgtktlk.dll]  [America Online, Inc., 070]

	[C:\WINDOWS\system32\nvLsp.dll]  [NVIDIA, 2, 2, 0, 6793]

	[\\?\globalroot\Device\__max++>\05BB7DD4.x86.dll]  [N/A, ]

	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]

	[c:\program files\aim6\services\imApp\ver6_9_17_2\aimBrowser.dll]  [AOL LLC, 2.0.0.0]

	[c:\program files\aim6\services\urlData\ver2_1_1_1\urlData.dll]  [AOL LLC, 2.1.1.1]

	[c:\program files\aim6\services\addressBook\ver1_12_1_1\ABsvc.dll]  [AOL LLC, 1.12.1.1]

	[C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx]  [Adobe Systems, Inc., 10,0,22,87]

	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.4053]

[PID: 4068][C:\Program Files\AIM6\aolsoftware.exe]  [AOL LLC, 16.2.3.1]

	[C:\Program Files\AIM6\AOLSvcMgr.dll]  [AOL LLC, 16.2.3.1]

	[C:\Program Files\AIM6\xprt6.dll]  [AOL LLC, 6.8.3.6195]

	[C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll]  [AOL LLC, 3.3.15.2]

	[c:\program files\aim6\services\notification\ver7_1_1_1\Notify.dll]  [AOL LLC, 7.1.1.1]

	[c:\program files\aim6\services\localStorage\ver8_1_1_1\clsSvc.dll]  [AOL LLC, 8.1.1.1]

	[C:\WINDOWS\system32\nvLsp.dll]  [NVIDIA, 2, 2, 0, 6793]

	[\\?\globalroot\Device\__max++>\05BB7DD4.x86.dll]  [N/A, ]

	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]

[PID: 4188][C:\Program Files\MathType\MathType.exe]  [Design Science, Inc., 2009.3.10.0 ]

	[\\?\globalroot\Device\__max++>\05BB7DD4.x86.dll]  [N/A, ]

	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]

	[C:\WINDOWS\system32\nvLsp.dll]  [NVIDIA, 2, 2, 0, 6793]

[PID: 972][C:\PROGRA~1\AVG\AVG8\avgnsx.exe]  [AVG Technologies CZ, s.r.o., 8.5.0.401]

	[C:\Program Files\AVG\AVG8\avglogx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]

	[C:\PROGRA~1\AVG\AVG8\avgcfgx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]

	[C:\WINDOWS\system32\nvLsp.dll]  [NVIDIA, 2, 2, 0, 6793]

	[\\?\globalroot\Device\__max++>\05BB7DD4.x86.dll]  [N/A, ]

	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]

	[C:\PROGRA~1\AVG\AVG8\avgxpl.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]

	[C:\Program Files\AVG\AVG8\avglvex.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]

	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL]  [Microsoft Corporation, 8.00.50727.762]

	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.762]

	[C:\PROGRA~1\AVG\AVG8\avgcorex.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.411]

	[C:\PROGRA~1\AVG\AVG8\avgcrlpx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]

[PID: 5976][C:\WINDOWS\system32\wuauclt.exe]  [(Verified) Microsoft Corporation, 7.2.6001.788 (winmain_oob/wu_wsuswlc(wmbla).081016-1330)]

[PID: 5192][C:\Documents and Settings\Dean\Desktop\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.1.1279]

[PID: 2360][C:\Documents and Settings\Dean\Desktop\sreng2\SREccc8dd8f.EXE]  [Smallfrogs Studio, 2.8.1.1279]

	[C:\Documents and Settings\Dean\Desktop\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

	[\\?\globalroot\Device\__max++>\05BB7DD4.x86.dll]  [N/A, ]

	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]

	[C:\WINDOWS\system32\nvLsp.dll]  [NVIDIA, 2, 2, 0, 6793]



==================================

File Associations

.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]

.EXE  OK. ["%1" %*]

.COM  OK. ["%1" %*]

.PIF  OK. ["%1" %*]

.REG  OK. [regedit.exe "%1"]

.BAT  OK. ["%1" %*]

.SCR  OK. ["%1" /S]

.CHM  OK. ["C:\WINDOWS\hh.exe" %1]

.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]

.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]

.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]

.LNK  OK. [{00021401-0000-0000-C000-000000000046}]



==================================

Winsock Provider

NVIDIA App Filter over [MSAFD Tcpip [TCP/IP]]

	C:\WINDOWS\system32\nvLsp.dll(NVIDIA, NVIDIA IAM LSP)

NVIDIA App Filter over [MSAFD Tcpip [UDP/IP]]

