Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit problem


  • This topic is locked This topic is locked
13 replies to this topic

#1 grahamp

grahamp

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 16 September 2009 - 11:44 AM

Hi

I have been asked in the Am I Infected? forum to post this log here. I am unable to run DDS.SCR or RSIT,EXE but the System Repair Engineer seems to have worked. Here's the log. I can post my original message as well if this will help

2009-09-16,17:19:37

System Repair Engineer 2.8.1.1279
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 3 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
	All Boot Items (Including Registry, Startup Folders, Services and so on)
	Browser Add-ons
	Running Processes (Including process model information)
	File Associations
	Winsock Provider
	Autorun.Inf
	HOSTS File
	Process Privileges Scan
	Scheduled Tasks
	Windows Security Update Check
	API HOOK
	Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
	<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows Component Publisher]
	<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
	<kdx><C:\Program Files\Kontiki\KHost.exe -all>  [(Verified)"Kontiki, Inc"]
	<G Powers><C:\Documents and Settings\G Powers\G Powers.exe>  []
	<Monopod><C:\DOCUME~1\GPOWER~1\LOCALS~1\Temp\a.exe>  [File is missing]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
	<SoundMAXPnP><C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe>  [Analog Devices, Inc.]
	<SoundMAX><"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray>  [Analog Devices, Inc.]
	<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)"RealNetworks, Inc."]
	<Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
	<KMCONFIG><C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe KMConfig.exe>  [File is missing]
	<AVG8_TRAY><C:\PROGRA~1\AVG\AVG8\avgtray.exe>  [(Verified)AVG Technologies]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
	<Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
	<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
	<PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
	<CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
	<WebCheck><C:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows]
	<SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
	<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
	<WinlogonNotify: avgrsstarter><avgrsstx.dll>  [(Verified)AVG Technologies]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
	<WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
	<WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
	<WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
	<WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
	<WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
	<WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
	<WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
	<WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
	<WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
	<WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
	<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
	<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
	<Internet Explorer Version Update><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
	<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
	<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
	<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{E497BACD-9F23-4CDC-B3EE-963005CF088D}]
	<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
	<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
	<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
	<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
	<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
	<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
	<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
	<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
	<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
	<N/A><c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
	<IE Tour Reset Stub><C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12>  [File is missing]
[HKEY_CURRENT_USER\Control Panel\Desktop]
	<SCRNSAVE.EXE><C:\WINDOWS\system32\ssflwbox.scr>  [(Verified)Microsoft Windows Component Publisher]

==================================
Startup Folders
[ATI CATALYST System Tray]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk --> C:\PROGRA~1\ATITEC~1\ATI.ACE\CLI.exe [ATI Technologies Inc.]><N>

==================================
Services
[Apple Mobile Device / Apple Mobile Device][Running/Auto Start]
  <"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple, Inc.>
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[AVG Free8 WatchDog / avg8wd][Running/Auto Start]
  <C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe><AVG Technologies CZ, s.r.o.>
[Windows CardSpace / idsvc][Stopped/Manual Start]
  <"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"><Microsoft Corporation>
[Java Quick Starter / JavaQuickStarterService][Running/Auto Start]
  <"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"><Sun Microsystems, Inc.>
[Keyboard And Mouse Communication Service / KMWDSERVICE][Running/Auto Start]
  <C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe><UASSOFT.COM>
[KService / KService][Running/Auto Start]
  <"C:\Program Files\Kontiki\KService.exe"><Kontiki Inc.>
[NBService / NBService][Stopped/Disabled]
  <C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe><Nero AG>
[Net.Tcp Port Sharing Service / NetTcpPortSharing][Stopped/Disabled]
  <"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"><Microsoft Corporation>
[NMIndexingService / NMIndexingService][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"><Nero AG>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
  <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[Windows Presentation Foundation Font Cache 3.0.0.0 / FontCache3.0.0.0][Stopped/Manual Start]
  <c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe><Microsoft Corporation>

==================================
Drivers
[General Purpose USB Driver (adildr.sys) / ADILOADER][Stopped/Auto Start]
  <System32\Drivers\adildr.sys><N/A>
[USB ADSL WAN Adapter / adiusbaw][Stopped/Manual Start]
  <system32\DRIVERS\adiusbaw.sys><N/A>
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[AVG Free AVI Loader Driver x86 / AvgLdx86][Running/System Start]
  <\SystemRoot\System32\Drivers\avgldx86.sys><AVG Technologies CZ, s.r.o.>
[AVG Free On-access Scanner Minifilter Driver x86 / AvgMfx86][Running/System Start]
  <\SystemRoot\System32\Drivers\avgmfx86.sys><AVG Technologies CZ, s.r.o.>
[AVG Free8 Network Redirector / AvgTdiX][Running/System Start]
  <\SystemRoot\System32\Drivers\avgtdix.sys><AVG Technologies CZ, s.r.o.>
[Bonifay / Bonifay][Running/Manual Start]
  <System32\DRIVERS\Bonifay.sys><Freecom>
[Gonzales / Gonzales][Stopped/Manual Start]
  <System32\DRIVERS\Gonzales.sys><Freecom>
[HSFHWBS2 / HSFHWBS2][Running/Manual Start]
  <system32\DRIVERS\HSFHWBS2.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
  <system32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[HSF_DPV / HSF_DPV][Stopped/Manual Start]
  <system32\DRIVERS\HSF_DPV.sys><Conexant Systems, Inc.>
[jgameenp / jgameenp][Stopped/Manual Start]
  <\??\C:\DOCUME~1\GPOWER~1\LOCALS~1\Temp\jgameenp.sys><N/A>
[KMWDFilter / KMWDFilter][Running/Manual Start]
  <\??\C:\WINDOWS\System32\Drivers\KMWDFilter.SYS><Windows (R) Codename Longhorn DDK provider>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[MidiSyn / MidiSyn][Stopped/Manual Start]
  <system32\drivers\MidiSyn.sys><Analog Devices, Inc.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[senfilt / senfilt][Running/Manual Start]
  <system32\drivers\senfilt.sys><Sensaura>
[SiS191/SiS190 Ethernet Device NDIS 5.1 Driver / SiSGbeXP][Running/Manual Start]
  <system32\DRIVERS\SiSGbeXP.sys><Silicon Integrated Systems Corp.>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>

