Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

blue stop screen


  • Please log in to reply

#1
zhuya

zhuya

    New Member

  • Member
  • Pip
  • 4 posts
my pc keeps freezing and shutting down at random times giving me the blue error screen, sometimes it doesn't happen for days, and sometimes it happens a couple of times in one day, I know it could be a problem with hardware, but i thought I'd give it a try here if it's some virus or similar problem, before I turn it in for repair.. btw the error message says Stop: 0x0000009c (0x00000004, 0x8054D5F0, 0xB2000000, 0x00070F0F)
  • 0

Advertisements


#2
zhuya

zhuya

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
any kind of help would be really appreciated
  • 0

#3
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,050 posts
Hello zhuya,

Welcome to the malware forum.

Have you been to the self help section?

You need to go there before you come here.Posted Image

If you read the thread there you will see step by step instructions to help fix your computer.

After that if your machine still has problems come back and post the necessary logs.

Or, if your machine can't run the tools there come back and tell me.

The link below will take you there.

http://www.geekstogo...-Log-t2852.html

Regards
emeraldnzl
  • 0

#4
zhuya

zhuya

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hello emeraldnzl, and thank you for your help!

I've been through all the steps in the self help section (sorry for not doing that in the first place), and since I've still had problems with the machine, here are the logs

OTL logfile created on: 2010-05-03 17:14:12 - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041A | Country: Croatia | Language: HRV | Date Format: yyyy-MM-dd

510.00 Mb Total Physical Memory | 227.00 Mb Available Physical Memory | 45.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 765 1500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24.41 Gb Total Space | 4.65 Gb Free Space | 19.05% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 9.77 Gb Total Space | 1.75 Gb Free Space | 17.94% Space Free | Partition Type: NTFS
Drive F: | 24.57 Gb Total Space | 23.30 Gb Free Space | 94.81% Space Free | Partition Type: NTFS
Drive G: | 2.93 Gb Total Space | 2.19 Gb Free Space | 74.69% Space Free | Partition Type: NTFS
Drive H: | 97.65 Gb Total Space | 34.75 Gb Free Space | 35.58% Space Free | Partition Type: NTFS
Drive I: | 4.88 Gb Total Space | 2.42 Gb Free Space | 49.62% Space Free | Partition Type: NTFS

Computer Name: COMPUTER
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010-05-03 17:09:32 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\desktop\OTL.exe
PRC - [2010-04-01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- H:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010-03-02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- H:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010-02-24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- H:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010-01-14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- H:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009-05-19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008-11-01 02:51:27 | 000,002,560 | ---- | M] () -- C:\WINDOWS\Runservice.exe
PRC - [2008-10-20 22:18:26 | 000,071,096 | ---- | M] () -- E:\CDBurnerXP\NMSAccessU.exe
PRC - [2007-06-13 12:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007-04-10 14:01:18 | 000,336,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2006-03-23 00:13:46 | 001,591,808 | ---- | M] (YourWare Solutions ™) -- H:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
PRC - [2004-10-05 18:05:34 | 000,126,976 | ---- | M] () -- C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2004-10-05 18:04:24 | 000,110,653 | ---- | M] () -- C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2004-10-05 18:03:50 | 000,053,313 | ---- | M] () -- C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2004-08-10 06:04:08 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe


========== Modules (SafeList) ==========

MOD - [2010-05-03 17:09:32 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\desktop\OTL.exe
MOD - [2009-04-14 18:03:34 | 000,715,264 | ---- | M] (Agnitum Ltd.) -- h:\SECURITY\Agnitum\Outpost Firewall\wl_hook.dll
MOD - [2006-08-25 17:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004-08-03 22:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010-04-01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- H:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010-02-24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- H:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009-05-19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009-04-14 18:03:30 | 001,195,008 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- H:\SECURITY\Agnitum\Outpost Firewall\acs.exe -- (acssrv)
SRV - [2009-02-02 21:33:28 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008-11-01 02:51:27 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\WINDOWS\Runservice.exe -- (LicCtrlService)
SRV - [2008-10-20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- E:\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2004-10-05 18:05:34 | 000,126,976 | ---- | M] () [Auto | Running] -- C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe -- (app_filter)
SRV - [2004-10-05 18:04:24 | 000,110,653 | ---- | M] () [Auto | Running] -- C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2004-10-05 18:03:50 | 000,053,313 | ---- | M] () [Auto | Running] -- C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2004-08-10 06:04:08 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)


========== Driver Services (SafeList) ==========

DRV - [2010-04-27 17:30:10 | 000,061,440 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- H:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-03-01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010-02-17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- H:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010-02-16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010-02-11 09:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009-09-23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-05-11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- H:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009-05-11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009-04-06 11:37:12 | 000,704,384 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SandBox.sys -- (SandBox)
DRV - [2009-02-18 17:30:56 | 000,031,128 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw)
DRV - [2009-02-10 16:15:42 | 000,257,432 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2009-01-26 12:30:59 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008-12-28 05:58:05 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008-12-27 02:22:52 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008-12-27 02:22:51 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008-01-23 10:19:44 | 000,501,560 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV11.sys -- (acedrv11)
DRV - [2006-09-24 15:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006-07-01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005-11-02 16:47:26 | 000,010,368 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005-03-04 12:25:16 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [2005-02-24 17:04:58 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005-02-24 17:04:56 | 000,033,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005-02-11 18:11:32 | 000,016,640 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvcchflt.sys -- (nvcchflt)
DRV - [2005-02-11 18:11:02 | 000,089,856 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2005-01-26 11:47:34 | 000,414,336 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2005-01-26 11:44:08 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2004-12-22 11:07:12 | 002,304,320 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004-08-03 22:04:34 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_51) T-Com MAXadsl modem (USB, NDIS)
DRV - [2002-10-03 00:09:08 | 000,031,504 | ---- | M] (Robert Schlabbach) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RMSPPPOE.SYS -- (RMSPPPOE) WAN Miniport (PPP over Ethernet Protocol)
DRV - [2002-07-17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [1996-04-03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search, =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.hr/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local