	C:\WINDOWS\system32\nvLsp.dll(NVIDIA, NVIDIA IAM LSP)

NVIDIA App Filter over [MSAFD Tcpip [RAW/IP]]

	C:\WINDOWS\system32\nvLsp.dll(NVIDIA, NVIDIA IAM LSP)

NVIDIA App Filter

	C:\WINDOWS\system32\nvLsp.dll(NVIDIA, NVIDIA IAM LSP)



==================================

Autorun.Inf

N/A



==================================

HOSTS File

127.0.0.1	   localhost



==================================

Process Privileges Scan

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1636, C:\WINDOWS\SYSTEM32\NVSVC32.EXE]

Special Privileges Enabled: SeDebugPrivilege [PID = 1036, C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2332, C:\PROGRAM FILES\VIEWPOINT\COMMON\VIEWPOINTSERVICE.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2920, C:\PROGRAM FILES\NVIDIA CORPORATION\NETWORKACCESSMANAGER\BIN32\NSVCAPPFLT.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3000, C:\PROGRAM FILES\NVIDIA CORPORATION\NETWORKACCESSMANAGER\BIN32\NSVCIP.EXE]

Special Privileges Enabled: SeLoadDriverPrivilege [PID = 5192, C:\DOCUMENTS AND SETTINGS\DEAN\DESKTOP\SRENG2\SRENGLDR.EXE]



==================================

Scheduled Tasks

[Enabled] {BB65B0FB-5712-401b-B616-E69AC55E2757}.job

		C:\WINDOWS\TEMP\a.exe 

[Enabled] {7B02EF0B-A410-4938-8480-9BA26420A627}.job

		C:\WINDOWS\TEMP\c.exe 

[Enabled] OGALogon.job

		C:\WINDOWS\system32\OGAEXEC.exe 

[Enabled] AppleSoftwareUpdate.job

		C:\Program Files\Apple Software Update\SoftwareUpdate.exe 

[Enabled] Ad-Aware Update (Daily).job

		C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe 



==================================

Windows Security Update Check

 Microsoft .NET Framework version 1.1 

KB926139,  Windows PowerShell 1.0 for Windows XP (KB926139) 

KB963663,  Update for Microsoft Office Access 2007 Help (KB963663) 

KB963662,  Update for Microsoft Office InfoPath 2007 Help (KB963662) 

KB963673,  Update for the 2007 Microsoft Office System Help for Common Features (KB963673) 

KB963670,  Update for Microsoft Office OneNote 2007 Help (KB963670) 

KB963667,  Update for Microsoft Office Publisher 2007 Help (KB963667) 

KB963671,  Update for Microsoft Script Editor Help (KB963671) 

KB931125,  Update for Root Certificates [May 2009] (KB931125) 

KB963678,  Update for Microsoft Office Excel 2007 Help (KB963678) 

KB963677,  Update for Microsoft Office Outlook 2007 Help (KB963677) 

KB963669,  Update for Microsoft Office PowerPoint 2007 Help (KB963669) 

KB963665,  Update for Microsoft Office Word 2007 Help (KB963665) 

KB963665,  Office Live add-in 1.4 

KB968389,  Update for Windows XP (KB968389) 

KB973874,  Update for Internet Explorer 8 Compatibility View List for Windows XP (KB973874) 

KB956844,  Security Update for Windows XP (KB956844) MS09-046

KB890830,  Windows Malicious Software Removal Tool - September 2009 (KB890830) 

KB971961,  Security Update for Jscript 5.8 for Windows XP (KB971961) MS09-045



==================================

API HOOK

N/A



==================================

Hidden Process

N/A



==================================


#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 09 September 2009 - 06:28 PM

I think it's time to head on over to the HijackThis forum for a closer look.

Preparation Guide for use before posting a HijackThis Log

Go straight to Step 6. Don't bother with the DDS log and just post your RootRepeal and System Repair Engineer logs.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 deansterdean

deansterdean
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 09 September 2009 - 06:42 PM

I tried that program at step 6 and it opens and then disappears.

I think I'm going to cut my loses and format the harddrive. Any advice on reloading Windows? to make sure the virus is gone with a good format?

Thanks for all your help :thumbsup:

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:32 PM

Posted 09 September 2009 - 06:57 PM

Here's some good instructions on doing a clean install of Windows.

http://michaelstevenstech.com/cleanxpinstall.html

Reinstalling is a good idea I think. It will be much faster than trying to remove the virus.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 deansterdean

deansterdean
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:32 PM

Posted 09 September 2009 - 07:16 PM

Thanks again for all your help. Going to install tonight.

Great readme file too :thumbsup:

Regards




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users