==================================
Browser Add-ons
[&Yahoo! Toolbar Helper]
  {02478D38-C3F9-4efb-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, (Signed) Yahoo! Inc.>
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[AVG Safe Search]
  {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} <C:\Program Files\AVG\AVG8\avgssie.dll, (Signed) AVG Technologies CZ, s.r.o.>
[Java(tm) Plug-In SSV Helper]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre6\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435b-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, Sun Microsystems, Inc.>
[JQSIEStartDetectorImpl Class]
  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.>
[SingleInstance Class]
  {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} <C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll, (Signed) Yahoo! Inc>
[&Research]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[Yahoo! Toolbar]
  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, (Signed) Yahoo! Inc.>
[]
  {CCC7A320-B3CA-4199-B1A6-9F516DD69829} <, >
[YInstStarter Class]
  {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} <C:\WINDOWS\Downloaded Program Files\yinsthelper.dll, (Signed) Yahoo! Inc.>
[]
  {67DABFBF-D0AB-41FA-9C46-CC0F21721616} <, >
[Java Plug-in 1.6.0_11]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[ScorchPlugin Class]
  {A8F2B9BD-A6A0-486A-9744-18920D898429} <C:\Program Files\Sibelius Software\Scorch\ActiveXPlugin\ScorchAxPlugin.dll, (Signed) >
[Java Plug-in 1.6.0_07]
  {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.6.0_11]
  {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.6.0_11]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_11.dll, (Signed) Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx, (Signed) Adobe Systems, Inc.>
[Microsoft Outlook 8.0 Object Library]
  {0006F033-0000-0000-C000-000000000046} <, >
[Microsoft Office Outlook]
  {0006F03A-0000-0000-C000-000000000046} <, >
[&Yahoo! Toolbar Helper]
  {02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, (Signed) Yahoo! Inc.>
[]
  {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <, >
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, N/A>
[]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[]
  {0CCA191D-13A6-4E29-B746-314DEE697D83} <, >
[PeerDraw Class]
  {10072CEC-8CC1-11D1-986E-00A0C955B42E} <%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll, (Signed) N/A>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, (Signed) Microsoft Corporation>
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[InformationCardSigninHelper Class]
  {19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, (Signed) Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[HtmlDlgSafeHelper Class]
  {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, (Signed) Microsoft Corporation>
[YInstStarter Class]
  {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} <C:\WINDOWS\Downloaded Program Files\yinsthelper.dll, (Signed) Yahoo! Inc.>
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, (Signed) Microsoft Corporation>
[AVG Safe Search]
  {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} <C:\Program Files\AVG\AVG8\avgssie.dll, (Signed) AVG Technologies CZ, s.r.o.>
[]
  {4063BE15-3B08-470D-A0D5-B37161CFFD69} <, >
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, (Signed) Microsoft Corporation>
[]
  {53707962-6F74-2D53-2644-206D7942484F} <, >
[MPOD.ClientCore.ComVisible.ComPropositionInstance]
  {542EE6DB-F879-474E-912E-13908B34D21F} <mscoree.dll, Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[MPOD.ClientCore.ComVisible.ComInstalledDetectionObject]
  {55A8ACAD-305B-4C36-92EA-4A7601904982} <mscoree.dll, Microsoft Corporation>
[isInstalled Class]
  {5852F5ED-8BF4-11D4-A245-0080C6F74284} <C:\Program Files\Java\jre6\bin\wsdetect.dll, Sun Microsystems, Inc.>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[]
  {67DABFBF-D0AB-41FA-9C46-CC0F21721616} <, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Microsoft Terminal Services Client Control (redist)]
  {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Java(tm) Plug-In SSV Helper]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre6\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[XML DOM Document 4.0]
  {88D969C0-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>
[XML HTTP 4.0]
  {88D969C5-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>
[XML DOM Document 6.0]
  {88D96A05-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document 6.0]
  {88D96A06-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[XSL Template 6.0]
  {88D96A08-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[XML HTTP 6.0]
  {88D96A0A-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[Java Plug-in 1.6.0_11]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[Microsoft Terminal Services Client Control (redist)]
  {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[SpVoice Class]
  {96749377-3391-11D2-9EE3-00C04F797396} <C:\Program Files\Common Files\Microsoft Shared\Speech\sapi.dll, (Signed) Microsoft Corporation>
[]
  {A3BC75A2-1F87-4686-AA43-5347D756017C} <, >
[ScorchPlugin Class]
  {A8F2B9BD-A6A0-486A-9744-18920D898429} <C:\Program Files\Sibelius Software\Scorch\ActiveXPlugin\ScorchAxPlugin.dll, (Signed) >
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, (Signed) Microsoft Corporation>
[]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <, >
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation>
[OWSClientMiscApis Class]
  {BDEADE3F-C265-11D0-BCED-00A0C90AB50F} <C:\PROGRA~1\MICROS~2\OFFICE11\OWSCLT.DLL, (Signed) Microsoft Corporation>
[OWSBrowserUI Class]
  {BDEADE43-C265-11D0-BCED-00A0C90AB50F} <C:\PROGRA~1\MICROS~2\OFFICE11\OWSCLT.DLL, (Signed) Microsoft Corporation>
[Adobe PDF Reader]
  {CA8A9780-280D-11CF-A24D-444553540000} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll, (Signed) Adobe Systems, Inc.>
[]
  {CCC7A320-B3CA-4199-B1A6-9F516DD69829} <, >
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[]
  {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} <, >
[Microsoft Url Search Hook]
  {CFBFAE00-17A6-11D0-99CB-00C04FD64497} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[Secure Delivery]
  {D1C9B084-BF92-4555-B187-E7B9BCF1928E} <, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx, (Signed) Adobe Systems, Inc.>
[]
  {D6A5A215-FBF3-45E5-ABF8-22FF50916184} <, >
[]
  {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} <, >
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435B-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, Sun Microsystems, Inc.>
[]
  {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <, >
[Microsoft Silverlight]
  {DFEAF541-F3E1-4C24-ACAC-99C30715084A} <c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll, (Signed)  Microsoft Corporation>
[NameCtrl Class]
  {E18FEC31-2EA1-49A2-A7A6-902DC0D1FF05} <C:\Program Files\Microsoft Office\OFFICE11\NAME.DLL, (Signed) Microsoft Corporation>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[JQSIEStartDetectorImpl Class]
  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[Yahoo! Toolbar]
  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, (Signed) Yahoo! Inc.>
[]
  {F0D4B231-DA4B-4DAF-81E4-DFEE4931A4AA} <, >
[]
  {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} <, >
[JScript Language]
  {F414C260-6AC0-11CF-B6D1-00AA00BBBB58} <C:\WINDOWS\system32\jscript.dll, (Signed) Microsoft Corporation>
[XML DOM Document 3.0]
  {F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[SingleInstance Class]
  {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} <C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll, (Signed) Yahoo! Inc>
[E&xport to Microsoft Excel]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 604 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 672 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 700 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
	[C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4121]
	[C:\WINDOWS\system32\avgrsstx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
[PID: 744 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
[PID: 756 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[PID: 924 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4121]
	[C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2499]
[PID: 940 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1024 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[\\?\globalroot\Device\__max++>\7B9F3F08.x86.dll]  [N/A, ]
[PID: 1120 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[\\?\globalroot\Device\__max++>\7B9F3F08.x86.dll]  [N/A, ]
[PID: 1160 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1216 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[\\?\globalroot\Device\__max++>\7B9F3F08.x86.dll]  [N/A, ]
[PID: 1280 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[\\?\globalroot\Device\__max++>\7B9F3F08.x86.dll]  [N/A, ]
[PID: 1604 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
	[\\?\globalroot\Device\__max++>\7B9F3F08.x86.dll]  [N/A, ]
	[C:\WINDOWS\system32\CNMLM92.DLL]  [CANON INC., 2.11.2.10]
	[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD92.DLL]  [CANON INC., 2.11.2.10]
	[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMUI92.DLL]  [CANON INC., 2.11.2.10]
	[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMDR92.DLL]  [CANON INC., 2.11.2.10]
[PID: 1792 / G Powers][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4121]
	[C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2499]
[PID: 1908 / G Powers][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
	[C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll]  [Sun Microsystems, Inc., 2.03]
	[C:\Program Files\OpenOffice.org 2.4\program\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\Program Files\OpenOffice.org 2.4\program\stlport_vc7145.dll]  [STLport Consulting, Inc., 4.5.2003.0120]
	[C:\Program Files\OpenOffice.org 2.4\program\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 9.1.0.2009022700]
	[C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll]  [Nero AG, 2, 9, 1, 0]
	[C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
	[C:\PROGRA~1\WINZIP\WZSHLSTB.DLL]  [WinZip Computing, Inc., 4.1 (32-bit)]
	[C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
	[C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll]  [Nero AG, 2, 9, 1, 1]
	[C:\Program Files\Nero\Nero 7\Nero CoverDesigner\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
	[C:\Program Files\AVG\AVG8\avgse.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
[PID: 392 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 444 / SYSTEM][C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe]  [Apple, Inc., 1, 14, 0, 0]
	[\\?\globalroot\Device\__max++>\7B9F3F08.x86.dll]  [N/A, ]
[PID: 468 / SYSTEM][C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\Program Files\AVG\AVG8\avglogx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\PROGRA~1\AVG\AVG8\avgwd.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\PROGRA~1\AVG\AVG8\avgcfgx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\PROGRA~1\AVG\AVG8\avgamnot.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\PROGRA~1\AVG\AVG8\avgsched.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\PROGRA~1\AVG\AVG8\avgwdwsc.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\PROGRA~1\AVG\AVG8\avglngx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
[PID: 556 / SYSTEM][C:\Program Files\Java\jre6\bin\jqs.exe]  [Sun Microsystems, Inc., 6.0.110.3]
	[C:\Program Files\Java\jre6\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[\\?\globalroot\Device\__max++>\7B9F3F08.x86.dll]  [N/A, ]
[PID: 668 / SYSTEM][C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe]  [UASSOFT.COM, 1, 0, 6, 0]
[PID: 108 / SYSTEM][C:\Program Files\Kontiki\KService.exe]  [Kontiki Inc., 5.12.707.160]
	[\\?\globalroot\Device\__max++>\7B9F3F08.x86.dll]  [N/A, ]
[PID: 1112 / SYSTEM][C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe]  [Analog Devices, Inc., 3, 2, 6, 0]
[PID: 1688 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1992 / SYSTEM][C:\PROGRA~1\AVG\AVG8\avgrsx.exe]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\Program Files\AVG\AVG8\avglogx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\PROGRA~1\AVG\AVG8\avgcorex.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.408]
	[C:\PROGRA~1\AVG\AVG8\avgcrlpx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
[PID: 136 / G Powers][C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe]  [Analog Devices, Inc., 5, 0, 2, 2]
	[C:\Program Files\Analog Devices\SoundMAX\SMWDMIF.dll]  [Analog Devices, Inc., 5, 0, 3, 001]
[PID: 184 / G Powers][C:\Program Files\Analog Devices\SoundMAX\Smax4.exe]  [Analog Devices, Inc., 5, 0, 2, 6]
[PID: 272 / G Powers][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.4279]
[PID: 304 / G Powers][C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe]  [UASSOFT.COM, 1.0.0.1]
[PID: 960 / G Powers][C:\PROGRA~1\AVG\AVG8\avgtray.exe]  [AVG Technologies CZ, s.r.o., 8.5.0.408]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\AVG\AVG8\avglogx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\Program Files\AVG\AVG8\avgcfgx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\Program Files\AVG\AVG8\avglngx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\Program Files\AVG\AVG8\AVGUIRES.DLL]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
[PID: 1696 / G Powers][C:\Program Files\Trust\Trust R-Series Mouse\KMConfig.exe]  [UASSOFT.COM, 3, 0, 0, 1]
[PID: 1812 / G Powers][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[PID: 2096 / G Powers][C:\Program Files\Kontiki\KHost.exe]  [Kontiki Inc., 5.12.707.160]
	[\\?\globalroot\Device\__max++>\7B9F3F08.x86.dll]  [N/A, ]
[PID: 2168 / G Powers][C:\Documents and Settings\G Powers\G Powers.exe]  [N/A, ]
[PID: 2420 / G Powers][C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe]  [ATI Technologies Inc., 1.11.0.0]
	[c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll]  [Microsoft Corporation, 1.1.4322.2407]
	[c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll]  [Microsoft Corporation, 1.1.4322.2032]
	[c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll]  [Microsoft Corporation, 1.1.4322.2407]
	[c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_b0cc18f3\mscorlib.dll]  [N/A, ]
	[c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll]  [Microsoft Corporation, 1.1.4322.2407]
	[c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL]  [Microsoft Corporation, 1.1.4322.2407]
	[c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll]  [Microsoft Corporation, 1.1.4322.2032]
	[c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_d18f9c0e\system.windows.forms.dll]  [N/A, ]
	[c:\program files\ati technologies\ati.ace\cli.implementation.dll]  [ATI Technologies Inc., 1.2.2084.75]
	[c:\program files\ati technologies\ati.ace\log.foundation.dll]  [ATI Technologies Inc., 1.2.2026.29944]