O1 HOSTS File: ([2010-05-02 20:07:13 | 000,392,421 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13578 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - No CLSID value found.
O2 - BHO: (no name) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] H:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [OutpostFeedBack] H:\SECURITY\Agnitum\Outpost Firewall\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] H:\SECURITY\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [FreeRAM XP] H:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\nvappfilter.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\nvappfilter.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\nvappfilter.dll ()
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.syste...ri_4.1.71.0.cab (Reg Error: Key error.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1272566915718 (WUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-01.su...ows-i586-jc.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (h:\security\agnitum\outpos~1\wl_hook.dll) - h:\SECURITY\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
O20 - AppInit_DLLs: (c:\windows\system32\avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - H:\Program Files\SUPERAntiSpyware\SASWINLO.dll - H:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - H:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008-05-16 08:05:11 | 000,000,007 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008-12-28 03:04:22 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O32 - AutoRun File - [2002-12-05 12:48:28 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004-03-09 08:30:53 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (60249255767441408)

========== Files/Folders - Created Within 90 Days ==========

[2010-05-03 17:09:27 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010-05-03 14:24:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010-05-03 03:16:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010-05-03 03:11:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010-05-03 03:11:35 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010-05-03 03:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010-05-03 03:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010-05-02 22:51:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\gmer
[2010-05-02 22:26:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2010-05-02 21:52:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010-05-02 20:50:45 | 000,704,384 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\SandBox.sys
[2010-05-02 20:50:38 | 000,257,432 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afwcore.sys
[2010-05-02 20:49:05 | 000,031,128 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afw.sys
[2010-05-02 20:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2010-05-02 03:16:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2010-05-01 09:55:11 | 000,000,000 | ---D | C] -- C:\MGtools
[2010-05-01 09:43:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010-05-01 09:06:55 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010-05-01 08:39:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-05-01 08:39:00 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-05-01 06:53:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010-05-01 06:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010-04-29 20:39:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\NVIDIA Shared
[2010-04-29 20:39:13 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010-04-29 20:38:08 | 000,000,000 | ---D | C] -- C:\NV5900328.TMP
[2010-04-29 20:28:38 | 000,000,000 | ---D | C] -- C:\NV3216172.TMP
[2010-04-29 17:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2010-04-29 17:56:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2010-04-29 17:02:10 | 000,027,136 | ---- | C] (CPUID) -- C:\WINDOWS\System32\PCWizard.cpl
[2010-04-29 16:56:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2010-04-29 16:35:50 | 000,000,000 | ---D | C] -- C:\ATI
[2010-04-26 19:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2010-04-22 00:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Sports Interactive
[2010-04-20 18:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010-04-20 17:42:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2010-04-20 17:33:58 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010-04-20 17:33:51 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010-04-20 17:33:50 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010-04-20 17:33:50 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010-04-20 17:33:50 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010-04-20 17:33:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010-04-09 09:16:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2010-04-06 23:12:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\KONAMI
[2010-04-02 03:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2010-04-01 16:59:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TVU Networks
[2010-02-16 19:56:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PowerChallenge
[2010-02-15 17:25:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2010-02-15 15:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F4
[2010-02-12 20:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010-02-06 16:51:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Video Converter for Any Flv Player
[2010-02-06 16:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Any FLV Player
[2010-02-06 16:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Video Converter for Any Flv Player
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010-05-03 17:11:51 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\LAKERS games.xls
[2010-05-03 17:09:32 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010-05-03 14:23:43 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010-05-03 14:22:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-05-03 14:20:44 | 000,003,321 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys
[2010-05-03 14:20:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-05-03 14:20:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-05-03 05:50:25 | 017,563,648 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010-05-03 05:50:25 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010-05-03 05:50:02 | 006,927,122 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010-05-03 03:46:55 | 000,073,728 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010-05-03 03:44:49 | 000,284,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-05-03 03:28:56 | 000,000,508 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010-05-03 03:20:41 | 000,505,586 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-05-03 03:20:41 | 000,444,164 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-05-03 03:20:41 | 000,072,040 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-05-02 22:17:30 | 000,001,503 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Browser Choice.lnk
[2010-05-02 22:07:48 | 000,000,584 | ---- | M] () -- C:\WINDOWS\win.ini
[2010-05-02 21:58:54 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010-05-02 21:57:44 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2010-05-02 20:07:13 | 000,392,421 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-05-02 20:04:33 | 000,290,034 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100502-200713.backup
[2010-05-02 18:54:20 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-05-01 09:56:51 | 000,109,768 | ---- | M] () -- C:\MGlogs.zip
[2010-05-01 09:25:02 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-05-01 09:24:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100502-200433.backup
[2010-05-01 06:53:34 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010-05-01 03:22:05 | 003,924,476 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010-05-01 03:17:41 | 002,377,252 | ---- | M] () -- C:\MGtools.exe
[2010-04-30 11:47:34 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2010-04-29 17:17:14 | 000,004,096 | ---- | M] () -- C:\WINDOWS\d3dx.dat
[2010-04-29 16:55:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-04-26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010-04-22 00:38:34 | 000,000,770 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Football Manager 2010.lnk
[2010-04-20 17:34:45 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010-04-20 04:34:25 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\NBA Playoffs 2010.xls
[2010-04-20 04:30:36 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\DINAMO utakmice.xls
[2010-04-09 09:51:15 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\cfddacb9_s.ocx
[2010-03-29 17:52:22 | 000,000,693 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to gmplayer.lnk
[2010-03-24 13:15:33 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\ZHUYA.xls
[2010-03-24 12:17:28 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\CIBONA utakmice.xls
[2010-03-18 19:53:27 | 000,000,631 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to mpc-hc.lnk
[2010-03-12 04:39:33 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Administrator\PUTTY.RND
[2010-03-02 04:00:09 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\vpgxkmeb.sys
[2010-03-01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010-02-16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010-02-15 17:25:17 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010-02-11 06:36:00 | 000,204,800 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2010-02-11 06:35:44 | 000,155,648 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2010-02-11 06:35:32 | 000,026,112 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2010-02-11 06:35:24 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2010-02-11 06:12:00 | 003,107,788 | ---- | M] () -- C:\WINDOWS\System32\ativva5x.dat
[2010-02-11 06:12:00 | 000,887,724 | ---- | M] () -- C:\WINDOWS\System32\ativva6x.dat
[2010-02-11 06:12:00 | 000,152,496 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-05-02 22:26:47 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2010-05-02 22:17:29 | 000,001,503 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Browser Choice.lnk
[2010-05-02 21:58:17 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010-05-02 21:57:42 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2010-05-02 20:49:07 | 000,000,049 | ---- | C] () -- C:\WINDOWS\transp.gif
[2010-05-01 09:55:21 | 000,109,768 | ---- | C] () -- C:\MGlogs.zip
[2010-05-01 09:06:55 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-05-01 09:06:54 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-05-01 09:06:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-05-01 09:00:22 | 003,924,476 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2010-05-01 06:53:34 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010-05-01 03:17:31 | 002,377,252 | ---- | C] () -- C:\MGtools.exe
[2010-04-29 20:38:24 | 000,004,570 | ---- | C] () -- C:\WINDOWS\System32\nvaudio.nvu
[2010-04-29 17:17:14 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010-04-29 16:55:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010-04-22 00:38:34 | 000,000,770 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Football Manager 2010.lnk
[2010-04-20 17:34:44 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010-04-19 21:57:02 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\NBA Playoffs 2010.xls
[2010-04-09 09:51:14 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\cfddacb9_s.ocx
[2010-03-29 17:52:25 | 000,000,693 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to gmplayer.lnk
[2010-03-18 19:53:30 | 000,000,631 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to mpc-hc.lnk
[2010-03-02 04:00:09 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\vpgxkmeb.sys
[2010-02-11 06:12:00 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010-02-11 06:12:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010-02-11 06:12:00 | 000,152,496 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2009-11-11 01:58:15 | 000,000,059 | ---- | C] () -- C:\WINDOWS\RUNAWAY.INI
[2009-08-01 22:50:08 | 000,000,153 | ---- | C] () -- C:\WINDOWS\cavscan.INI
[2009-04-07 16:46:32 | 000,000,025 | ---- | C] () -- C:\WINDOWS\System32\sysogg.dll
[2009-01-30 15:39:54 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2009-01-30 15:39:54 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2009-01-30 15:39:54 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2009-01-30 15:39:54 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2008-12-29 22:20:06 | 000,000,120 | ---- | C] () -- C:\WINDOWS\CIS_Setup_3.5.57173.439_XP_Vista_x32.INI
[2008-12-27 02:22:51 | 000,278,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008-12-27 02:22:51 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008-12-04 13:24:10 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008-11-01 02:51:28 | 000,003,321 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
[2008-11-01 02:51:27 | 000,048,640 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2008-04-03 16:21:07 | 000,000,144 | ---- | C] () -- C:\WINDOWS\wt.ini
[2007-11-30 00:30:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007-11-28 23:52:32 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007-10-05 22:54:31 | 000,000,091 | ---- | C] () -- C:\WINDOWS\CIV.INI
[2007-10-05 17:48:10 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007-08-27 06:39:05 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007-06-28 00:08:16 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\9AA88A5B99.dll
[2007-06-18 13:37:09 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004-10-05 18:06:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\nvappfilter.dll
[2004-04-20 05:00:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004-03-09 08:43:15 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004-03-09 08:43:12 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004-03-09 08:07:04 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2004-03-09 07:41:33 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2004-03-09 07:41:33 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ContextMenuExt.dll
[2003-01-07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000-10-10 23:34:28 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\sccres100.dll
[2000-10-10 23:34:26 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\sccomp100.dll
[2000-10-10 23:34:08 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\Scint100.dll
[1999-06-11 14:18:36 | 000,909,312 | ---- | C] () -- C:\WINDOWS\System32\qd3d.dll
[1999-06-11 14:18:36 | 000,553,984 | ---- | C] () -- C:\WINDOWS\System32\rave.dll
[1998-03-17 19:15:00 | 000,000,116 | ---- | C] () -- C:\WINDOWS\smp32.dll
[1996-04-03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009-01-24 12:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canneverbe_Limited
[2010-05-02 03:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2009-01-26 12:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
[2009-01-26 12:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2009-01-26 12:36:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro
[2008-05-01 04:46:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FrostWire
[2008-12-23 20:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2008-05-23 11:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GlarySoft
[2008-06-25 01:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GrabPro
[2008-05-23 11:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2008-12-27 22:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iolo
[2008-11-05 19:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2007-06-21 19:28:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MSNInstaller