	[c:\program files\ati technologies\ati.ace\cli.foundation.dll]  [ATI Technologies Inc., 1.2.2026.29944]
	[c:\program files\ati technologies\ati.ace\log.foundation.service.dll]  [ATI Technologies Inc., 1.2.2084.74]
	[c:\program files\ati technologies\ati.ace\log.foundation.shared.dll]  [ATI Technologies Inc., 1.2.2026.29970]
	[c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll]  [Microsoft Corporation, 1.1.4322.2407]
	[c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_cd2609bb\system.dll]  [N/A, ]
	[c:\program files\ati technologies\ati.ace\cli.foundation.xmanifestation.dll]  [ATI Technologies Inc., 1.2.2084.74]
	[c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll]  [Microsoft Corporation, 1.1.4322.2032]
	[c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_b5b63dd2\system.xml.dll]  [N/A, ]
	[c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll]  [Microsoft Corporation, 1.1.4322.2032]
	[\\?\globalroot\Device\__max++>\7B9F3F08.x86.dll]  [N/A, ]
	[c:\program files\ati technologies\ati.ace\cli.component.systemtray.dll]  [ATI Technologies Inc., 1.2.2084.50]
	[c:\program files\ati technologies\ati.ace\cli.caste.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2028.21076]
	[c:\program files\ati technologies\ati.ace\dem.graphics.displaysmanager.shared.dll]  [ATI Technologies Inc., 1.2.2026.29945]
	[c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll]  [Microsoft Corporation, 7.10.3052.4]
	[c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\perfcounter.dll]  [Microsoft Corporation, 1.1.4322.2032]
	[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll]  [Microsoft Corporation, 1.1.4322.2407]
	[c:\program files\ati technologies\ati.ace\cli.component.runtime.dll]  [ATI Technologies Inc., 1.2.2084.75]
	[c:\program files\ati technologies\ati.ace\apm.foundation.dll]  [ATI Technologies Inc., 1.2.2026.29959]
	[c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll]  [Microsoft Corporation, 1.1.4322.2032]
	[c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_35b0602e\system.drawing.dll]  [N/A, ]
	[c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll]  [Microsoft Corporation, 1.1.4322.2407]
[PID: 3424 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
	[\\?\globalroot\Device\__max++>\7B9F3F08.x86.dll]  [N/A, ]
[PID: 3496 / G Powers][C:\Program Files\Trust\Trust R-Series Mouse\KMProcess.exe]  [UASSOFT.COM, 4.0.0.1]
	[C:\Program Files\Trust\Trust R-Series Mouse\keydll.dll]  [N/A, ]
	[C:\Program Files\Trust\Trust R-Series Mouse\MouseHook.dll]  [N/A, ]
[PID: 3960 / G Powers][C:\Program Files\ATI Technologies\ATI.ACE\cli.exe]  [ATI Technologies Inc., 1.11.0.0]
	[c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll]  [Microsoft Corporation, 1.1.4322.2407]
	[c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll]  [Microsoft Corporation, 1.1.4322.2032]
	[c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll]  [Microsoft Corporation, 1.1.4322.2407]
	[c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_b0cc18f3\mscorlib.dll]  [N/A, ]
	[c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll]  [Microsoft Corporation, 1.1.4322.2407]
	[c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL]  [Microsoft Corporation, 1.1.4322.2407]
	[c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll]  [Microsoft Corporation, 1.1.4322.2032]
	[c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_d18f9c0e\system.windows.forms.dll]  [N/A, ]
	[c:\program files\ati technologies\ati.ace\cli.implementation.dll]  [ATI Technologies Inc., 1.2.2084.75]
	[c:\program files\ati technologies\ati.ace\log.foundation.dll]  [ATI Technologies Inc., 1.2.2026.29944]
	[c:\program files\ati technologies\ati.ace\cli.foundation.dll]  [ATI Technologies Inc., 1.2.2026.29944]
	[c:\program files\ati technologies\ati.ace\log.foundation.service.dll]  [ATI Technologies Inc., 1.2.2084.74]
	[c:\program files\ati technologies\ati.ace\log.foundation.shared.dll]  [ATI Technologies Inc., 1.2.2026.29970]
	[c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll]  [Microsoft Corporation, 1.1.4322.2407]
	[c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_cd2609bb\system.dll]  [N/A, ]
	[c:\program files\ati technologies\ati.ace\cli.foundation.xmanifestation.dll]  [ATI Technologies Inc., 1.2.2084.74]
	[c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll]  [Microsoft Corporation, 1.1.4322.2032]
	[c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_b5b63dd2\system.xml.dll]  [N/A, ]
	[c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll]  [Microsoft Corporation, 1.1.4322.2032]
	[\\?\globalroot\Device\__max++>\7B9F3F08.x86.dll]  [N/A, ]
	[c:\program files\ati technologies\ati.ace\cli.component.runtime.dll]  [ATI Technologies Inc., 1.2.2084.75]
	[c:\program files\ati technologies\ati.ace\aem.foundation.dll]  [ATI Technologies Inc., 1.2.2026.29944]
	[c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll]  [Microsoft Corporation, 1.1.4322.2032]
	[c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_35b0602e\system.drawing.dll]  [N/A, ]
	[c:\program files\ati technologies\ati.ace\cli.caste.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2084.68]
	[c:\program files\ati technologies\ati.ace\cli.component.runtime.shared.dll]  [ATI Technologies Inc., 1.2.2026.29946]
	[c:\program files\ati technologies\ati.ace\cli.caste.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2028.21076]
	[c:\program files\ati technologies\ati.ace\dem.foundation.dll]  [ATI Technologies Inc., 1.2.2026.29944]
	[c:\program files\ati technologies\ati.ace\dem.graphics.displaysmanager.shared.dll]  [ATI Technologies Inc., 1.2.2026.29945]
	[c:\program files\ati technologies\ati.ace\dem.graphics.demosinfo.dll]  [ATI Technologies Inc., 1.2.2026.29947]
	[c:\program files\ati technologies\ati.ace\dem.graphics.demosadapterinfo.dll]  [ATI Technologies Inc., 1.2.2026.29960]
	[c:\program files\ati technologies\ati.ace\dem.graphics.dematiadapterinfo.dll]  [ATI Technologies Inc., 1.2.2026.29953]
	[c:\program files\ati technologies\ati.ace\dem.graphics.demdriversettings.dll]  [ATI Technologies Inc., 1.2.2026.29947]
	[c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll]  [Microsoft Corporation, 1.1.4322.2407]
	[c:\program files\ati technologies\ati.ace\atidemgr.dll]  [ATI Technologies Inc., 1.2.2083.43054]
	[c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll]  [Microsoft Corporation, 1.1.4322.2032]
	[c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll]  [Microsoft Corporation, 1.1.4322.2032]
	[c:\program files\ati technologies\ati.ace\dem.graphics.demosmodeinfo.dll]  [ATI Technologies Inc., 1.2.2026.29950]
	[c:\program files\ati technologies\ati.ace\dem.graphics.dematidisplaysmanagersettings.dll]  [ATI Technologies Inc., 1.2.2026.29951]
	[c:\program files\ati technologies\ati.ace\dem.graphics.demverylargedesktopsettings.dll]  [ATI Technologies Inc., 1.2.2026.30965]
	[c:\program files\ati technologies\ati.ace\cli.aspect.multivpu.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2083.43149]
	[c:\program files\ati technologies\ati.ace\cli.aspect.multivpu.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2082.25148]
	[c:\program files\ati technologies\ati.ace\cli.aspect.verylargedesktop.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2083.43111]
	[c:\program files\ati technologies\ati.ace\cli.aspect.verylargedesktop.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2040.18973]
	[c:\program files\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2083.43172]
	[c:\program files\ati technologies\ati.ace\cli.aspect.radeon3dlegacy.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2083.43167]
	[c:\program files\ati technologies\ati.ace\cli.aspect.radeon3dlegacy.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2042.16922]
	[c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour2.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2083.43124]
	[c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29953]
	[c:\program files\ati technologies\ati.ace\dem.graphics.demdisplayscoloursettings.dll]  [ATI Technologies Inc., 1.2.2026.29948]
	[c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2084.13]
	[c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29947]
	[c:\program files\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2083.43191]
	[c:\program files\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29962]
	[c:\program files\ati technologies\ati.ace\dem.graphics.mmdeintlacingsettings.dll]  [ATI Technologies Inc., 1.2.2026.29968]
	[c:\program files\ati technologies\ati.ace\cli.aspect.videooverlay.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2083.43159]
	[c:\program files\ati technologies\ati.ace\cli.aspect.videooverlay.graphics.runtime.shared.dll]  [ATI Technologies Inc., 1.2.2026.29952]
	[c:\program files\ati technologies\ati.ace\dem.graphics.videooverlay.shared.dll]  [ATI Technologies Inc., 1.2.2026.29945]
	[c:\program files\ati technologies\ati.ace\cli.aspect.smartgart.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2083.43163]
	[c:\program files\ati technologies\ati.ace\dem.graphics.demsmartgartsettings.dll]  [ATI Technologies Inc., 1.2.2026.29951]
	[c:\program files\ati technologies\ati.ace\cli.aspect.vpurecover.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2083.43155]
	[c:\program files\ati technologies\ati.ace\cli.aspect.vpurecover.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29949]
	[c:\program files\ati technologies\ati.ace\cli.aspect.workstationconfig.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2083.43152]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2084.40]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt2.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2083.43133]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2084.28]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29969]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2083.43124]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29949]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicecv.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2084.35]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicecv.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2033.19041]
	[c:\program files\ati technologies\ati.ace\cli.aspect.customformats.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29945]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2083.43136]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2033.19045]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2084.22]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicetv.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2084.17]
	[c:\program files\ati technologies\ati.ace\dem.graphics.demdevicetvsettings.dll]  [ATI Technologies Inc., 1.2.2026.29961]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2084.31]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29970]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp2.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2083.43128]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29949]
	[c:\program files\ati technologies\ati.ace\cli.aspect.overdrive3.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2083.43180]
	[c:\program files\ati technologies\ati.ace\cli.aspect.overdrive3.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29969]
	[c:\program files\ati technologies\ati.ace\cli.aspect.overdrive2.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2083.43188]
	[c:\program files\ati technologies\ati.ace\dem.graphics.demoverdrivesettings.dll]  [ATI Technologies Inc., 1.2.2026.29969]
	[c:\program files\ati technologies\ati.ace\cli.aspect.powerplay3.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2083.43176]
	[c:\program files\ati technologies\ati.ace\cli.aspect.powerplay3.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29951]
	[c:\program files\ati technologies\ati.ace\dem.graphics.dempowerplaysettings.dll]  [ATI Technologies Inc., 1.2.2026.29969]
	[c:\program files\ati technologies\ati.ace\cli.aspect.displaysoptions.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2084.4]
	[c:\program files\ati technologies\ati.ace\cli.aspect.integratedumaframebuffer.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2083.43196]
	[c:\program files\ati technologies\ati.ace\cli.aspect.infocentre.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2084.0]
	[c:\program files\ati technologies\ati.ace\cli.aspect.infocentre.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29953]
	[c:\program files\ati technologies\ati.ace\cli.aspect.hotkeyshandling.graphics.runtime.dll]  [ATI Technologies Inc., 1.2.2083.43141]
	[c:\program files\ati technologies\ati.ace\cli.aspect.hotkeyshandling.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2036.20028]
	[c:\program files\ati technologies\ati.ace\dem.graphics.demmultivpusettings.dll]  [ATI Technologies Inc., 1.2.2032.14723]
	[c:\program files\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2049.17711]
	[c:\program files\ati technologies\ati.ace\dem.graphics.mmoverlaysettings.dll]  [ATI Technologies Inc., 1.2.2026.29967]
	[c:\program files\ati technologies\ati.ace\dem.graphics.demvideotheatermodesettings.dll]  [ATI Technologies Inc., 1.2.2026.29967]
	[c:\program files\ati technologies\ati.ace\dem.graphics.demvideooverlaysettings.dll]  [ATI Technologies Inc., 1.2.2026.29950]
	[c:\program files\ati technologies\ati.ace\dem.graphics.demvpurecoverinfo.dll]  [ATI Technologies Inc., 1.2.2026.29968]
	[c:\program files\ati technologies\ati.ace\dem.graphics.workstationsettings.dll]  [ATI Technologies Inc., 1.2.2026.29960]
	[c:\program files\ati technologies\ati.ace\cli.aspect.deviceproperty.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29946]
	[c:\program files\ati technologies\ati.ace\dem.graphics.demdevicecrtsettings.dll]  [ATI Technologies Inc., 1.2.2026.29969]
	[c:\program files\ati technologies\ati.ace\dem.graphics.demdevicecommonsettings.dll]  [ATI Technologies Inc., 1.2.2026.29968]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29960]
	[c:\program files\ati technologies\ati.ace\cli.aspect.deviceproperty2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29946]
	[c:\program files\ati technologies\ati.ace\dem.graphics.demdevicecommon2settings.dll]  [ATI Technologies Inc., 1.2.2026.29947]
	[c:\program files\ati technologies\ati.ace\dem.graphics.demdevicelcdsettings.dll]  [ATI Technologies Inc., 1.2.2026.29967]
	[c:\program files\ati technologies\ati.ace\dem.graphics.demdevicecomponentvideosettings.dll]  [ATI Technologies Inc., 1.2.2026.29946]
	[c:\program files\ati technologies\ati.ace\dem.graphics.demdevicetv2settings.dll]  [ATI Technologies Inc., 1.2.2026.29961]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicetv.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29970]
	[c:\program files\ati technologies\ati.ace\dem.graphics.demdevicedfpsettings.dll]  [ATI Technologies Inc., 1.2.2026.29968]
	[c:\program files\ati technologies\ati.ace\dem.graphics.demdevicedfp2settings.dll]  [ATI Technologies Inc., 1.2.2026.29948]