[2010-03-30 20:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\My Games
[2009-12-31 00:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2009-04-14 23:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PACE Anti-Piracy
[2010-02-16 19:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PowerChallenge
[2009-01-26 12:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ProtectDisc
[2010-04-22 00:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sports Interactive
[2008-12-23 20:09:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SuperNZB
[2008-12-24 00:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\s_5849_OTl8fHx8OTl8fHwxMjQyNjc1OTI4fA_
[2009-03-07 13:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\temp
[2008-04-04 02:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2010-05-02 07:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010-02-26 00:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Video Converter for Any Flv Player
[2008-05-22 13:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Live Writer
[2010-05-02 20:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2010-01-17 22:28:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009-02-02 20:55:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009-02-02 22:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010-02-15 15:59:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F4
[2009-11-11 06:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\KONAMI
[2008-12-25 02:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\logs
[2009-04-14 23:29:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2010-04-26 19:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2010-02-12 20:17:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2008-12-26 22:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010-04-22 00:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2010-04-24 00:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008-10-24 16:59:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2009-05-25 11:12:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{F481FC18-57D5-4479-B2FB-083BFF223F8F}
[2008-04-04 02:31:08 | 000,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpyEraser.job
[2010-05-03 14:23:43 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010-02-15 17:25:17 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009-02-02 22:15:01 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2008-05-16 08:05:11 | 000,000,007 | -HS- | M] () -- C:\AUTOEXEC.BAT
[2007-10-10 20:04:31 | 000,000,192 | ---- | M] () -- C:\BcBtRmv.log
[2009-02-03 21:43:45 | 000,000,311 | -HS- | M] () -- C:\boot.ini
[2007-05-31 14:32:24 | 033,040,352 | ---- | M] () -- C:\cltest.txt
[2004-03-09 07:45:09 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004-12-29 07:57:36 | 000,017,505 | R--- | M] () -- C:\DBI.EXE
[2007-09-06 19:41:10 | 000,000,245 | ---- | M] () -- C:\debugInstaller.txt
[2009-02-21 02:53:22 | 000,002,642 | ---- | M] () -- C:\INSTALL.LOG
[2004-03-09 07:45:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-04-30 21:32:01 | 000,002,248 | ---- | M] () -- C:\LU4.log
[2009-10-16 17:38:24 | 000,000,105 | ---- | M] () -- C:\lxak.log
[2010-05-01 09:56:51 | 000,109,768 | ---- | M] () -- C:\MGlogs.zip
[2010-05-01 03:17:41 | 002,377,252 | ---- | M] () -- C:\MGtools.exe
[2004-03-09 07:45:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004-08-03 21:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004-08-03 21:59:34 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010-05-03 14:20:12 | 802,160,640 | -HS- | M] () -- C:\pagefile.sys
[2010-04-30 21:35:46 | 000,006,030 | ---- | M] () -- C:\pcwdbg.log
[2008-10-28 22:15:39 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2008-12-29 16:29:17 | 000,001,825 | ---- | M] () -- C:\rapport.txt
[2010-04-21 19:00:10 | 000,007,217 | ---- | M] () -- C:\resolve.log
[2009-08-29 10:40:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009-09-13 17:01:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009-09-29 18:20:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009-09-29 21:28:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009-09-30 01:10:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009-09-30 13:22:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009-09-30 14:28:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009-10-01 13:32:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009-10-01 16:23:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009-10-01 20:23:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009-10-01 22:44:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009-10-16 05:04:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009-10-16 07:36:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009-10-16 18:09:21 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009-10-17 10:40:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009-10-19 02:58:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009-10-19 10:09:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009-10-19 18:05:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009-08-14 07:30:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009-08-14 18:19:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009-08-29 10:40:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009-09-13 17:01:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009-09-29 18:20:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009-09-29 21:28:03 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009-09-30 01:10:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009-09-30 13:22:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009-09-30 14:28:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009-10-01 13:32:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009-10-01 16:23:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009-10-01 20:23:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009-10-01 22:44:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009-10-16 05:04:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009-10-16 07:36:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009-10-16 18:09:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009-10-17 10:40:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009-10-19 02:58:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009-10-19 10:09:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009-10-19 18:05:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009-08-14 07:30:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009-08-14 18:19:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004-03-09 08:33:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004-03-09 08:33:18 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004-03-09 08:33:18 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010-02-11 09:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys
[2010-02-16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntflt.sys
[2010-03-01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys
[2010-04-29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010-04-29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010-02-24 14:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010-02-11 14:01:43 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2010-03-02 04:00:09 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\vpgxkmeb.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 182 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
@Alternate Data Stream - 1400 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:QM6zQSR1bZ9jXLWwrilKoISq
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B879A65B
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:436DEE1E
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05D195EC
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:466F9D5D
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C895616B
< End of report >


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4056

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

2010-05-03 17:01:28
mbam-log-2010-05-03 (17-01-28).txt

Scan type: Quick scan
Objects scanned: 128557
Time elapsed: 17 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-02 23:31:00
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pgldqpow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xAD7D0A60]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xAD7B5BF0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xAD7D2920]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xAD7B1F60]
SSDT F8D19EDE ZwCreateKey
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xAD7C92B0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xAD7C9BB0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0xAD7B0D10]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xAD7BCE40]
SSDT F8D19ED4 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDebugActiveProcess [0xAD7D5F30]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xAD7BBB20]
SSDT F8D19EE3 ZwDeleteKey
SSDT F8D19EED ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadDriver [0xAD7C6BB0]
SSDT F8D19EF2 ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xAD7BC6B0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xAD7B4C10]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xAD7BDFC0]
SSDT F8D19EC0 ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xAD7B1580]
SSDT F8D19EC5 ZwOpenThread
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xAD7D1DA0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xAD7B68A0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xAD7C0750]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xAD7C0FA0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xAD7CFED0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xAD7C4590]
SSDT F8D19EFC ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xAD7D4A50]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xAD7D4D70]
SSDT F8D19EF7 ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xAD7C2C80]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xAD7C34D0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xAD7D3480]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xAD7CF440]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationDebugObject [0xAD7D6520]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xAD7B7BF0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xAD7C61C0]
SSDT F8D19EE8 ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xAD7CE190]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xAD7CEAC0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xAD7D5770]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateProcess [0xAD7CC790]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xAD7CD620]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xAD7C7530]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwWriteVirtualMemory [0xAD7D12B0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [90, E1, 7C, AD, C0, EA, 7C, ...] {NOP ; LOOPZ 0x7f; LODSD ; SHR DL, 0x7c; LODSD ; JO 0x61; JGE 0xffffffffffffffb9}
init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF8750A0C]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF7821000, 0x1C5D38, 0xE8000020]
.reloc C:\WINDOWS\system32\drivers\acedrv11.sys section is executable [0xAB0CB480, 0x306DD, 0xE0000060]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xAAE88300, 0x3ACC8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB211F300, 0x1B7E, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\svchost.exe[200] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
? C:\Program Files\Java\jre6\bin\jqs.exe[268] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[268] USER32.dll!SetWindowPos 7E41C01B 5 Bytes JMP 100AA1A0 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[268] USER32.dll!SetForegroundWindow 7E423D4D 5 Bytes JMP 100AA174 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[268] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 5 Bytes JMP 100AA1F8 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[268] USER32.dll!ChangeDisplaySettingsExW 7E45938D 5 Bytes JMP 100AA224 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
? H:\Program Files\Avira\AntiVir Desktop\avshadow.exe[280] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
.text H:\Program Files\Avira\AntiVir Desktop\avshadow.exe[280] USER32.dll!SetWindowPos 7E41C01B 5 Bytes JMP 100AA1A0 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text H:\Program Files\Avira\AntiVir Desktop\avshadow.exe[280] USER32.dll!SetForegroundWindow 7E423D4D 5 Bytes JMP 100AA174 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text H:\Program Files\Avira\AntiVir Desktop\avshadow.exe[280] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 5 Bytes JMP 100AA1F8 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text H:\Program Files\Avira\AntiVir Desktop\avshadow.exe[280] USER32.dll!ChangeDisplaySettingsExW 7E45938D 5 Bytes JMP 100AA224 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
? C:\WINDOWS\system32\WgaTray.exe[316] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\WINDOWS\system32\WgaTray.exe[316] USER32.dll!SetWindowPos 7E41C01B 5 Bytes JMP 100AA1A0 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\WgaTray.exe[316] USER32.dll!SetForegroundWindow 7E423D4D 5 Bytes JMP 100AA174 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\WgaTray.exe[316] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 5 Bytes JMP 100AA1F8 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\WgaTray.exe[316] USER32.dll!ChangeDisplaySettingsExW 7E45938D 5 Bytes JMP 100AA224 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
? H:\Program Files\Avira\AntiVir Desktop\sched.exe[324] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
.text H:\Program Files\Avira\AntiVir Desktop\sched.exe[324] USER32.dll!SetWindowPos 7E41C01B 5 Bytes JMP 100AA1A0 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text H:\Program Files\Avira\AntiVir Desktop\sched.exe[324] USER32.dll!SetForegroundWindow 7E423D4D 5 Bytes JMP 100AA174 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text H:\Program Files\Avira\AntiVir Desktop\sched.exe[324] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 5 Bytes JMP 100AA1F8 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text H:\Program Files\Avira\AntiVir Desktop\sched.exe[324] USER32.dll!ChangeDisplaySettingsExW 7E45938D 5 Bytes JMP 100AA224 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
? C:\WINDOWS\Explorer.EXE[344] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\WINDOWS\Explorer.EXE[344] USER32.dll!SetWindowPos 7E41C01B 5 Bytes JMP 100AA1A0 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[344] USER32.dll!SetForegroundWindow 7E423D4D 5 Bytes JMP 100AA174 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[344] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 5 Bytes JMP 100AA1F8 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[344] USER32.dll!ChangeDisplaySettingsExW 7E45938D 5 Bytes JMP 100AA224 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