	[c:\program files\ati technologies\ati.ace\dem.graphics.demoverdrive3settings.dll]  [ATI Technologies Inc., 1.2.2026.29970]
	[c:\program files\ati technologies\ati.ace\dem.graphics.demdisplaysmanageroptionssettings.dll]  [ATI Technologies Inc., 1.2.2026.29952]
	[c:\program files\ati technologies\ati.ace\cli.aspect.displaysoptions.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29961]
	[c:\program files\ati technologies\ati.ace\dem.graphics.demumaframebuffersettings.dll]  [ATI Technologies Inc., 1.2.2026.29951]
	[c:\program files\ati technologies\ati.ace\apm.foundation.dll]  [ATI Technologies Inc., 1.2.2026.29959]
	[c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\perfcounter.dll]  [Microsoft Corporation, 1.1.4322.2032]
	[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll]  [Microsoft Corporation, 1.1.4322.2407]
[PID: 2540 / G Powers][C:\Program Files\ATI Technologies\ATI.ACE\cli.exe]  [ATI Technologies Inc., 1.11.0.0]
	[c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll]  [Microsoft Corporation, 1.1.4322.2407]
	[c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll]  [Microsoft Corporation, 1.1.4322.2032]
	[c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll]  [Microsoft Corporation, 1.1.4322.2407]
	[c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_b0cc18f3\mscorlib.dll]  [N/A, ]
	[c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll]  [Microsoft Corporation, 1.1.4322.2407]
	[c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSCORJIT.DLL]  [Microsoft Corporation, 1.1.4322.2407]
	[c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll]  [Microsoft Corporation, 1.1.4322.2032]
	[c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_d18f9c0e\system.windows.forms.dll]  [N/A, ]
	[c:\program files\ati technologies\ati.ace\cli.implementation.dll]  [ATI Technologies Inc., 1.2.2084.75]
	[c:\program files\ati technologies\ati.ace\log.foundation.dll]  [ATI Technologies Inc., 1.2.2026.29944]
	[c:\program files\ati technologies\ati.ace\cli.foundation.dll]  [ATI Technologies Inc., 1.2.2026.29944]
	[c:\program files\ati technologies\ati.ace\log.foundation.service.dll]  [ATI Technologies Inc., 1.2.2084.74]
	[c:\program files\ati technologies\ati.ace\log.foundation.shared.dll]  [ATI Technologies Inc., 1.2.2026.29970]
	[c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll]  [Microsoft Corporation, 1.1.4322.2407]
	[c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_cd2609bb\system.dll]  [N/A, ]
	[c:\program files\ati technologies\ati.ace\cli.foundation.xmanifestation.dll]  [ATI Technologies Inc., 1.2.2084.74]
	[c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll]  [Microsoft Corporation, 1.1.4322.2032]
	[c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_b5b63dd2\system.xml.dll]  [N/A, ]
	[c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll]  [Microsoft Corporation, 1.1.4322.2032]
	[\\?\globalroot\Device\__max++>\7B9F3F08.x86.dll]  [N/A, ]
	[c:\program files\ati technologies\ati.ace\cli.component.dashboard.dll]  [ATI Technologies Inc., 1.2.2084.76]
	[c:\program files\ati technologies\ati.ace\cli.foundation.clients.dll]  [ATI Technologies Inc., 1.2.2026.29944]
	[c:\program files\ati technologies\ati.ace\cli.component.dashboard.shared.dll]  [ATI Technologies Inc., 1.2.2026.29945]
	[c:\program files\ati technologies\ati.ace\cli.component.runtime.dll]  [ATI Technologies Inc., 1.2.2084.75]
	[c:\program files\ati technologies\ati.ace\cli.caste.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2028.21076]
	[c:\program files\ati technologies\ati.ace\dem.graphics.displaysmanager.shared.dll]  [ATI Technologies Inc., 1.2.2026.29945]
	[c:\program files\ati technologies\ati.ace\aem.foundation.dll]  [ATI Technologies Inc., 1.2.2026.29944]
	[c:\program files\ati technologies\ati.ace\cli.caste.local.dashboard.dll]  [ATI Technologies Inc., 1.2.2084.79]
	[c:\program files\ati technologies\ati.ace\cli.caste.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2084.71]
	[c:\program files\ati technologies\ati.ace\cli.caste.graphics.dashboard.shared.dll]  [ATI Technologies Inc., 1.2.2028.21079]
	[c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll]  [Microsoft Corporation, 1.1.4322.2032]
	[c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_35b0602e\system.drawing.dll]  [N/A, ]
	[c:\program files\ati technologies\ati.ace\cli.aspect.welcome.local.dashboard.dll]  [ATI Technologies Inc., 1.2.2083.43149]
	[c:\program files\ati technologies\ati.ace\cli.aspect.infocentre.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2084.1]
	[c:\program files\ati technologies\ati.ace\cli.aspect.displaysmanager.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2084.10]
	[c:\program files\ati technologies\ati.ace\cli.aspect.verylargedesktop.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2083.43107]
	[c:\program files\ati technologies\ati.ace\cli.aspect.displaysoptions.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2084.5]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2084.40]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt2.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2083.43133]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2084.28]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2083.43125]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicecv.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2084.36]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2083.43137]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2084.24]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicetv.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2084.19]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2084.32]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp2.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2083.43129]
	[c:\program files\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2083.43173]
	[c:\program files\ati technologies\ati.ace\cli.aspect.radeon3dlegacy.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2083.43168]
	[c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour2.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2083.43121]
	[c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2084.14]
	[c:\program files\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2083.43193]
	[c:\program files\ati technologies\ati.ace\cli.aspect.videooverlay.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2083.43160]
	[c:\program files\ati technologies\ati.ace\cli.aspect.powerplay3.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2083.43177]
	[c:\program files\ati technologies\ati.ace\cli.aspect.smartgart.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2083.43164]
	[c:\program files\ati technologies\ati.ace\cli.aspect.vpurecover.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2083.43156]
	[c:\program files\ati technologies\ati.ace\cli.aspect.workstationconfig.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2083.43152]
	[c:\program files\ati technologies\ati.ace\cli.aspect.overdrive3.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2083.43184]
	[c:\program files\ati technologies\ati.ace\cli.aspect.overdrive2.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2083.43188]
	[c:\program files\ati technologies\ati.ace\cli.aspect.integratedumaframebuffer.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2083.43197]
	[c:\program files\ati technologies\ati.ace\cli.aspect.multivpu.graphics.dashboard.dll]  [ATI Technologies Inc., 1.2.2083.43142]
	[c:\program files\ati technologies\ati.ace\cli.aspect.infocentre.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29953]
	[c:\program files\ati technologies\ati.ace\cli.aspect.verylargedesktop.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2040.18973]
	[c:\program files\ati technologies\ati.ace\cli.aspect.displaysoptions.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29961]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29960]
	[c:\program files\ati technologies\ati.ace\cli.aspect.deviceproperty.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29946]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicecrt2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29950]
	[c:\program files\ati technologies\ati.ace\cli.aspect.deviceproperty2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29946]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29969]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29949]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicecv.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2033.19041]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2033.19045]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2036.27417]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicetv.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29970]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29970]
	[c:\program files\ati technologies\ati.ace\cli.aspect.devicedfp2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29949]
	[c:\program files\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2049.17711]
	[c:\program files\ati technologies\ati.ace\cli.aspect.radeon3dlegacy.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2042.16922]
	[c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29953]
	[c:\program files\ati technologies\ati.ace\cli.aspect.displayscolour.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29947]
	[c:\program files\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29962]
	[c:\program files\ati technologies\ati.ace\cli.aspect.videooverlay.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29951]
	[c:\program files\ati technologies\ati.ace\cli.aspect.powerplay3.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29951]
	[c:\program files\ati technologies\ati.ace\cli.aspect.smartgart.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29948]
	[c:\program files\ati technologies\ati.ace\cli.aspect.vpurecover.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29949]
	[c:\program files\ati technologies\ati.ace\cli.aspect.workstationconfig.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29949]
	[c:\program files\ati technologies\ati.ace\cli.aspect.overdrive3.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29969]
	[c:\program files\ati technologies\ati.ace\cli.aspect.overdrive2.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29952]
	[c:\program files\ati technologies\ati.ace\cli.aspect.integratedumaframebuffer.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2026.29950]
	[c:\program files\ati technologies\ati.ace\cli.aspect.multivpu.graphics.shared.dll]  [ATI Technologies Inc., 1.2.2082.25148]
	[c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll]  [Microsoft Corporation, 1.1.4322.2407]
	[c:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\perfcounter.dll]  [Microsoft Corporation, 1.1.4322.2032]
	[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll]  [Microsoft Corporation, 1.1.4322.2407]
[PID: 1904 / SYSTEM][C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe]  [Microsoft Corporation, 2.0.50727.3053 (netfxsp.050727-3000)]
[PID: 3200 / SYSTEM][C:\PROGRA~1\AVG\AVG8\avgnsx.exe]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\Program Files\AVG\AVG8\avglogx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\PROGRA~1\AVG\AVG8\avgcfgx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[\\?\globalroot\Device\__max++>\7B9F3F08.x86.dll]  [N/A, ]
	[C:\PROGRA~1\AVG\AVG8\avgxpl.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\Program Files\AVG\AVG8\avglvex.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL]  [Microsoft Corporation, 8.00.50727.762]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.762]
[PID: 4688 / G Powers][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)]
	[\\?\globalroot\Device\__max++>\7B9F3F08.x86.dll]  [N/A, ]
[PID: 3732 / G Powers][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)]
	[\\?\globalroot\Device\__max++>\7B9F3F08.x86.dll]  [N/A, ]
	[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll]  [Adobe Systems Incorporated, 9.1.0.2009022700]
	[C:\Program Files\AVG\AVG8\avgssie.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.405]
	[C:\Program Files\AVG\AVG8\avgapix.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\Program Files\AVG\AVG8\avgxpl.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\Program Files\AVG\AVG8\avgcfgx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\Program Files\AVG\AVG8\avglogx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\Program Files\AVG\AVG8\avglngx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\Program Files\AVG\AVG8\avglvex.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL]  [Microsoft Corporation, 8.00.50727.762]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\Java\jre6\bin\ssv.dll]  [Sun Microsystems, Inc., 6.0.110.3]
	[C:\Program Files\Java\jre6\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\Program Files\Java\jre6\bin\jp2ssv.dll]  [Sun Microsystems, Inc., 6.0.110.3]
	[C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll]  [Sun Microsystems, Inc., 6.0.110.3]
	[C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx]  [Adobe Systems, Inc., 10,0,32,18]
[PID: 5688 / G Powers][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)]
	[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll]  [Adobe Systems Incorporated, 9.1.0.2009022700]
	[C:\Program Files\AVG\AVG8\avgssie.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.405]
	[C:\Program Files\AVG\AVG8\avgapix.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\Program Files\AVG\AVG8\avgxpl.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\Program Files\AVG\AVG8\avgcfgx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\Program Files\AVG\AVG8\avglogx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\Program Files\AVG\AVG8\avglngx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\Program Files\AVG\AVG8\avglvex.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL]  [Microsoft Corporation, 8.00.50727.762]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\Java\jre6\bin\ssv.dll]  [Sun Microsystems, Inc., 6.0.110.3]
	[C:\Program Files\Java\jre6\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\Program Files\Java\jre6\bin\jp2ssv.dll]  [Sun Microsystems, Inc., 6.0.110.3]
	[C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll]  [Sun Microsystems, Inc., 6.0.110.3]
	[\\?\globalroot\Device\__max++>\7B9F3F08.x86.dll]  [N/A, ]
	[C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx]  [Adobe Systems, Inc., 10,0,32,18]
[PID: 160 / G Powers][C:\Documents and Settings\G Powers\Desktop\SREng\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.1.1279]
[PID: 4220 / G Powers][C:\Documents and Settings\G Powers\Desktop\SREng\SRE97d7d8e7.EXE]  [Smallfrogs Studio, 2.8.1.1279]
	[C:\Documents and Settings\G Powers\Desktop\SREng\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
	[\\?\globalroot\Device\__max++>\7B9F3F08.x86.dll]  [N/A, ]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================

==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 444, C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 668, C:\PROGRAM FILES\TRUST\TRUST R-SERIES MOUSE\KMWDSRV.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1112, C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAGENT.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 136, C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAX4PNP.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 184, C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAX4.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 304, C:\PROGRAM FILES\TRUST\TRUST R-SERIES MOUSE\STARTAUTORUN.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1696, C:\PROGRAM FILES\TRUST\TRUST R-SERIES MOUSE\KMCONFIG.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2168, C:\DOCUMENTS AND SETTINGS\G POWERS\G POWERS.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2420, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3496, C:\PROGRAM FILES\TRUST\TRUST R-SERIES MOUSE\KMPROCESS.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3960, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2540, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 160, C:\DOCUMENTS AND SETTINGS\G POWERS\DESKTOP\SRENG\SRENGLDR.EXE]

==================================
Scheduled Tasks
[Enabled] {BB65B0FB-5712-401b-B616-E69AC55E2757}.job
		C:\DOCUME~1\GPOWER~1\LOCALS~1\Temp\a.exe 
[Enabled] {7B02EF0B-A410-4938-8480-9BA26420A627}.job
		C:\WINDOWS\msb.exe 
[Enabled] User_Feed_Synchronization-{9C97359F-2CA1-4E62-9304-6FC0DDBB32E5}.job
		C:\WINDOWS\system32\msfeedssync.exe 

==================================
Windows Security Update Check
KB940157,  Windows Search 4.0 for Windows XP (KB940157) 
KB940157,  Windows Live Essentials 
KB931125,  Update for Root Certificates [May 2009] (KB931125) 
KB951847,  Microsoft .NET Framework 3.5 Service Pack 1 and .NET Framework 3.5 Family Update for .NET versions 2.0 through 3.5 (KB951847) x86 
KB951847,  Office Live add-in 1.4 
KB968389,  Update for Windows XP (KB968389) 
KB973874,  Update for Internet Explorer 8 Compatibility View List for Windows XP (KB973874) 
KB956844,  Security Update for Windows XP (KB956844) MS09-046
KB890830,  Windows Malicious Software Removal Tool - September 2009 (KB890830) 
KB971961,  Security Update for Jscript 5.8 for Windows XP (KB971961) MS09-045

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:39 PM

Posted 17 September 2009 - 06:06 PM

Hello! :(
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.



Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 grahamp

grahamp
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 18 September 2009 - 01:21 AM

Hi Sam

Thanks for getting back to me, I hope you can help me to solve this problem.

I tried to diable AVG by right clicking in the System Tray and Exit but when I ran Combofix it came uo that it was still running and could damage my PC. I tried to uninstall AVG but it failed with this error message:

Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....
Error 0x80070005

I couldn't get the Dialog box to show the whole message I'm afraid. What would you like me to do?

Sorry about this but this additional problem seems to have got a hold of all my security features!!

Graham

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:39 PM

Posted 18 September 2009 - 07:20 AM

Here's the process to disable AVG.
Please open the AVG 8 Control Center, by right clicking on the AVG 8 icon on task bar.
  • Click on Tools.
  • Select Advanced.
  • In the left hand pane, scroll down to "Resident Shield".
  • In the main pane, deselect the option to "Enable Resident Shield."
  • To re-enable AVG 8, please select "Enable Resident Shield" again.
Once you've done that, proceed with Combofix, even if it tells you AVG is still running.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 grahamp

grahamp
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 18 September 2009 - 07:55 AM

Hi Sam

Unfortunatley I'm in work at present - only 3 hours to go!!! . I will do it as soon as I get home. many thanks for you continued help (and patience)

Graham

#6 grahamp

grahamp
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 18 September 2009 - 01:53 PM

Hi Sam

Thanks for being patient. I've attached the C:\Combofix.txt file as requested. The process also created a file called log.txt which looks exactly the same. I've saved it, though, just in case you need it later.

Graham

ComboFix 09-09-17.04 - G Powers 18/09/2009 19:28.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.458 [GMT 1:00]
Running from: c:\documents and settings\G Powers\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\G Powers\autorun.inf
c:\documents and settings\G Powers\G Powers.exe
c:\windows\Installer\11ad99c.msp
c:\windows\Installer\11ad99d.msp
c:\windows\Installer\11ad99e.msp
c:\windows\Installer\11ad99f.msp
c:\windows\Installer\11ad9a0.msp
c:\windows\Installer\11ad9a1.msp
c:\windows\Installer\11ad9a2.msp
c:\windows\Installer\11ad9a3.msp
c:\windows\Installer\11ad9a4.msp
c:\windows\Installer\11ad9a5.msp
c:\windows\Installer\11fb3813.msp
c:\windows\Installer\11fb3814.msp
c:\windows\Installer\11fb3815.msp
c:\windows\Installer\11fb3816.msp
c:\windows\Installer\11fb3817.msp
c:\windows\Installer\11fb3818.msp
c:\windows\Installer\11fb3819.msp
c:\windows\Installer\11fb381a.msp
c:\windows\Installer\11fb381b.msp
c:\windows\Installer\11fb381c.msp
c:\windows\Installer\12b1b24f.msp
c:\windows\Installer\12b1b250.msp
c:\windows\Installer\12b1b251.msp
c:\windows\Installer\12b1b252.msp
c:\windows\Installer\12b1b253.msp
c:\windows\Installer\12b1b254.msp
c:\windows\Installer\12b1b255.msp
c:\windows\Installer\12b1b256.msp
c:\windows\Installer\12b1b257.msp
c:\windows\Installer\12b1b258.msp
c:\windows\Installer\14da805.msp
c:\windows\Installer\14da806.msp
c:\windows\Installer\14da807.msp
c:\windows\Installer\14da808.msp
c:\windows\Installer\14da809.msp
c:\windows\Installer\14da80a.msp
c:\windows\Installer\14da80b.msp
c:\windows\Installer\14da80c.msp
c:\windows\Installer\14da80d.msp
c:\windows\Installer\14da80e.msp
c:\windows\Installer\189074.msp
c:\windows\Installer\189075.msp
c:\windows\Installer\189076.msp
c:\windows\Installer\189077.msp
c:\windows\Installer\189078.msp
c:\windows\Installer\189079.msp
c:\windows\Installer\18907a.msp
c:\windows\Installer\18907b.msp
c:\windows\Installer\18907c.msp
c:\windows\Installer\18907d.msp
c:\windows\Installer\1d8cb77.msp
c:\windows\Installer\1d8cb78.msp
c:\windows\Installer\1d8cb79.msp
c:\windows\Installer\1d8cb7a.msp
c:\windows\Installer\1d8cb7b.msp
c:\windows\Installer\1d8cb7c.msp
c:\windows\Installer\1d8cb7d.msp
c:\windows\Installer\1d8cb7e.msp
c:\windows\Installer\1d8cb7f.msp
c:\windows\Installer\1d8cb80.msp
c:\windows\Installer\215777d6.msp
c:\windows\Installer\215777d7.msp
c:\windows\Installer\215777d8.msp
c:\windows\Installer\215777d9.msp
c:\windows\Installer\215777da.msp
c:\windows\Installer\215777db.msp
c:\windows\Installer\215777dc.msp
c:\windows\Installer\215777dd.msp
c:\windows\Installer\215777de.msp
c:\windows\Installer\215777df.msp
c:\windows\Installer\217b9.msi
c:\windows\Installer\22747d4a.msp
c:\windows\Installer\22747d4b.msp
c:\windows\Installer\22747d4c.msp
c:\windows\Installer\22747d4d.msp
c:\windows\Installer\22747d4e.msp
c:\windows\Installer\22747d4f.msp
c:\windows\Installer\22747d50.msp
c:\windows\Installer\22747d51.msp
c:\windows\Installer\22747d52.msp
c:\windows\Installer\22747d53.msp
c:\windows\Installer\26ffaa6.msp
c:\windows\Installer\26ffaa7.msp
c:\windows\Installer\26ffaa8.msp
c:\windows\Installer\26ffaa9.msp
c:\windows\Installer\26ffaaa.msp
c:\windows\Installer\26ffaab.msp
c:\windows\Installer\26ffaac.msp
c:\windows\Installer\26ffaad.msp
c:\windows\Installer\26ffaae.msp
c:\windows\Installer\26ffaaf.msp
c:\windows\Installer\3d38311.msp
c:\windows\Installer\3d38312.msp
c:\windows\Installer\3d38313.msp
c:\windows\Installer\3d38314.msp
c:\windows\Installer\3d38315.msp
c:\windows\Installer\3d38316.msp
c:\windows\Installer\3d38317.msp
c:\windows\Installer\3d38318.msp
c:\windows\Installer\3d38319.msp
c:\windows\Installer\3d3831a.msp
c:\windows\Installer\402b6ee.msp
c:\windows\Installer\402b6ef.msp
c:\windows\Installer\402b6f0.msp
c:\windows\Installer\402b6f1.msp
c:\windows\Installer\402b6f2.msp
c:\windows\Installer\402b6f3.msp
c:\windows\Installer\402b6f4.msp
c:\windows\Installer\402b6f5.msp
c:\windows\Installer\402b6f6.msp
c:\windows\Installer\402b6f7.msp
c:\windows\Installer\5ae854d.msp
c:\windows\Installer\5ae854e.msp
c:\windows\Installer\5ae854f.msp
c:\windows\Installer\5ae8550.msp
c:\windows\Installer\5ae8551.msp
c:\windows\Installer\5ae8552.msp
c:\windows\Installer\5ae8553.msp
c:\windows\Installer\5ae8554.msp
c:\windows\Installer\5ae8555.msp
c:\windows\Installer\5ae8556.msp
c:\windows\Installer\615654d.msp
c:\windows\Installer\615654e.msp
c:\windows\Installer\615654f.msp
c:\windows\Installer\6156550.msp
c:\windows\Installer\6156551.msp
c:\windows\Installer\6156552.msp
c:\windows\Installer\6156553.msp
c:\windows\Installer\6156554.msp
c:\windows\Installer\6156555.msp
c:\windows\Installer\6156556.msp
c:\windows\Installer\640f5c4.msp
c:\windows\Installer\640f5c5.msp
c:\windows\Installer\640f5c6.msp
c:\windows\Installer\640f5c7.msp
c:\windows\Installer\640f5c8.msp
c:\windows\Installer\640f5c9.msp
c:\windows\Installer\640f5ca.msp
c:\windows\Installer\640f5cb.msp
c:\windows\Installer\640f5cc.msp
c:\windows\Installer\640f5cd.msp
c:\windows\Installer\69fc5.msi
c:\windows\Installer\7983171.msp
c:\windows\Installer\7983172.msp
c:\windows\Installer\7983173.msp
c:\windows\Installer\7983174.msp
c:\windows\Installer\7983175.msp
c:\windows\Installer\7983176.msp
c:\windows\Installer\7983177.msp
c:\windows\Installer\7983178.msp
c:\windows\Installer\7983179.msp
c:\windows\Installer\798317a.msp
c:\windows\Installer\90bf2c1.msp
c:\windows\Installer\90bf2c2.msp
c:\windows\Installer\90bf2c3.msp
c:\windows\Installer\90bf2c4.msp
c:\windows\Installer\90bf2c5.msp
c:\windows\Installer\90bf2c6.msp
c:\windows\Installer\90bf2c7.msp
c:\windows\Installer\90bf2c8.msp
c:\windows\Installer\90bf2c9.msp
c:\windows\Installer\90bf2ca.msp
c:\windows\Installer\92925f8.msi
c:\windows\Installer\92925f9.msp
c:\windows\Installer\92925fa.msp
c:\windows\Installer\92925fb.msp
c:\windows\Installer\92925fc.msp
c:\windows\Installer\92925fd.msp
c:\windows\Installer\92925fe.msp
c:\windows\Installer\92925ff.msp
c:\windows\Installer\9292600.msp
c:\windows\Installer\9292601.msp
c:\windows\Installer\9292602.msp
c:\windows\Installer\94717e.msi
c:\windows\Installer\a83bd83.msp
c:\windows\Installer\a83bd84.msp
c:\windows\Installer\a83bd85.msp
c:\windows\Installer\a83bd86.msp
c:\windows\Installer\a83bd87.msp
c:\windows\Installer\a83bd88.msp
c:\windows\Installer\a83bd89.msp
c:\windows\Installer\a83bd8a.msp
c:\windows\Installer\a83bd8b.msp
c:\windows\Installer\a83bd8c.msp
c:\windows\Installer\b677ad8.msp
c:\windows\Installer\b677ad9.msp
c:\windows\Installer\b677ada.msp
c:\windows\Installer\b677adb.msp
c:\windows\Installer\b677adc.msp
c:\windows\Installer\b677add.msp
c:\windows\Installer\b677ade.msp
c:\windows\Installer\b677adf.msp
c:\windows\Installer\b677ae0.msp
c:\windows\Installer\b677ae1.msp
c:\windows\Installer\cbdf8d2.msp
c:\windows\Installer\cbdf8d3.msp
c:\windows\Installer\cbdf8d4.msp
c:\windows\Installer\cbdf8d5.msp
c:\windows\Installer\cbdf8d6.msp
c:\windows\Installer\cbdf8d7.msp
c:\windows\Installer\cbdf8d8.msp
c:\windows\Installer\cbdf8d9.msp
c:\windows\Installer\cbdf8da.msp
c:\windows\Installer\cbdf8db.msp
c:\windows\Installer\d8b963.msp
c:\windows\Installer\d8b964.msp
c:\windows\Installer\d8b965.msp
c:\windows\Installer\d8b966.msp
c:\windows\Installer\d8b967.msp
c:\windows\Installer\d8b968.msp
c:\windows\Installer\d8b969.msp
c:\windows\Installer\d8b96a.msp
c:\windows\Installer\d8b96b.msp
c:\windows\Installer\d8b96c.msp
c:\windows\Installer\ddf04.msi
c:\windows\Installer\ddf05.msp
c:\windows\Installer\ddf06.msp
c:\windows\Installer\ddf07.msp
c:\windows\Installer\ddf08.msp
c:\windows\Installer\ddf09.msp
c:\windows\Installer\ddf0a.msp
c:\windows\Installer\ddf0b.msp
c:\windows\Installer\ddf0c.msp
c:\windows\Installer\ddf0d.msp
c:\windows\Installer\ddf0e.msp
c:\windows\Installer\df4a6.msi
c:\windows\Installer\ee5a6f.msp
c:\windows\Installer\ee5a70.msp
c:\windows\Installer\ee5a71.msp
c:\windows\Installer\ee5a72.msp
c:\windows\Installer\ee5a73.msp
c:\windows\Installer\ee5a74.msp
c:\windows\Installer\ee5a75.msp
c:\windows\Installer\ee5a76.msp
c:\windows\Installer\ee5a77.msp
c:\windows\Installer\ee5a78.msp
c:\windows\msa.exe
c:\windows\system32\spdwnwxp.exe
c:\windows\system32\x517_256.dll

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

-- Previous Run --

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll

--------

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-08-18 to 2009-09-18 )))))))))))))))))))))))))))))))
.

2009-09-16 06:00 . 2009-09-16 06:00 -------- d-----w- c:\program files\trend micro
2009-09-16 06:00 . 2009-09-16 06:00 -------- d-----w- C:\rsit
2009-09-15 15:53 . 2009-09-15 15:53 -------- d-----w- c:\documents and settings\G Powers\Application Data\TrojanHunter
2009-09-15 15:51 . 2009-09-15 20:31 -------- d-----w- c:\program files\TrojanHunter 5.2
2009-09-15 15:28 . 2009-09-15 16:03 -------- d-----w- c:\windows\system32\ZoneLabs
2009-09-15 15:28 . 2009-09-15 15:28 -------- d-----w- c:\program files\Zone Labs
2009-09-14 22:26 . 2009-09-14 22:26 -------- d-----w- C:\$AVG8.VAULT$
2009-09-14 22:11 . 2009-09-14 22:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-14 22:11 . 2009-09-14 22:11 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-14 22:10 . 2009-09-14 22:10 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-14 22:10 . 2009-09-14 22:10 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-14 22:10 . 2009-09-17 16:38 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-14 22:10 . 2009-09-18 18:24 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-14 22:06 . 2009-09-14 22:06 -------- d-----w- c:\documents and settings\G Powers\Application Data\AVG8
2009-09-08 02:00 . 2009-09-08 02:00 -------- d-----w- C:\72e6d16f39b5f1e21aa490
2009-09-08 02:00 . 2009-09-08 02:00 -------- d-----w- C:\85a9ba641fafb8d45a48b0c5e04c
2009-09-07 02:00 . 2009-09-07 02:00 -------- d-----w- C:\53e02a312e118cd4ee70d732
2009-09-07 02:00 . 2009-09-07 18:00 -------- d-----w- C:\41f5d2b6669a7f38bc71
2009-09-06 02:00 . 2009-09-06 02:00 -------- d-----w- C:\21d8e51d53bc26061aa7
2009-09-06 02:00 . 2009-09-06 18:00 -------- d-----w- C:\4b4bdc369619a76bf4f3e83a
2009-08-22 02:02 . 2009-08-22 02:02 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-18 18:36 . 2008-01-18 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2009-09-18 06:04 . 2007-11-12 18:19 61224 ----a-w- c:\documents and settings\G Powers\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-15 15:55 . 2009-02-22 10:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-15 15:55 . 2009-02-22 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-15 15:28 . 2008-02-13 09:25 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-09-09 21:37 . 2009-04-22 08:31 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-08 14:37 . 2009-08-08 14:37 -------- d-----w- c:\program files\Trust
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 20:35 . 2009-08-04 20:35 0 ----atw- c:\windows\004326_.tmp
2009-08-01 11:18 . 2009-07-20 22:44 -------- d-----w- c:\program files\Microsoft Works
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2008-12-03 14:03 . 2009-02-19 09:39 151552 ----a-w- c:\program files\JavaRa.exe
2008-08-15 17:25 . 2009-02-19 09:39 244338 ----a-w- c:\program files\JavaRa.def
2008-06-19 16:29 . 2009-02-19 09:39 17987 ----a-w- c:\program files\gpl-2.0.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-11-27 1032376]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-18 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"KMCONFIG"="c:\program files\Trust\Trust R-Series Mouse\StartAutorun.exe" [2007-03-06 212992]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-14 2007832]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-8-12 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-14 22:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [14/09/2009 23:10 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [14/09/2009 23:11 108552]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Trust\Trust R-Series Mouse\KMWDSrv.exe [09/06/2007 00:23 208896]
R3 Bonifay;Bonifay;c:\windows\system32\drivers\Bonifay.sys [04/02/2008 19:52 12160]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe --> c:\progra~1\AVG\AVG8\avgwdsvc.exe [?]
S3 Gonzales;Gonzales;c:\windows\system32\drivers\Gonzales.sys [04/02/2008 19:52 7040]
S3 jgameenp;jgameenp;\??\c:\docume~1\GPOWER~1\LOCALS~1\Temp\jgameenp.sys --> c:\docume~1\GPOWER~1\LOCALS~1\Temp\jgameenp.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder

2009-09-18 c:\windows\Tasks\User_Feed_Synchronization-{9C97359F-2CA1-4E62-9304-6FC0DDBB32E5}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uk.yahoo.com/?fr=fp-yie8
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-HijackThis - c:\documents and settings\G Powers\Desktop\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-18 19:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3608)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Trust\Trust R-Series Mouse\KMCONFIG.exe
c:\program files\Trust\Trust R-Series Mouse\KMProcess.exe
.
**************************************************************************
.
Completion time: 2009-09-18 19:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-18 18:39

Pre-Run: 211,545,903,104 bytes free
Post-Run: 211,756,515,328 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

417 --- E O F --- 2009-09-18 02:01

Attached Files


Edited by Buckeye_Sam, 19 September 2009 - 03:59 PM.


#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:39 PM

Posted 19 September 2009 - 04:06 PM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

File::
c:\windows\004326_.tmp
Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.

Posted Image

This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.


======================


Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.


How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 grahamp

grahamp
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 19 September 2009 - 05:05 PM

Hi Sam

Thanks for getting back to me. I've done what you have asked. Malwarebytes Anti-malware found nothing but I've attached the log anyway as well as the Combofix.txt log.

I will reboot now and await your response

Thanks again for your time and help
Graham

Attached Files



#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:39 PM

Posted 19 September 2009 - 05:16 PM

Your log looks pretty good to me. How is your computer behaving now? Any problems?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 grahamp

grahamp
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 19 September 2009 - 05:32 PM

Hi Sam

Seems fine now. One of the main problems was AVG was running once then I couldn't running it again unless I disabled processes, uninstalled and reinstalled - which isn't right!! I will need to test this out (and some other security programs that wouldn't work before your kind assistance). This will take a couple of hours I'm afraid. However, I'm hoping that my next post will be a big thank you post. I hope you will check back for that.

Thanks very much
Graham

#11 grahamp

grahamp
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 20 September 2009 - 07:11 AM

Hi Sam

Apologies for the delay in getting back to you. Everything is working really well now. Before this problem I had AVG Free, Malewarebytes Anti-malware, Ad-Aware and Spybot running. All of these are working fine again now. Is there abything else you would recommend I have installed on my PC?

Once again, Many many thanks for your patience, time and efforts in helping me solve my problem

Take care
Graham

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:39 PM

Posted 20 September 2009 - 11:11 AM

That's a pretty good mix of protective programs. The only other program that I would recommend for you is Spywareblaster.
Here are some final steps and then some additional recommendations for you.


We need to remove Combofix now that we're done with it.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image



==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:( :(
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 grahamp

grahamp
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:39 PM

Posted 20 September 2009 - 12:05 PM

Hi Sam

Combofix uninstalled. I will download and install Spywareblaster as you suggest. I do keep all my security programs up-to-date which shows that some stuff still gets through and you have to be on your guard at all times

Thank you very very much for your help and advice. I initially thought that I would need to reformat and reinstall everything but thanks to you that is not necessary.

Take care and I will definitely be recommending Bleepingcomputer.com to family, friends and colleagues as a fast, friendly and authoratitive website for solving PC problems. Good on you and the rest of the team

Graham

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:06:39 PM

Posted 21 September 2009 - 04:24 PM

I'm glad I could help you out! :(

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users