? C:\WINDOWS\system32\svchost.exe[420] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\runservice.exe[452] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\WINDOWS\runservice.exe[452] USER32.dll!SetWindowPos 7E41C01B 5 Bytes JMP 100AA1A0 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\runservice.exe[452] USER32.dll!SetForegroundWindow 7E423D4D 5 Bytes JMP 100AA174 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\runservice.exe[452] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 5 Bytes JMP 100AA1F8 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\runservice.exe[452] USER32.dll!ChangeDisplaySettingsExW 7E45938D 5 Bytes JMP 100AA224 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
? E:\CDBurnerXP\NMSAccessU.exe[600] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
.text E:\CDBurnerXP\NMSAccessU.exe[600] USER32.dll!SetWindowPos 7E41C01B 5 Bytes JMP 100AA1A0 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text E:\CDBurnerXP\NMSAccessU.exe[600] USER32.dll!SetForegroundWindow 7E423D4D 5 Bytes JMP 100AA174 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text E:\CDBurnerXP\NMSAccessU.exe[600] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 5 Bytes JMP 100AA1F8 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text E:\CDBurnerXP\NMSAccessU.exe[600] USER32.dll!ChangeDisplaySettingsExW 7E45938D 5 Bytes JMP 100AA224 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
? C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe[612] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe[612] USER32.dll!SetWindowPos 7E41C01B 5 Bytes JMP 006AA1A0 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe[612] USER32.dll!SetForegroundWindow 7E423D4D 5 Bytes JMP 006AA174 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe[612] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 5 Bytes JMP 006AA1F8 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe[612] USER32.dll!ChangeDisplaySettingsExW 7E45938D 5 Bytes JMP 006AA224 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
? C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe[644] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe[644] USER32.dll!SetWindowPos 7E41C01B 5 Bytes JMP 00A2A1A0 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe[644] USER32.dll!SetForegroundWindow 7E423D4D 5 Bytes JMP 00A2A174 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe[644] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 5 Bytes JMP 00A2A1F8 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe[644] USER32.dll!ChangeDisplaySettingsExW 7E45938D 5 Bytes JMP 00A2A224 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
? H:\SECURITY\Agnitum\OUTPOS~1\acs.exe[792] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\rundll32.exe[832] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\WINDOWS\system32\rundll32.exe[832] USER32.dll!SetWindowPos 7E41C01B 5 Bytes JMP 100AA1A0 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\rundll32.exe[832] USER32.dll!SetForegroundWindow 7E423D4D 5 Bytes JMP 100AA174 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\rundll32.exe[832] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 5 Bytes JMP 100AA1F8 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\rundll32.exe[832] USER32.dll!ChangeDisplaySettingsExW 7E45938D 5 Bytes JMP 100AA224 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
? H:\Program Files\Avira\AntiVir Desktop\avgnt.exe[840] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
.text H:\Program Files\Avira\AntiVir Desktop\avgnt.exe[840] USER32.dll!SetWindowPos 7E41C01B 5 Bytes JMP 100AA1A0 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text H:\Program Files\Avira\AntiVir Desktop\avgnt.exe[840] USER32.dll!SetForegroundWindow 7E423D4D 5 Bytes JMP 100AA174 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text H:\Program Files\Avira\AntiVir Desktop\avgnt.exe[840] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 5 Bytes JMP 100AA1F8 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text H:\Program Files\Avira\AntiVir Desktop\avgnt.exe[840] USER32.dll!ChangeDisplaySettingsExW 7E45938D 5 Bytes JMP 100AA224 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
? C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[852] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[852] USER32.dll!SetWindowPos 7E41C01B 5 Bytes JMP 100AA1A0 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[852] USER32.dll!SetForegroundWindow 7E423D4D 5 Bytes JMP 100AA174 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[852] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 5 Bytes JMP 100AA1F8 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[852] USER32.dll!ChangeDisplaySettingsExW 7E45938D 5 Bytes JMP 100AA224 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text H:\SECURITY\Agnitum\OUTPOS~1\op_mon.exe[864] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0059EB4C H:\SECURITY\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
? H:\SECURITY\Agnitum\OUTPOS~1\op_mon.exe[864] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
.text H:\SECURITY\Agnitum\OUTPOS~1\op_mon.exe[864] USER32.dll!EnableWindow 7E41BE71 5 Bytes JMP 011C944C H:\SECURITY\Agnitum\OUTPOS~1\op_cmn.dll (Outpost Common Controls Library/Agnitum Ltd.)
.text H:\SECURITY\Agnitum\OUTPOS~1\op_mon.exe[864] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 0059EB20 H:\SECURITY\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text H:\SECURITY\Agnitum\OUTPOS~1\op_mon.exe[864] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 0059EAF4 H:\SECURITY\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
? C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[868] C:\WINDOWS\system32\KERNEL32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[868] USER32.dll!SetWindowPos 7E41C01B 5 Bytes JMP 100AA1A0 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[868] USER32.dll!SetForegroundWindow 7E423D4D 5 Bytes JMP 100AA174 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[868] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 5 Bytes JMP 100AA1F8 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[868] USER32.dll!ChangeDisplaySettingsExW 7E45938D 5 Bytes JMP 100AA224 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
? C:\WINDOWS\system32\ctfmon.exe[944] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\WINDOWS\system32\ctfmon.exe[944] USER32.dll!SetWindowPos 7E41C01B 5 Bytes JMP 100AA1A0 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[944] USER32.dll!SetForegroundWindow 7E423D4D 5 Bytes JMP 100AA174 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[944] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 5 Bytes JMP 100AA1F8 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[944] USER32.dll!ChangeDisplaySettingsExW 7E45938D 5 Bytes JMP 100AA224 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
? H:\Program Files\Avira\AntiVir Desktop\avguard.exe[1124] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
.text H:\Program Files\Avira\AntiVir Desktop\avguard.exe[1124] USER32.dll!SetWindowPos 7E41C01B 5 Bytes JMP 100AA1A0 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text H:\Program Files\Avira\AntiVir Desktop\avguard.exe[1124] USER32.dll!SetForegroundWindow 7E423D4D 5 Bytes JMP 100AA174 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text H:\Program Files\Avira\AntiVir Desktop\avguard.exe[1124] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 5 Bytes JMP 100AA1F8 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text H:\Program Files\Avira\AntiVir Desktop\avguard.exe[1124] USER32.dll!ChangeDisplaySettingsExW 7E45938D 5 Bytes JMP 100AA224 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
? C:\WINDOWS\system32\wuauclt.exe[1176] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1176] USER32.dll!SetWindowPos 7E41C01B 5 Bytes JMP 100AA1A0 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wuauclt.exe[1176] USER32.dll!SetForegroundWindow 7E423D4D 5 Bytes JMP 100AA174 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wuauclt.exe[1176] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 5 Bytes JMP 100AA1F8 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wuauclt.exe[1176] USER32.dll!ChangeDisplaySettingsExW 7E45938D 5 Bytes JMP 100AA224 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
? C:\WINDOWS\system32\csrss.exe[1188] C:\WINDOWS\system32\KERNEL32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\winlogon.exe[1220] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\WINDOWS\system32\winlogon.exe[1220] USER32.dll!SetWindowPos 7E41C01B 5 Bytes JMP 100AA1A0 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1220] USER32.dll!SetForegroundWindow 7E423D4D 5 Bytes JMP 100AA174 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1220] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 5 Bytes JMP 100AA1F8 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1220] USER32.dll!ChangeDisplaySettingsExW 7E45938D 5 Bytes JMP 100AA224 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
? C:\WINDOWS\system32\services.exe[1264] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\WINDOWS\system32\services.exe[1264] USER32.dll!SetWindowPos 7E41C01B 5 Bytes JMP 100AA1A0 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1264] USER32.dll!SetForegroundWindow 7E423D4D 5 Bytes JMP 100AA174 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1264] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 5 Bytes JMP 100AA1F8 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1264] USER32.dll!ChangeDisplaySettingsExW 7E45938D 5 Bytes JMP 100AA224 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
? C:\WINDOWS\system32\lsass.exe[1276] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\Ati2evxx.exe[1444] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1444] USER32.dll!SetWindowPos 7E41C01B 5 Bytes JMP 100AA1A0 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\Ati2evxx.exe[1444] USER32.dll!SetForegroundWindow 7E423D4D 5 Bytes JMP 100AA174 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\Ati2evxx.exe[1444] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 5 Bytes JMP 100AA1F8 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\Ati2evxx.exe[1444] USER32.dll!ChangeDisplaySettingsExW 7E45938D 5 Bytes JMP 100AA224 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
? C:\WINDOWS\system32\svchost.exe[1464] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\svchost.exe[1520] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\System32\svchost.exe[1568] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
? C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1600] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1600] USER32.dll!SetWindowPos 7E41C01B 5 Bytes JMP 100AA1A0 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1600] USER32.dll!SetForegroundWindow 7E423D4D 5 Bytes JMP 100AA174 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1600] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 5 Bytes JMP 100AA1F8 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1600] USER32.dll!ChangeDisplaySettingsExW 7E45938D 5 Bytes JMP 100AA224 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
? C:\WINDOWS\system32\svchost.exe[1628] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
? C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1636] C:\WINDOWS\system32\KERNEL32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1636] USER32.dll!SetWindowPos 7E41C01B 5 Bytes JMP 100AA1A0 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1636] USER32.dll!SetForegroundWindow 7E423D4D 5 Bytes JMP 100AA174 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1636] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 5 Bytes JMP 100AA1F8 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1636] USER32.dll!ChangeDisplaySettingsExW 7E45938D 5 Bytes JMP 100AA224 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
? C:\WINDOWS\system32\wdfmgr.exe[1744] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
? C:\WINDOWS\system32\svchost.exe[1768] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
? C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1848] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1848] USER32.dll!SetWindowPos 7E41C01B 5 Bytes JMP 100AA1A0 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1848] USER32.dll!SetForegroundWindow 7E423D4D 5 Bytes JMP 100AA174 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1848] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 5 Bytes JMP 100AA1F8 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe[1848] USER32.dll!ChangeDisplaySettingsExW 7E45938D 5 Bytes JMP 100AA224 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
? C:\WINDOWS\system32\Ati2evxx.exe[1888] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1888] USER32.dll!SetWindowPos 7E41C01B 5 Bytes JMP 100AA1A0 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\Ati2evxx.exe[1888] USER32.dll!SetForegroundWindow 7E423D4D 5 Bytes JMP 100AA174 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\Ati2evxx.exe[1888] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 5 Bytes JMP 100AA1F8 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\Ati2evxx.exe[1888] USER32.dll!ChangeDisplaySettingsExW 7E45938D 5 Bytes JMP 100AA224 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
? C:\WINDOWS\system32\spoolsv.exe[2028] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!SetWindowPos 7E41C01B 5 Bytes JMP 100AA1A0 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!SetForegroundWindow 7E423D4D 5 Bytes JMP 100AA174 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 5 Bytes JMP 100AA1F8 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!ChangeDisplaySettingsExW 7E45938D 5 Bytes JMP 100AA224 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
? C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe[2128] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe[2128] USER32.dll!SetWindowPos 7E41C01B 5 Bytes JMP 009BA1A0 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe[2128] USER32.dll!SetForegroundWindow 7E423D4D 5 Bytes JMP 009BA174 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe[2128] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 5 Bytes JMP 009BA1F8 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\NVIDIA\NetworkAccessManager\bin\nSvcAppFlt.exe[2128] USER32.dll!ChangeDisplaySettingsExW 7E45938D 5 Bytes JMP 009BA224 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
? C:\WINDOWS\system32\wbem\wmiprvse.exe[3664] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3664] USER32.dll!SetWindowPos 7E41C01B 5 Bytes JMP 100AA1A0 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3664] USER32.dll!SetForegroundWindow 7E423D4D 5 Bytes JMP 100AA174 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3664] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 5 Bytes JMP 100AA1F8 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3664] USER32.dll!ChangeDisplaySettingsExW 7E45938D 5 Bytes JMP 100AA224 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
? C:\WINDOWS\System32\alg.exe[3824] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
? C:\Documents and Settings\Administrator\Desktop\gmer\gmer.exe[5368] C:\WINDOWS\system32\kernel32.dll image checksum mismatch; time/date stamp mismatch; unknown module: rasapi32.dll
.text C:\Documents and Settings\Administrator\Desktop\gmer\gmer.exe[5368] USER32.dll!SetWindowPos 7E41C01B 5 Bytes JMP 100AA1A0 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\Administrator\Desktop\gmer\gmer.exe[5368] USER32.dll!SetForegroundWindow 7E423D4D 5 Bytes JMP 100AA174 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\Administrator\Desktop\gmer\gmer.exe[5368] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 5 Bytes JMP 100AA1F8 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\Administrator\Desktop\gmer\gmer.exe[5368] USER32.dll!ChangeDisplaySettingsExW 7E45938D 5 Bytes JMP 100AA224 h:\security\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\IPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0[email protected] 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0[email protected] 0x71 0x88 0x8E 0xAA ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\0[email protected] 0x2A 0xF7 0x1C 0x35 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\0[email protected] 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0x4C 0xF8 0x9F 0x4C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0[email protected] 0x71 0x88 0x8E 0xAA ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\0[email protected] 0x2A 0xF7 0x1C 0x35 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\0[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\[email protected] 0x4C 0xF8 0x9F 0x4C ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd101185 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0[email protected] 0xEC 0x7D 0x9C 0x2D ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0[email protected] 0x0C 0x58 0x37 0x6B ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0[email protected] 0xFB 0x6C 0x3B 0x5E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0[email protected] 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0[email protected] 0x71 0x88 0x8E 0xAA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] 0x0A 0x0F 0x92 0x32 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\[email protected] H:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0xCA 0x74 0x49 0xE8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0[email protected] 0x42 0x19 0x86 0x8F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0[email protected] 0x73 0x02 0x25 0xE5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd101185
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0[email protected] 0xEC 0x7D 0x9C 0x2D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0[email protected] 0x0C 0x58 0x37 0x6B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0[email protected] 0xFB 0x6C 0x3B 0x5E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0[email protected] 0x71 0x88 0x8E 0xAA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x0A 0x0F 0x92 0x32 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] H:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0xCA 0x74 0x49 0xE8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0[email protected] 0x42 0x19 0x86 0x8F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0[email protected] 0x73 0x02 0x25 0xE5 ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\0009dd101185 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\0[email protected] 0xEC 0x7D 0x9C 0x2D ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\0[email protected] 0x0C 0x58 0x37 0x6B ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\0[email protected] 0xFB 0x6C 0x3B 0x5E ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0[email protected] 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0[email protected] 0x71 0x88 0x8E 0xAA ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\[email protected] 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\[email protected] 0x0A 0x0F 0x92 0x32 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\[email protected] H:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\0[email protected] 0xCA 0x74 0x49 0xE8 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0[email protected] 0x42 0x19 0x86 0x8F ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0[email protected] 0x73 0x02 0x25 0xE5 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0C05A481-4DF3-5469-5A02-D6A10717C400}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0E7D3DBD-2361-D173-0D5A-B1E2DC118658}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0E7D3DBD-2361-D173-0D5A-B1E2DC118658}@halnanpjpkmimbcm 0x67 0x64 0x65 0x6D ...

---- EOF - GMER 1.0.15 ----
  • 0

#5
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,050 posts
Hello zhuya,

My apologies for not getting back to you on this.

Somehow missed it.

However I see you are getting help elswhere as well. It is dangerous to get advice from two different helpers at the same time. You need to choose one to stay with.

As you have progressed further with the other site I take it that you no-longer wish to continue here?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP