Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Email Virus

Started by mooshell9174 , Jun 22 2010 05:03 PM

  • This topic is locked This topic is locked

#1
mooshell9174
Posted 22 June 2010 - 05:03 PM

mooshell9174

    Member

  • Member
  • PipPip
  • 26 posts
My boss asked me today if I had sent him an email with a link in it at 1 am this morning. I had not. Then when I checked my email I had replies from some of my contacts telling me the same thing. Also for the past few days my computer has taken several minutes to boot up. I have yahoo email and have now changed my password. I have ran the programs recommended and posted the logs below. Thanks for you help.

Michele

--------------------------
OTL logfile created on: 6/22/2010 6:04:28 PM - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\End User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

990.00 Mb Total Physical Memory | 404.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 68.51 Gb Free Space | 61.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: END-5EB8223EDBA
Current User Name: End User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Processes (SafeList) ==========<!--colorc--></span><!--/colorc-->

PRC - [2010/06/22 18:02:59 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\End User\My Documents\Downloads\OTL.exe
PRC - [2010/06/02 09:17:37 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/02 09:17:35 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/02 09:17:34 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/02 09:16:55 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/02 09:16:53 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/05 08:54:01 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/12 18:13:07 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/23 20:34:36 | 000,827,904 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 20:53:25 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdxcoms.exe
PRC - [2008/02/27 20:53:22 | 000,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxserv.exe
PRC - [2007/08/31 14:58:50 | 000,357,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe


<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Modules (SafeList) ==========<!--colorc--></span><!--/colorc-->

MOD - [2010/06/22 18:02:59 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\End User\My Documents\Downloads\OTL.exe
MOD - [2009/04/28 11:05:56 | 000,715,264 | ---- | M] (Agnitum Ltd.) -- c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Win32 Services (SafeList) ==========<!--colorc--></span><!--/colorc-->

SRV - File not found [Auto | Stopped] -- -- (AntiVirUpgradeService)
SRV - [2010/03/12 18:13:07 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/04/28 11:06:06 | 001,195,008 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe -- (acssrv)
SRV - [2008/02/27 20:53:25 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdxcoms.exe -- (lxdx_device)
SRV - [2008/02/27 20:53:22 | 000,098,984 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)


<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Driver Services (SafeList) ==========<!--colorc--></span><!--/colorc-->

DRV - [2010/06/02 09:17:36 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 09:17:35 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/12 18:12:24 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/19 21:43:45 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/19 21:43:45 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 21:43:45 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/07 23:56:49 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2010/01/24 20:54:46 | 000,000,000 | ---- | M] () [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\浍湉ࢰ蘽륀聕뀈蘿蘼.sys [WARNING: C:\WINDOWS\system32\drivers\??????????.sys] -- (浍湉ࢰ蘽륀聕뀈蘿蘼)
DRV - [2009/04/06 12:37:12 | 000,704,384 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SandBox.sys -- (SandBox)
DRV - [2009/02/18 18:30:56 | 000,031,128 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw)
DRV - [2009/02/10 17:15:42 | 000,257,432 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/08/28 19:09:00 | 003,506,528 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/08/01 18:07:54 | 000,013,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/08/01 18:07:52 | 000,035,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/25 17:26:08 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005/10/18 15:15:42 | 004,034,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/01/07 18:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2001/08/17 09:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Standard Registry (SafeList) ==========<!--colorc--></span><!--/colorc-->


<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Internet Explorer ==========<!--colorc--></span><!--/colorc-->

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.bing.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.msn.com" target="_blank">http://www.msn.com</a>

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = <a href="http://search.bearshare.com/" target="_blank">http://search.bearshare.com/</a>
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = <a href="http://www.msn.com/" target="_blank">http://www.msn.com/</a>
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== FireFox ==========<!--colorc--></span><!--/colorc-->

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.87
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/02 18:30:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/18 11:24:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/18 11:24:14 | 000,000,000 | ---D | M]

[2010/01/24 11:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Mozilla\Extensions
[2010/01/21 23:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\7y8wpos9.default\extensions
[2010/01/24 11:40:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\7y8wpos9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/22 14:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\hvqr0waw.default\extensions
[2010/04/27 16:51:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\hvqr0waw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/12 13:11:46 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\hvqr0waw.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/05/04 14:24:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\hvqr0waw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/02 18:28:58 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\hvqr0waw.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2009/12/03 11:54:24 | 000,002,476 | ---- | M] () -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\hvqr0waw.default\searchplugins\BearShareWebSearch.xml
[2010/06/22 14:08:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2009/12/03 11:54:24 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml

O1 HOSTS File: ([2010/01/29 18:36:43 | 000,619,896 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 data2.activshopper.com #[Trackware.ActivShopper]
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 16418 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Parental Control Toolbar) - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - C:\Program Files\parentalcontrol\parentalcontrol.dll ()
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll ()
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O3 - HKLM\..\Toolbar: (Parental Control Toolbar) - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - C:\Program Files\parentalcontrol\parentalcontrol.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Parental Control Toolbar) - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - C:\Program Files\parentalcontrol\parentalcontrol.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMultiIE = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWB = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWC = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWD = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWE = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWF = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWG = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWH = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWI = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWJ = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWK = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWM = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWN = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWO = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWP = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWQ = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWR = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWS = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWT = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWU = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWV = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWW = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWX = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWY = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWZ = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <a href="http://appldnld.appl...x/qtplugin.cab" target="_blank">http://appldnld.appl...tplugin.cab</a> (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} <a href="http://download.macr...irector/sw.cab" target="_blank">http://download.macr...ctor/sw.cab</a> (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} <a href="http://www.update.mi...?1194199305268" target="_blank">http://www.update.mi...94199305268</a> (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <a href="http://www.update.mi...?1202609130078" target="_blank">http://www.update.mi...02609130078</a> (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} <a href="http://java.sun.com/...ndows-i586.cab" target="_blank">http://java.sun.com/...ws-i586.cab</a> (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <a href="http://fpdownload.ma.../ultrashim.cab" target="_blank">http://fpdownload.ma...trashim.cab</a> (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} <a href="http://java.sun.com/...ndows-i586.cab" target="_blank">http://java.sun.com/...ws-i586.cab</a> (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <a href="http://java.sun.com/...ndows-i586.cab" target="_blank">http://java.sun.com/...ws-i586.cab</a> (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} <a href="http://platformdl.ad...lus/1.6/gp.cab" target="_blank">http://platformdl.ad.../1.6/gp.cab</a> (Reg Error: Key error.)
O16 - DPF: {FBEBF3DD-EF0E-44D3-9194-E8B3FDA9EBF8} <a href="http://67.221.122.13...33/WebCamX.cab" target="_blank">http://67.221.122.13...WebCamX.cab</a> (WebCamX Control)
O16 - DPF: vzTCPConfig <a href="http://www2.verizon....zTCPConfig.CAB" target="_blank">http://www2.verizon....PConfig.CAB</a> (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll) - C:\Program Files\BearShare Applications\MediaBar\DataMngr\datamngr.dll ()
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\End User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\End User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/03 22:46:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/11/03 22:45:54 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mp42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Files/Folders - Created Within 90 Days ==========<!--colorc--></span><!--/colorc-->

[2010/06/07 08:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/05/18 11:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/05/18 11:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/24 19:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\End User\Application Data\TuneUp Software
[2010/04/24 19:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010
[2010/04/24 19:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/04/24 19:04:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/01/22 18:52:02 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDXhcp.dll
[2010/01/22 18:52:01 | 001,105,920 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxserv.dll
[2010/01/22 18:52:01 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxusb1.dll
[2010/01/22 18:52:01 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxinpa.dll
[2010/01/22 18:52:01 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxiesc.dll
[2010/01/22 18:52:00 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxpmui.dll
[2010/01/22 18:52:00 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxprox.dll
[2010/01/22 18:51:59 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxlmpm.dll
[2010/01/22 18:51:58 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxhbn3.dll
[2010/01/22 18:51:56 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomc.dll
[2010/01/22 18:51:56 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomm.dll
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Files - Modified Within 90 Days ==========<!--colorc--></span><!--/colorc-->

[2010/06/22 18:06:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A03861EE-BCF6-44A1-95B0-4E302B7FDA1D}.job
[2010/06/22 17:54:33 | 061,327,002 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/22 16:52:01 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\End User\Local Settings\Application Data\prvlcl.dat
[2010/06/22 16:48:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/22 16:47:53 | 000,034,972 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/06/22 16:47:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/22 16:47:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/22 16:38:26 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\End User\NTUSER.DAT
[2010/06/22 16:38:26 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\End User\ntuser.ini
[2010/06/22 16:34:30 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\End User\Desktop\NTREGOPT.lnk
[2010/06/22 16:34:30 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\End User\Desktop\ERUNT.lnk
[2010/06/22 16:21:03 | 000,501,780 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/22 16:21:03 | 000,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/22 16:21:03 | 000,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/22 14:13:08 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{63677EAF-870D-4C0B-B179-923662675D6D}.job
[2010/06/21 20:33:21 | 005,370,276 | -H-- | M] () -- C:\Documents and Settings\End User\Local Settings\Application Data\IconCache.db
[2010/06/14 20:36:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/09 17:40:07 | 000,106,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/09 17:14:51 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/06 15:46:15 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\End User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/02 18:37:50 | 000,026,064 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Box cake recipe.odt
[2010/06/02 09:17:36 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/02 09:17:35 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/31 22:24:51 | 000,032,686 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Envelope Address format.odt
[2010/05/31 22:12:42 | 000,149,152 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\BJs 4th Bday invite.odt
[2010/05/27 15:52:18 | 000,045,042 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\grad.odt
[2010/05/27 15:50:27 | 000,031,707 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\graduation_2.gif
[2010/05/27 14:28:29 | 000,034,558 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Address.odt
[2010/05/19 12:19:49 | 001,084,484 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\BJs 4th Bday invite 2.odt
[2010/05/18 11:24:51 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/05/15 20:16:25 | 000,000,619 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\lion simba circle.map
[2010/05/15 20:10:41 | 000,034,753 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Lion-King-simba grass.jpg
[2010/05/15 20:08:51 | 000,062,684 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\LionKingCliff.gif
[2010/05/15 20:08:12 | 000,029,723 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\the_lion_king_pride rock.jpg
[2010/05/14 19:02:07 | 000,017,718 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Core snacks.odt
[2010/05/12 21:20:09 | 000,028,079 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\lionking-simbacub.jpg
[2010/05/12 21:19:00 | 000,020,700 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\lionking20.gif
[2010/05/12 21:14:23 | 000,021,568 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\simbacub.gif
[2010/05/07 18:22:24 | 002,362,112 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Canon PowerShot S3 advanced manual.pdf
[2010/05/07 18:21:00 | 001,255,270 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Canon PowereShot S3 basic manual.pdf
[2010/04/24 19:26:45 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\End User\NTUSER.DAT_tureg_old
[2010/04/19 22:19:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/08 20:34:18 | 000,018,141 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Please fill out on 2nd line & return to [email protected](2)(2).ods
[2010/04/06 21:04:43 | 000,017,448 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Please fill out on 2nd line & return to [email protected](2).ods
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Files Created - No Company Name ==========<!--colorc--></span><!--/colorc-->

[2010/06/02 18:37:49 | 000,026,064 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Box cake recipe.odt
[2010/05/31 22:24:50 | 000,032,686 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Envelope Address format.odt
[2010/05/27 15:52:16 | 000,045,042 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\grad.odt
[2010/05/27 15:50:27 | 000,031,707 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\graduation_2.gif
[2010/05/27 14:14:04 | 000,034,558 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Address.odt
[2010/05/19 12:16:19 | 001,084,484 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\BJs 4th Bday invite 2.odt
[2010/05/18 11:24:51 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/05/15 20:16:25 | 000,000,619 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\lion simba circle.map
[2010/05/15 20:10:41 | 000,034,753 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Lion-King-simba grass.jpg
[2010/05/15 20:08:51 | 000,062,684 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\LionKingCliff.gif
[2010/05/15 20:08:11 | 000,029,723 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\the_lion_king_pride rock.jpg
[2010/05/14 19:02:07 | 000,017,718 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Core snacks.odt
[2010/05/13 15:44:39 | 000,149,152 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\BJs 4th Bday invite.odt
[2010/05/12 21:20:08 | 000,028,079 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\lionking-simbacub.jpg
[2010/05/12 21:19:00 | 000,020,700 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\lionking20.gif
[2010/05/12 21:14:22 | 000,021,568 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\simbacub.gif
[2010/05/12 17:01:02 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/07 18:22:24 | 002,362,112 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Canon PowerShot S3 advanced manual.pdf
[2010/05/07 18:21:00 | 001,255,270 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Canon PowereShot S3 basic manual.pdf
[2010/04/24 19:29:00 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\End User\NTUSER.DAT_tureg_new.LOG
[2010/04/08 20:34:17 | 000,018,141 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Please fill out on 2nd line & return to [email protected](2)(2).ods
[2010/04/06 21:00:23 | 000,017,448 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Please fill out on 2nd line & return to [email protected](2).ods
[2010/01/22 18:54:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdxvs.dll
[2010/01/22 18:54:44 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\lxdxcoin.dll
[2010/01/22 18:53:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdxcaps.dll
[2010/01/22 18:53:37 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdxdrs.dll
[2010/01/22 18:53:37 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdxcnv4.dll
[2010/01/22 18:52:20 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdxrwrd.ini
[2010/01/22 18:52:02 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDXinst.dll
[2010/01/22 18:51:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdxgrd.dll
[2009/01/15 18:01:54 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/10/09 14:35:38 | 000,801,792 | ---- | C] () -- C:\WINDOWS\System32\NVD110.dll
[2008/10/09 14:35:38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\NVD410.dll
[2008/10/09 14:35:38 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\NVD210.dll
[2008/10/09 14:35:38 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\NVD510.dll
[2008/09/09 13:20:38 | 000,417,792 | ---- | C] () -- C:\WINDOWS\System32\RTClientSDK71.dll
[2008/09/09 13:20:38 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\decode.dll
[2008/09/09 13:20:38 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\NetworkAPI.dll
[2008/09/09 13:20:38 | 000,001,147 | ---- | C] () -- C:\WINDOWS\System32\IPCamera.ini
[2008/02/09 02:25:44 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/02/09 02:02:27 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/02/09 02:02:27 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/11/24 16:48:25 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/10 11:28:57 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2007/11/10 11:28:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2007/09/17 02:07:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/09/17 02:07:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/09/17 02:07:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/09/17 02:07:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/09/17 02:07:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/09/17 02:07:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/28 19:09:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== LOP Check ==========<!--colorc--></span><!--/colorc-->

[2010/02/08 21:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy
[2010/01/29 19:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2009/01/03 11:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2010/01/29 19:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/07 09:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2007/11/04 14:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2010/01/11 20:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/12/07 09:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2008/01/15 07:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/02/09 21:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/06 19:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R
[2010/04/24 19:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/02/08 01:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/04/24 19:04:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/02/02 18:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\BearShare
[2010/06/02 14:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\bearsharemediabartb
[2008/02/15 11:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\FrostWire
[2007/11/04 14:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Infineon
[2009/12/16 22:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\IObit
[2010/01/22 19:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Lexmark Productivity Studio
[2009/12/12 07:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\LimeWire
[2008/05/07 13:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\ParentalControl
[2009/12/07 09:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\ParetoLogic
[2009/12/31 00:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Simply Super Software
[2008/06/03 23:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Snapfish
[2010/04/24 19:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\TuneUp Software
[2010/02/08 00:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Vso
[2010/06/22 14:13:08 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{63677EAF-870D-4C0B-B179-923662675D6D}.job
[2010/06/22 18:06:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A03861EE-BCF6-44A1-95B0-4E302B7FDA1D}.job

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Purity Check ==========<!--colorc--></span><!--/colorc-->



<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Custom Scans ==========<!--colorc--></span><!--/colorc-->


<!--coloro:#A23BEC--><span style="color:#A23BEC"><!--/coloro-->< %SYSTEMDRIVE%\*.* ><!--colorc--></span><!--/colorc-->
[2010/01/09 03:11:20 | 000,011,238 | ---- | M] () -- C:\aaw7boot.log
[2007/11/03 22:46:22 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/11/03 22:41:40 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/01/26 17:55:36 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2007/11/03 22:46:22 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/11/03 22:46:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/01/22 19:17:44 | 000,001,630 | ---- | M] () -- C:\lxcy.log
[2010/01/22 19:17:42 | 000,000,505 | ---- | M] () -- C:\lxcyscan.log
[2008/03/20 19:48:55 | 000,012,063 | ---- | M] () -- C:\Mike work chart.odt
[2007/11/03 22:46:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 22:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/16 09:11:29 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/22 16:46:44 | 1560,281,088 | -HS- | M] () -- C:\pagefile.sys
[2007/11/13 09:07:33 | 000,000,146 | ---- | M] () -- C:\YServer.txt

<!--coloro:#A23BEC--><span style="color:#A23BEC"><!--/coloro-->< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll ><!--colorc--></span><!--/colorc-->
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/02/27 20:15:28 | 000,115,200 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdxdrpp.dll

<!--coloro:#A23BEC--><span style="color:#A23BEC"><!--/coloro-->< %systemroot%\*. /mp /s ><!--colorc--></span><!--/colorc-->

<!--coloro:#A23BEC--><span style="color:#A23BEC"><!--/coloro-->< %systemroot%\system32\*.dll /lockedfiles ><!--colorc--></span><!--/colorc-->

<!--coloro:#A23BEC--><span style="color:#A23BEC"><!--/coloro-->< %systemroot%\Tasks\*.job /lockedfiles ><!--colorc--></span><!--/colorc-->

<!--coloro:#A23BEC--><span style="color:#A23BEC"><!--/coloro-->< %systemroot%\System32\config\*.sav ><!--colorc--></span><!--/colorc-->
[2007/11/03 17:35:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/11/03 17:35:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/11/03 17:35:09 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

<!--coloro:#A23BEC--><span style="color:#A23BEC"><!--/coloro-->< %systemroot%\system32\user32.dll /md5 ><!--colorc--></span><!--/colorc-->
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

<!--coloro:#A23BEC--><span style="color:#A23BEC"><!--/coloro-->< %systemroot%\system32\ws2_32.dll /md5 ><!--colorc--></span><!--/colorc-->
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

<!--coloro:#A23BEC--><span style="color:#A23BEC"><!--/coloro-->< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU ><!--colorc--></span><!--/colorc-->

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Files - Unicode (All) ==========<!--colorc--></span><!--/colorc-->
[2010/01/24 20:54:46 | 000,000,000 | ---- | M] ()(C:\WINDOWS\System32\drivers\??????????.sys) -- C:\WINDOWS\System32\drivers\浍湉ࢰ蘽륀聕뀈蘿蘼.sys
[2010/01/24 20:54:46 | 000,000,000 | ---- | C] ()(C:\WINDOWS\System32\drivers\??????????.sys) -- C:\WINDOWS\System32\drivers\浍湉ࢰ蘽륀聕뀈蘿蘼.sys

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Alternate Data Streams ==========<!--colorc--></span><!--/colorc-->

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

-----------------------------------------

OTL Extras logfile created on: 6/22/2010 6:04:28 PM - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\End User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

990.00 Mb Total Physical Memory | 404.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 68.51 Gb Free Space | 61.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: END-5EB8223EDBA
Current User Name: End User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Extra Registry (SafeList) ==========<!--colorc--></span><!--/colorc-->


<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== File Associations ==========<!--colorc--></span><!--/colorc-->

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Shell Spawning ==========<!--colorc--></span><!--/colorc-->

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Security Center Settings ==========<!--colorc--></span><!--/colorc-->

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Authorized Applications List ==========<!--colorc--></span><!--/colorc-->

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Documents and Settings\End User\My Documents\Mike's MP3's\LimeWire\LimeWire.exe" = C:\Documents and Settings\End User\My Documents\Mike's MP3's\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire -- (FrostWire Group)
"C:\Program Files\remoteAP\phone.exe" = C:\Program Files\remoteAP\phone.exe:*:Enabled:phone -- ()
"C:\WINDOWS\system32\lxdxcoms.exe" = C:\WINDOWS\system32\lxdxcoms.exe:*:Enabled:3600-4600 Series Server -- ( )
"C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe" = C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxpswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxtime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxjswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Lexmark 3600-4600 Series\lxdxlscn.exe" = C:\Program Files\Lexmark 3600-4600 Series\lxdxlscn.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxwbgw.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxwbgw.exe:*:Enabled:Lexmark Web Gateway -- ()


<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== HKEY_LOCAL_MACHINE Uninstall List ==========<!--colorc--></span><!--/colorc-->

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C03FBE-4492-4133-BBAB-421CD88ADA32}" = OpenOffice.org 2.3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B3B4E8E4-E2A4-11D6-8D31-00105A629F49}" = eMedia Guitar Method
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB360AE2-CF24-420B-8E31-7597E9499DD2}" = Zoom Cable Modem
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"1Click DVD Copy 5_is1" = 1Click DVD Copy 5.8.5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agnitum Outpost Firewall_is1" = Outpost Firewall 2009
"AVG9Uninstall" = AVG Free 9.0
"BearShare" = BearShare
"BearShare MediaBar" = MediaBar
"DVD43_is1" = DVD43 v4.6.0
"ERUNT_is1" = ERUNT 1.1j
"evfpzvmakmzlg" = RON Tool Netupbanner
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Lexmark 3600-4600 Series" = Lexmark 3600-4600 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"parentalcontrol" = Parental Control Toolbar
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Verizon Online DSL_is1" = Verizon Online DSL
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar

<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Last 10 Event Log Errors ==========<!--colorc--></span><!--/colorc-->

[ Application Events ]
Error - 12/21/2009 1:05:02 PM | Computer Name = END-5EB8223EDBA | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3622, faulting module
unknown, version 0.0.0.0, fault address 0x76f2345a.

Error - 12/21/2009 1:19:14 PM | Computer Name = END-5EB8223EDBA | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x71ab2a6f.

Error - 12/21/2009 1:20:52 PM | Computer Name = END-5EB8223EDBA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x76f2345a.

Error - 12/21/2009 1:21:11 PM | Computer Name = END-5EB8223EDBA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x3d943480.

Error - 12/29/2009 8:39:21 PM | Computer Name = END-5EB8223EDBA | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 12/30/2009 10:04:42 PM | Computer Name = END-5EB8223EDBA | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BF from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 12/30/2009 10:04:42 PM | Computer Name = END-5EB8223EDBA | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 12/30/2009 11:22:12 PM | Computer Name = END-5EB8223EDBA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 1/19/2010 3:35:06 PM | Computer Name = END-5EB8223EDBA | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x01b6c11c.

Error - 1/20/2010 7:10:54 AM | Computer Name = END-5EB8223EDBA | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0011977c.

[ System Events ]
Error - 6/21/2010 5:25:50 PM | Computer Name = END-5EB8223EDBA | Source = Service Control Manager | ID = 7031
Description = The AVG Free WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 6/21/2010 5:25:53 PM | Computer Name = END-5EB8223EDBA | Source = Service Control Manager | ID = 7034
Description = The lxdx_device service terminated unexpectedly. It has done this
1 time(s).

Error - 6/21/2010 5:25:53 PM | Computer Name = END-5EB8223EDBA | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/22/2010 1:52:41 PM | Computer Name = END-5EB8223EDBA | Source = Service Control Manager | ID = 7000
Description = The Avira Upgrade Service service failed to start due to the following
error: %%3

Error - 6/22/2010 4:37:39 PM | Computer Name = END-5EB8223EDBA | Source = Service Control Manager | ID = 7031
Description = The AVG Free WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 6/22/2010 4:37:39 PM | Computer Name = END-5EB8223EDBA | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 6/22/2010 4:37:43 PM | Computer Name = END-5EB8223EDBA | Source = Service Control Manager | ID = 7034
Description = The lxdxCATSCustConnectService service terminated unexpectedly. It
has done this 1 time(s).

Error - 6/22/2010 4:37:43 PM | Computer Name = END-5EB8223EDBA | Source = Service Control Manager | ID = 7034
Description = The lxdx_device service terminated unexpectedly. It has done this
1 time(s).

Error - 6/22/2010 4:37:43 PM | Computer Name = END-5EB8223EDBA | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/22/2010 4:48:04 PM | Computer Name = END-5EB8223EDBA | Source = Service Control Manager | ID = 7000
Description = The Avira Upgrade Service service failed to start due to the following
error: %%3


< End of report >

--------------------------------------

Malwarebytes' Anti-Malware 1.44
Database version: 3817
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/22/2010 4:16:55 PM
mbam-log-2010-06-22 (16-16-55).txt

Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 180494
Time elapsed: 33 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-----------------------------------------------

GMER 1.0.15.15281 - <a href="http://www.gmer.net" target="_blank">http://www.gmer.net</a>
Rootkit scan 2010-06-22 18:02:13
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ENDUSE~1\LOCALS~1\Temp\kfadiaow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xF33CCA60]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xF33B1BF0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xF33CE920]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xF33ADF60]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateKey [0xF33B9090]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xF33C52B0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xF33C5BB0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0xF33ACD10]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xF33B8E40]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateThread [0xF33C3D70]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDebugActiveProcess [0xF33D1F30]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xF33B7B20]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteKey [0xF33BA900]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteValueKey [0xF33C13A0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadDriver [0xF33C2BB0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xF33B86B0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xF33B0C10]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xF33B9FC0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenProcess [0xF33C7CA0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xF33AD580]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenThread [0xF33C7060]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xF33CDDA0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xF33B28A0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xF33BC750]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xF33BCFA0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xF33CBED0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xF33C0590]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwReplaceKey [0xF33BE500]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xF33D0A50]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xF33D0D70]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRestoreKey [0xF33BFD20]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xF33BEC80]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xF33BF4D0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xF33CF480]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xF33CB440]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationDebugObject [0xF33D2520]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xF33B3BF0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xF33C21C0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetValueKey [0xF33BD820]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xF33CA190]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xF33CAAC0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xF33D1770]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateProcess [0xF33C8790]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xF33C9620]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xF33C3530]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwWriteVirtualMemory [0xF33CD2B0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 23E8 80501C20 4 Bytes JMP 8E890F61
.text ntkrnlpa.exe!ZwCallbackReturn + 2760 80501F98 12 Bytes [90, A1, 3C, F3, C0, AA, 3C, ...]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5E72360, 0x200B6D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[248] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 00C8A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[248] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 00C8A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[248] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 00C8A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[248] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 00C8A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[264] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0059EB4C C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[264] kernel32.dll!LoadResource 7C80A055 5 Bytes JMP 0059E828 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[264] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 0059EA88 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[264] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0059EB20 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[264] USER32.dll!EnableWindow 7E429849 5 Bytes JMP 011A944C C:\PROGRA~1\Agnitum\OUTPOS~1\op_cmn.dll (Outpost Common Controls Library/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[264] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 0059EAF4 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\Program Files\dvd43\dvd43_tray.exe[280] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 00B6A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\dvd43\dvd43_tray.exe[280] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 00B6A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\dvd43\dvd43_tray.exe[280] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 00B6A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\dvd43\dvd43_tray.exe[280] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 00B6A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[340] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 007DA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[340] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 007DA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[340] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 007DA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[340] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 007DA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[384] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 0094A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[384] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 0094A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[384] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 0094A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[384] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 0094A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[516] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 00AEA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[516] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 00AEA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[516] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 00AEA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[516] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 00AEA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[552] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 007DA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[552] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 007DA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[552] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 007DA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[552] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 007DA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[576] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 00F2A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[576] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 00F2A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[576] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 00F2A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[576] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 00F2A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\lxdxcoms.exe[632] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 00B2A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\lxdxcoms.exe[632] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 00B2A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\lxdxcoms.exe[632] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 00B2A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\lxdxcoms.exe[632] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 00B2A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[1244] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 0091A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[1244] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 0091A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[1244] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 0091A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[1244] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 0091A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\End User\My Documents\Downloads\gmer\gmer.exe[1280] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 00B4A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\End User\My Documents\Downloads\gmer\gmer.exe[1280] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 00B4A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\End User\My Documents\Downloads\gmer\gmer.exe[1280] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 00B4A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\End User\My Documents\Downloads\gmer\gmer.exe[1280] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 00B4A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[1348] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 00522570 C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe (Agnitum Outpost Service/Agnitum Ltd.)
.text C:\WINDOWS\system32\nvsvc32.exe[1356] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 007BA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\nvsvc32.exe[1356] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 007BA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\nvsvc32.exe[1356] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 007BA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\nvsvc32.exe[1356] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 007BA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1420] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 0080A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1420] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 0080A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1420] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 0080A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1420] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 0080A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1484] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 0087A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1484] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 0087A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1484] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 0087A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1484] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 0087A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[1568] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 0094A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[1568] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 0094A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[1568] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 0094A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[1568] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 0094A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1696] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 0058A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1696] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 0058A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1696] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 0058A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1696] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 0058A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1804] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 0069A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1804] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 0069A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1804] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 0069A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1804] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 0069A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2000] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 00B9A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2000] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 00B9A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2000] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 00B9A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2000] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 00B9A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgnsx.exe[2468] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 00DAA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgnsx.exe[2468] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 00DAA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgnsx.exe[2468] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 00DAA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgnsx.exe[2468] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 00DAA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\explorer.exe[3052] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 0094A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\explorer.exe[3052] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 0094A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\explorer.exe[3052] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 0094A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\explorer.exe[3052] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 0094A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3832] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3832] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 00F9A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3832] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 00F9A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3832] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 00F9A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3832] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 00F9A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-16 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort0 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort1 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort2 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort3 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort4 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort5 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\IPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Edited by admin, 08 August 2010 - 06:20 PM.

  • 0

Advertisements

#2
mpascal
Posted 02 July 2010 - 12:08 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi mooshell9174,

Welcome to Geeks To Go!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.
Sorry for the delay. The forums here get very busy and sometimes topics get overlooked.

As it has been a few days, I'm going to need some fresh logs. Please run the following:

STEP 1 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 2 - GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.

STEP 3 - OTL

Open OTL. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Change the Standard Registry and Extra Registry options to Use Safelist.
  • Check the boxes beside LOP Check and Purity Check.
  • In the Custom Scans box, copy and paste the following:
    netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window. OTL.Txt.This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.
STEP 4 - Reply

Please reply with the following logs:
  • MBAM Log
  • OTL Log
  • GMER Log

  • 0

#3
mooshell9174
Posted 02 July 2010 - 07:12 PM

mooshell9174

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4268

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/2/2010 3:16:30 PM
mbam-log-2010-07-02 (15-16-30).txt

Scan type: Quick scan
Objects scanned: 118402
Time elapsed: 5 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

-------------------------------------------------------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-02 20:30:02
Windows 5.1.2600 Service Pack 3
Running: qpikdcjd.exe; Driver: C:\DOCUME~1\ENDUSE~1\LOCALS~1\Temp\kfadiaod.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xF1E7DA60]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xF1E62BF0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xF1E7F920]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xF1E5EF60]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateKey [0xF1E6A090]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xF1E762B0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xF1E76BB0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0xF1E5DD10]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xF1E69E40]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateThread [0xF1E74D70]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDebugActiveProcess [0xF1E82F30]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xF1E68B20]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteKey [0xF1E6B900]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteValueKey [0xF1E723A0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadDriver [0xF1E73BB0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xF1E696B0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xF1E61C10]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xF1E6AFC0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenProcess [0xF1E78CA0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xF1E5E580]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenThread [0xF1E78060]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xF1E7EDA0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xF1E638A0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xF1E6D750]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xF1E6DFA0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xF1E7CED0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xF1E71590]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwReplaceKey [0xF1E6F500]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xF1E81A50]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xF1E81D70]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRestoreKey [0xF1E70D20]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xF1E6FC80]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xF1E704D0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xF1E80480]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xF1E7C440]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationDebugObject [0xF1E83520]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xF1E64BF0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xF1E731C0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetValueKey [0xF1E6E820]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xF1E7B190]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xF1E7BAC0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xF1E82770]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateProcess [0xF1E79790]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xF1E7A620]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xF1E74530]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwWriteVirtualMemory [0xF1E7E2B0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2688 80501EC0 8 Bytes CALL 686D8FB6
.text ntkrnlpa.exe!ZwCallbackReturn + 26E8 80501F20 8 Bytes CALL 669C1016
.text ntkrnlpa.exe!ZwCallbackReturn + 2748 80501F80 4 Bytes CALL 94C9116B
.text ntkrnlpa.exe!ZwCallbackReturn + 2760 80501F98 12 Bytes [90, B1, E7, F1, C0, BA, E7, ...] {NOP ; MOV CL, 0xe7; INT1 ; SAR BYTE [EDX+0x2770f1e7], 0xe8; INT1 }
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6024360, 0x200B6D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[460] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[460] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 00F9A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[460] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 00F9A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[460] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 00F9A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[460] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 00F9A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\nvsvc32.exe[492] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 007BA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\nvsvc32.exe[492] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 007BA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\nvsvc32.exe[492] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 007BA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\nvsvc32.exe[492] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 007BA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[500] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 00F2A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[500] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 00F2A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[500] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 00F2A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[500] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 00F2A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[1168] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 0091A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[1168] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 0091A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[1168] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 0091A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[1168] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 0091A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1428] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 00DAA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1428] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 00DAA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1428] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 00DAA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgnsx.exe[1428] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 00DAA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1452] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 0080A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1452] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 0080A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1452] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 0080A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1452] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 0080A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1556] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 007DA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1556] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 007DA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1556] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 007DA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1556] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 007DA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1652] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 007DA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1652] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 007DA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1652] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 007DA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[1652] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 007DA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1672] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 0058A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1672] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 0058A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1672] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 0058A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1672] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 0058A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1732] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 0069A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1732] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 0069A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1732] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 0069A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1732] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 0069A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\lxdxcoms.exe[1816] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 00B2A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\lxdxcoms.exe[1816] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 00B2A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\lxdxcoms.exe[1816] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 00B2A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\lxdxcoms.exe[1816] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 00B2A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wscntfy.exe[2092] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 008AA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wscntfy.exe[2092] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 008AA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wscntfy.exe[2092] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 008AA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wscntfy.exe[2092] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 008AA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\End User\My Documents\Downloads\qpikdcjd.exe[2180] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 00B4A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\End User\My Documents\Downloads\qpikdcjd.exe[2180] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 00B4A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\End User\My Documents\Downloads\qpikdcjd.exe[2180] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 00B4A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\End User\My Documents\Downloads\qpikdcjd.exe[2180] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 00B4A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[2336] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 0094A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[2336] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 0094A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[2336] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 0094A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[2336] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 0094A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2800] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 00B9A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2800] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 00B9A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2800] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 00B9A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2800] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 00B9A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\dvd43\dvd43_tray.exe[2860] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 00B6A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\dvd43\dvd43_tray.exe[2860] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 00B6A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\dvd43\dvd43_tray.exe[2860] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 00B6A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\dvd43\dvd43_tray.exe[2860] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 00B6A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[3008] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 0094A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[3008] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 0094A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[3008] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 0094A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[3008] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 0094A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[3072] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 00AEA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[3072] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 00AEA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[3072] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 00AEA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[3072] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 00AEA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F5ED4906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F5ED4906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F5ED4906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F5ED4906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F5ED4906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F5ED4906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter] [F5ED4906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F5ED4906] \SystemRoot\system32\drivers\afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-16 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort0 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort1 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort2 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort3 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort4 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort5 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\IPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


--------------------------------------------------------------------------------

OTL logfile created on: 7/2/2010 8:40:11 PM - Run 2
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\End User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

990.00 Mb Total Physical Memory | 474.00 Mb Available Physical Memory | 48.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 68.20 Gb Free Space | 61.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: END-5EB8223EDBA
Current User Name: End User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\End User\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\dvd43\DVD43_Tray.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\lxdxcoms.exe ( )
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxserv.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\End User\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirUpgradeService) -- File not found
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (acssrv) -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe (Agnitum Ltd.)
SRV - (lxdx_device) -- C:\WINDOWS\System32\lxdxcoms.exe ( )
SRV - (lxdxCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe ()


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (dvd43llh) -- C:\WINDOWS\system32\drivers\dvd43llh.sys (RIF)
DRV - (浍湉ࢰ蘽륀聕뀈蘿蘼) -- C:\WINDOWS\system32\drivers\浍湉ࢰ蘽륀聕뀈蘿蘼.sys [WARNING: C:\WINDOWS\system32\drivers\??????????.sys] ()
DRV - (SandBox) -- C:\WINDOWS\system32\drivers\SandBox.sys (Agnitum Ltd.)
DRV - (afw) -- C:\WINDOWS\system32\drivers\afw.sys (Agnitum Ltd.)
DRV - (afwcore) -- C:\WINDOWS\system32\drivers\afwcore.sys (Agnitum Ltd.)
DRV - (USB_RNDIS_XP) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.bing.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.97
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/02 18:30:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/28 08:19:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/28 08:19:12 | 000,000,000 | ---D | M]

[2010/01/24 11:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Mozilla\Extensions
[2010/01/21 23:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\7y8wpos9.default\extensions
[2010/01/24 11:40:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\7y8wpos9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/02 19:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\hvqr0waw.default\extensions
[2010/04/27 16:51:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\hvqr0waw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/25 16:45:13 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\hvqr0waw.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/05/04 14:24:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\hvqr0waw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/02 18:28:58 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\hvqr0waw.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2009/12/03 11:54:24 | 000,002,476 | ---- | M] () -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\hvqr0waw.default\searchplugins\BearShareWebSearch.xml
[2010/07/02 19:51:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2009/12/03 11:54:24 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml

O1 HOSTS File: ([2010/01/29 18:36:43 | 000,619,896 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 data2.activshopper.com #[Trackware.ActivShopper]
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 16418 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Parental Control Toolbar) - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - C:\Program Files\parentalcontrol\parentalcontrol.dll ()
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll ()
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O3 - HKLM\..\Toolbar: (Parental Control Toolbar) - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - C:\Program Files\parentalcontrol\parentalcontrol.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Parental Control Toolbar) - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - C:\Program Files\parentalcontrol\parentalcontrol.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMultiIE = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWB = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWC = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWD = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWE = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWF = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWG = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWH = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWI = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWJ = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWK = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWM = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWN = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWO = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWP = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWQ = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWR = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWS = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWT = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWU = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWV = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWW = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWX = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWY = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWZ = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1194199305268 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1202609130078 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FBEBF3DD-EF0E-44D3-9194-E8B3FDA9EBF8} http://67.221.122.133/WebCamX.cab (WebCamX Control)
O16 - DPF: vzTCPConfig http://www2.verizon....vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll) - C:\Program Files\BearShare Applications\MediaBar\DataMngr\datamngr.dll ()
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\End User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\End User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/03 22:46:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/11/03 22:45:54 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mp42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/02 20:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\End User\Application Data\AVG8
[2010/06/09 15:06:36 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/06/07 08:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/01/22 18:52:02 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDXhcp.dll
[2010/01/22 18:52:01 | 001,105,920 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxserv.dll
[2010/01/22 18:52:01 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxusb1.dll
[2010/01/22 18:52:01 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxinpa.dll
[2010/01/22 18:52:01 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxiesc.dll
[2010/01/22 18:52:00 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxpmui.dll
[2010/01/22 18:52:00 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxprox.dll
[2010/01/22 18:51:59 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxlmpm.dll
[2010/01/22 18:51:58 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxhbn3.dll
[2010/01/22 18:51:56 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomc.dll
[2010/01/22 18:51:56 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomm.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/02 20:41:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A03861EE-BCF6-44A1-95B0-4E302B7FDA1D}.job
[2010/07/02 20:37:09 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\End User\NTUSER.DAT
[2010/07/02 15:04:44 | 000,034,972 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/02 15:04:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/02 14:59:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/02 14:59:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/02 14:50:21 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\End User\ntuser.ini
[2010/07/02 14:50:16 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\End User\Local Settings\Application Data\IconCache.db
[2010/07/02 14:50:06 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\End User\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/07/02 14:21:31 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{63677EAF-870D-4C0B-B179-923662675D6D}.job
[2010/07/02 13:51:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\End User\Local Settings\Application Data\prvlcl.dat
[2010/07/02 09:57:03 | 061,580,418 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/01 17:46:35 | 000,027,054 | ---- | M] () -- C:\Documents and Settings\End User\Desktop\image.jpg
[2010/07/01 17:38:40 | 000,046,204 | ---- | M] () -- C:\Documents and Settings\End User\Desktop\mr image.jpg
[2010/07/01 17:38:40 | 000,042,750 | ---- | M] () -- C:\Documents and Settings\End User\Desktop\mr image 4.jpg
[2010/07/01 17:37:04 | 000,047,040 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\image.jpg
[2010/07/01 17:37:04 | 000,046,204 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\mr image.jpg
[2010/07/01 17:37:04 | 000,042,750 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\mr image 4.jpg
[2010/06/28 20:36:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/23 21:13:14 | 000,010,446 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\BJ quotes.odt
[2010/06/22 16:34:30 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\End User\Desktop\NTREGOPT.lnk
[2010/06/22 16:34:30 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\End User\Desktop\ERUNT.lnk
[2010/06/22 16:21:03 | 000,501,780 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/22 16:21:03 | 000,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/22 16:21:03 | 000,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/09 17:40:07 | 000,106,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/09 17:14:51 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/06 15:46:15 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\End User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/01 14:36:20 | 000,047,040 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\image.jpg
[2010/07/01 14:36:20 | 000,046,204 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\mr image.jpg
[2010/07/01 14:36:20 | 000,046,204 | ---- | C] () -- C:\Documents and Settings\End User\Desktop\mr image.jpg
[2010/07/01 14:36:20 | 000,042,750 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\mr image 4.jpg
[2010/07/01 14:36:20 | 000,042,750 | ---- | C] () -- C:\Documents and Settings\End User\Desktop\mr image 4.jpg
[2010/07/01 14:36:20 | 000,027,054 | ---- | C] () -- C:\Documents and Settings\End User\Desktop\image.jpg
[2010/06/23 21:13:13 | 000,010,446 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\BJ quotes.odt
[2010/01/22 18:54:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdxvs.dll
[2010/01/22 18:54:44 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\lxdxcoin.dll
[2010/01/22 18:53:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdxcaps.dll
[2010/01/22 18:53:37 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdxdrs.dll
[2010/01/22 18:53:37 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdxcnv4.dll
[2010/01/22 18:52:20 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdxrwrd.ini
[2010/01/22 18:52:02 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDXinst.dll
[2010/01/22 18:51:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdxgrd.dll
[2009/01/15 18:01:54 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/10/09 14:35:38 | 000,801,792 | ---- | C] () -- C:\WINDOWS\System32\NVD110.dll
[2008/10/09 14:35:38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\NVD410.dll
[2008/10/09 14:35:38 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\NVD210.dll
[2008/10/09 14:35:38 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\NVD510.dll
[2008/09/09 13:20:38 | 000,417,792 | ---- | C] () -- C:\WINDOWS\System32\RTClientSDK71.dll
[2008/09/09 13:20:38 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\decode.dll
[2008/09/09 13:20:38 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\NetworkAPI.dll
[2008/09/09 13:20:38 | 000,001,147 | ---- | C] () -- C:\WINDOWS\System32\IPCamera.ini
[2008/02/09 02:25:44 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/02/09 02:02:27 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/02/09 02:02:27 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/11/24 16:48:25 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/10 11:28:57 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2007/11/10 11:28:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2007/09/17 02:07:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/09/17 02:07:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/09/17 02:07:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/09/17 02:07:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/09/17 02:07:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/09/17 02:07:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/28 19:09:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

========== LOP Check ==========

[2010/02/08 21:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy
[2010/01/29 19:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2009/01/03 11:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2010/01/29 19:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/07 09:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2007/11/04 14:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2010/01/11 20:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/12/07 09:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2008/01/15 07:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/02/09 21:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/06 19:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R
[2010/04/24 19:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/02/08 01:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/04/24 19:04:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/02/02 18:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\BearShare
[2010/06/02 14:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\bearsharemediabartb
[2008/02/15 11:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\FrostWire
[2007/11/04 14:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Infineon
[2009/12/16 22:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\IObit
[2010/01/22 19:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Lexmark Productivity Studio
[2009/12/12 07:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\LimeWire
[2008/05/07 13:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\ParentalControl
[2009/12/07 09:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\ParetoLogic
[2009/12/31 00:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Simply Super Software
[2008/06/03 23:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Snapfish
[2010/04/24 19:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\TuneUp Software
[2010/02/08 00:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Vso
[2010/07/02 14:21:31 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{63677EAF-870D-4C0B-B179-923662675D6D}.job
[2010/07/02 20:41:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A03861EE-BCF6-44A1-95B0-4E302B7FDA1D}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/01/09 03:11:20 | 000,011,238 | ---- | M] () -- C:\aaw7boot.log
[2007/11/03 22:46:22 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/11/03 22:41:40 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/01/26 17:55:36 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2007/11/03 22:46:22 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/11/03 22:46:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/01/22 19:17:44 | 000,001,630 | ---- | M] () -- C:\lxcy.log
[2010/01/22 19:17:42 | 000,000,505 | ---- | M] () -- C:\lxcyscan.log
[2008/03/20 19:48:55 | 000,012,063 | ---- | M] () -- C:\Mike work chart.odt
[2007/11/03 22:46:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 22:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/16 09:11:29 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/02 14:58:13 | 1560,281,088 | -HS- | M] () -- C:\pagefile.sys
[2007/11/13 09:07:33 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/02/27 20:15:28 | 000,115,200 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdxdrpp.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/11/03 17:35:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/11/03 17:35:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/11/03 17:35:09 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-09 21:15:07

========== Files - Unicode (All) ==========
[2010/01/24 20:54:46 | 000,000,000 | ---- | M] ()(C:\WINDOWS\System32\drivers\??????????.sys) -- C:\WINDOWS\System32\drivers\浍湉ࢰ蘽륀聕뀈蘿蘼.sys
[2010/01/24 20:54:46 | 000,000,000 | ---- | C] ()(C:\WINDOWS\System32\drivers\??????????.sys) -- C:\WINDOWS\System32\drivers\浍湉ࢰ蘽륀聕뀈蘿蘼.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
  • 0

#4
mpascal
Posted 02 July 2010 - 09:56 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi there,

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    :OTL
DRV - (浍湉ࢰ蘽륀聕뀈蘿蘼) -- C:\WINDOWS\system32\drivers\浍湉ࢰ蘽륀聕뀈蘿蘼.sys [WARNING: C:\WINDOWS\system32\drivers\??????????.sys] ()
[2010/07/02 13:51:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\End User\Local Settings\Application Data\prvlcl.dat

:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Open up OTL and push the Quickscan button. Post the resulting log here.

  • 0

#5
mooshell9174
Posted 04 July 2010 - 04:48 PM

mooshell9174

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
OTL logfile created on: 7/4/2010 6:42:59 PM - Run 3
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\End User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

990.00 Mb Total Physical Memory | 424.00 Mb Available Physical Memory | 43.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 68.21 Gb Free Space | 61.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: END-5EB8223EDBA
Current User Name: End User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\End User\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgupd.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\dvd43\DVD43_Tray.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\lxdxcoms.exe ( )
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxserv.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\End User\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirUpgradeService) -- File not found
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (acssrv) -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe (Agnitum Ltd.)
SRV - (lxdx_device) -- C:\WINDOWS\System32\lxdxcoms.exe ( )
SRV - (lxdxCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe ()


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (dvd43llh) -- C:\WINDOWS\system32\drivers\dvd43llh.sys (RIF)
DRV - (SandBox) -- C:\WINDOWS\system32\drivers\SandBox.sys (Agnitum Ltd.)
DRV - (afw) -- C:\WINDOWS\system32\drivers\afw.sys (Agnitum Ltd.)
DRV - (afwcore) -- C:\WINDOWS\system32\drivers\afwcore.sys (Agnitum Ltd.)
DRV - (USB_RNDIS_XP) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.bing.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.97
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/02 18:30:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/28 08:19:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/28 08:19:12 | 000,000,000 | ---D | M]

[2010/01/24 11:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Mozilla\Extensions
[2010/01/21 23:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\7y8wpos9.default\extensions
[2010/01/24 11:40:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\7y8wpos9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/03 20:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\hvqr0waw.default\extensions
[2010/04/27 16:51:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\hvqr0waw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/25 16:45:13 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\hvqr0waw.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/05/04 14:24:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\hvqr0waw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/02 18:28:58 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\hvqr0waw.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2009/12/03 11:54:24 | 000,002,476 | ---- | M] () -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\hvqr0waw.default\searchplugins\BearShareWebSearch.xml
[2010/07/03 20:39:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2009/12/03 11:54:24 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml

O1 HOSTS File: ([2010/01/29 18:36:43 | 000,619,896 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 data2.activshopper.com #[Trackware.ActivShopper]
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 16418 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Parental Control Toolbar) - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - C:\Program Files\parentalcontrol\parentalcontrol.dll ()
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll ()
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O3 - HKLM\..\Toolbar: (Parental Control Toolbar) - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - C:\Program Files\parentalcontrol\parentalcontrol.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Parental Control Toolbar) - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - C:\Program Files\parentalcontrol\parentalcontrol.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMultiIE = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWB = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWC = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWD = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWE = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWF = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWG = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWH = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWI = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWJ = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWK = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWM = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWN = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWO = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWP = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWQ = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWR = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWS = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWT = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWU = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWV = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWW = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWX = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWY = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWZ = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1194199305268 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1202609130078 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FBEBF3DD-EF0E-44D3-9194-E8B3FDA9EBF8} http://67.221.122.133/WebCamX.cab (WebCamX Control)
O16 - DPF: vzTCPConfig http://www2.verizon....vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll) - C:\Program Files\BearShare Applications\MediaBar\DataMngr\datamngr.dll ()
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\End User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\End User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/03 22:46:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/04 18:29:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/02 20:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\End User\Application Data\AVG8
[2010/06/07 08:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/05/18 11:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/05/18 11:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/24 19:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\End User\Application Data\TuneUp Software
[2010/04/24 19:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010
[2010/04/24 19:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/04/24 19:04:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/01/22 18:52:02 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDXhcp.dll
[2010/01/22 18:52:01 | 001,105,920 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxserv.dll
[2010/01/22 18:52:01 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxusb1.dll
[2010/01/22 18:52:01 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxinpa.dll
[2010/01/22 18:52:01 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxiesc.dll
[2010/01/22 18:52:00 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxpmui.dll
[2010/01/22 18:52:00 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxprox.dll
[2010/01/22 18:51:59 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxlmpm.dll
[2010/01/22 18:51:58 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxhbn3.dll
[2010/01/22 18:51:56 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomc.dll
[2010/01/22 18:51:56 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomm.dll
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/04 18:46:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A03861EE-BCF6-44A1-95B0-4E302B7FDA1D}.job
[2010/07/04 18:44:14 | 061,649,149 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/04 18:40:22 | 000,034,972 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/04 18:39:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/04 18:39:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/04 18:39:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/04 18:30:01 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\End User\NTUSER.DAT
[2010/07/04 18:30:01 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\End User\ntuser.ini
[2010/07/04 15:23:45 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{63677EAF-870D-4C0B-B179-923662675D6D}.job
[2010/07/02 21:15:09 | 005,361,130 | -H-- | M] () -- C:\Documents and Settings\End User\Local Settings\Application Data\IconCache.db
[2010/07/02 14:50:06 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\End User\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/07/01 17:46:35 | 000,027,054 | ---- | M] () -- C:\Documents and Settings\End User\Desktop\image.jpg
[2010/07/01 17:38:40 | 000,046,204 | ---- | M] () -- C:\Documents and Settings\End User\Desktop\mr image.jpg
[2010/07/01 17:38:40 | 000,042,750 | ---- | M] () -- C:\Documents and Settings\End User\Desktop\mr image 4.jpg
[2010/07/01 17:37:04 | 000,047,040 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\image.jpg
[2010/07/01 17:37:04 | 000,046,204 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\mr image.jpg
[2010/07/01 17:37:04 | 000,042,750 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\mr image 4.jpg
[2010/06/28 20:36:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/23 21:13:14 | 000,010,446 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\BJ quotes.odt
[2010/06/22 16:34:30 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\End User\Desktop\NTREGOPT.lnk
[2010/06/22 16:34:30 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\End User\Desktop\ERUNT.lnk
[2010/06/22 16:21:03 | 000,501,780 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/22 16:21:03 | 000,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/22 16:21:03 | 000,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/09 17:40:07 | 000,106,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/09 17:14:51 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/06 15:46:15 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\End User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/02 18:37:50 | 000,026,064 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Box cake recipe.odt
[2010/06/02 09:17:36 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/02 09:17:35 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/31 22:24:51 | 000,032,686 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Envelope Address format.odt
[2010/05/31 22:12:42 | 000,149,152 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\BJs 4th Bday invite.odt
[2010/05/27 15:52:18 | 000,045,042 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\grad.odt
[2010/05/27 15:50:27 | 000,031,707 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\graduation_2.gif
[2010/05/27 14:28:29 | 000,034,558 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Address.odt
[2010/05/19 12:19:49 | 001,084,484 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\BJs 4th Bday invite 2.odt
[2010/05/18 11:24:51 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/05/15 20:16:25 | 000,000,619 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\lion simba circle.map
[2010/05/15 20:10:41 | 000,034,753 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Lion-King-simba grass.jpg
[2010/05/15 20:08:51 | 000,062,684 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\LionKingCliff.gif
[2010/05/15 20:08:12 | 000,029,723 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\the_lion_king_pride rock.jpg
[2010/05/14 19:02:07 | 000,017,718 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Core snacks.odt
[2010/05/12 21:20:09 | 000,028,079 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\lionking-simbacub.jpg
[2010/05/12 21:19:00 | 000,020,700 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\lionking20.gif
[2010/05/12 21:14:23 | 000,021,568 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\simbacub.gif
[2010/05/07 18:22:24 | 002,362,112 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Canon PowerShot S3 advanced manual.pdf
[2010/05/07 18:21:00 | 001,255,270 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Canon PowereShot S3 basic manual.pdf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/24 19:26:45 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\End User\NTUSER.DAT_tureg_old
[2010/04/19 22:19:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/08 20:34:18 | 000,018,141 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Please fill out on 2nd line & return to [email protected](2)(2).ods
[2010/04/06 21:04:43 | 000,017,448 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Please fill out on 2nd line & return to [email protected](2).ods
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/01 14:36:20 | 000,047,040 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\image.jpg
[2010/07/01 14:36:20 | 000,046,204 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\mr image.jpg
[2010/07/01 14:36:20 | 000,046,204 | ---- | C] () -- C:\Documents and Settings\End User\Desktop\mr image.jpg
[2010/07/01 14:36:20 | 000,042,750 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\mr image 4.jpg
[2010/07/01 14:36:20 | 000,042,750 | ---- | C] () -- C:\Documents and Settings\End User\Desktop\mr image 4.jpg
[2010/07/01 14:36:20 | 000,027,054 | ---- | C] () -- C:\Documents and Settings\End User\Desktop\image.jpg
[2010/06/23 21:13:13 | 000,010,446 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\BJ quotes.odt
[2010/06/02 18:37:49 | 000,026,064 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Box cake recipe.odt
[2010/05/31 22:24:50 | 000,032,686 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Envelope Address format.odt
[2010/05/27 15:52:16 | 000,045,042 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\grad.odt
[2010/05/27 15:50:27 | 000,031,707 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\graduation_2.gif
[2010/05/27 14:14:04 | 000,034,558 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Address.odt
[2010/05/19 12:16:19 | 001,084,484 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\BJs 4th Bday invite 2.odt
[2010/05/18 11:24:51 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/05/15 20:16:25 | 000,000,619 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\lion simba circle.map
[2010/05/15 20:10:41 | 000,034,753 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Lion-King-simba grass.jpg
[2010/05/15 20:08:51 | 000,062,684 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\LionKingCliff.gif
[2010/05/15 20:08:11 | 000,029,723 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\the_lion_king_pride rock.jpg
[2010/05/14 19:02:07 | 000,017,718 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Core snacks.odt
[2010/05/13 15:44:39 | 000,149,152 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\BJs 4th Bday invite.odt
[2010/05/12 21:20:08 | 000,028,079 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\lionking-simbacub.jpg
[2010/05/12 21:19:00 | 000,020,700 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\lionking20.gif
[2010/05/12 21:14:22 | 000,021,568 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\simbacub.gif
[2010/05/12 17:01:02 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/07 18:22:24 | 002,362,112 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Canon PowerShot S3 advanced manual.pdf
[2010/05/07 18:21:00 | 001,255,270 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Canon PowereShot S3 basic manual.pdf
[2010/04/24 19:29:00 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\End User\NTUSER.DAT_tureg_new.LOG
[2010/04/08 20:34:17 | 000,018,141 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Please fill out on 2nd line & return to [email protected](2)(2).ods
[2010/04/06 21:00:23 | 000,017,448 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Please fill out on 2nd line & return to [email protected](2).ods
[2010/01/22 18:54:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdxvs.dll
[2010/01/22 18:54:44 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\lxdxcoin.dll
[2010/01/22 18:53:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdxcaps.dll
[2010/01/22 18:53:37 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdxdrs.dll
[2010/01/22 18:53:37 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdxcnv4.dll
[2010/01/22 18:52:20 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdxrwrd.ini
[2010/01/22 18:52:02 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDXinst.dll
[2010/01/22 18:51:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdxgrd.dll
[2009/01/15 18:01:54 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/10/09 14:35:38 | 000,801,792 | ---- | C] () -- C:\WINDOWS\System32\NVD110.dll
[2008/10/09 14:35:38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\NVD410.dll
[2008/10/09 14:35:38 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\NVD210.dll
[2008/10/09 14:35:38 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\NVD510.dll
[2008/09/09 13:20:38 | 000,417,792 | ---- | C] () -- C:\WINDOWS\System32\RTClientSDK71.dll
[2008/09/09 13:20:38 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\decode.dll
[2008/09/09 13:20:38 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\NetworkAPI.dll
[2008/09/09 13:20:38 | 000,001,147 | ---- | C] () -- C:\WINDOWS\System32\IPCamera.ini
[2008/02/09 02:25:44 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/02/09 02:02:27 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/02/09 02:02:27 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/11/24 16:48:25 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/10 11:28:57 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2007/11/10 11:28:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2007/09/17 02:07:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/09/17 02:07:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/09/17 02:07:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/09/17 02:07:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/09/17 02:07:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/09/17 02:07:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/28 19:09:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

========== LOP Check ==========

[2010/07/04 14:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy
[2010/01/29 19:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2009/01/03 11:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2010/01/29 19:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/07 09:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2007/11/04 14:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2010/01/11 20:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/12/07 09:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2008/01/15 07:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/02/09 21:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/06 19:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R
[2010/04/24 19:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/02/08 01:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/04/24 19:04:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/02/02 18:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\BearShare
[2010/06/02 14:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\bearsharemediabartb
[2008/02/15 11:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\FrostWire
[2007/11/04 14:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Infineon
[2009/12/16 22:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\IObit
[2010/01/22 19:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Lexmark Productivity Studio
[2009/12/12 07:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\LimeWire
[2008/05/07 13:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\ParentalControl
[2009/12/07 09:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\ParetoLogic
[2009/12/31 00:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Simply Super Software
[2008/06/03 23:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Snapfish
[2010/04/24 19:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\TuneUp Software
[2010/02/08 00:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Vso
[2010/07/04 15:23:45 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{63677EAF-870D-4C0B-B179-923662675D6D}.job
[2010/07/04 18:46:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A03861EE-BCF6-44A1-95B0-4E302B7FDA1D}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
  • 0

#6
mpascal
Posted 04 July 2010 - 05:46 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi there,

STEP 1 - TFC

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
STEP 2 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 4 - Reply

Please reply with the following log:
  • MBAM Log
  • Kaspersky Log

  • 0

#7
mooshell9174
Posted 05 July 2010 - 04:41 PM

mooshell9174

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4268

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/4/2010 9:11:40 PM
mbam-log-2010-07-04 (21-11-40).txt

Scan type: Quick scan
Objects scanned: 118417
Time elapsed: 5 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


------------------------------------------------------------------


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, July 5, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, July 05, 2010 13:23:12
Records in database: 4243559
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Objects scanned: 72035
Threats found: 1
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 01:28:18


File name / Threat / Threats count
C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\44\7278e12c-69ddcfb4 Infected: Exploit.Java.Agent.f 1
C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\46\364f71ee-6c638d5d Infected: Exploit.Java.Agent.f 1

Selected area has been scanned.
  • 0

#8
mpascal
Posted 05 July 2010 - 04:48 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi there,

Follow the instructions in the link below to clear your Java cache:

http://fxtrade.oanda...ing/clear_cache

Other than that, how is your computer running now?
  • 0

#9
mooshell9174
Posted 05 July 2010 - 05:54 PM

mooshell9174

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Just did a restart. Still took well over 6 minutes to boot up.
  • 0

#10
mpascal
Posted 05 July 2010 - 06:13 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi there,

See if this helps.

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    :OTL
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWB = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWC = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWD = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWE = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWF = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWG = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWH = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWI = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWJ = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWK = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWM = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWN = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWO = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWP = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWQ = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWR = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWS = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWT = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWU = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWV = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWW = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWX = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWY = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWZ = 0

:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.

  • 0

Advertisements

#11
mooshell9174
Posted 06 July 2010 - 02:36 PM

mooshell9174

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
That didn't seem to help. Still slow.
  • 0

#12
mpascal
Posted 06 July 2010 - 05:09 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi there,

Open up OTL and push the Quickscan button. Post the resulting log here.
  • 0

#13
mooshell9174
Posted 06 July 2010 - 06:21 PM

mooshell9174

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
OTL logfile created on: 7/6/2010 8:14:48 PM - Run 4
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\End User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

990.00 Mb Total Physical Memory | 287.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 68.10 Gb Free Space | 60.93% Space Free | Partition Type: NTFS
Drive D: | 29.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: END-5EB8223EDBA
Current User Name: End User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\End User\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\dvd43\DVD43_Tray.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\lxdxcoms.exe ( )
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxserv.exe (Lexmark International, Inc.)
PRC - C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\End User\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirUpgradeService) -- File not found
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (acssrv) -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe (Agnitum Ltd.)
SRV - (lxdx_device) -- C:\WINDOWS\System32\lxdxcoms.exe ( )
SRV - (lxdxCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe ()


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (dvd43llh) -- C:\WINDOWS\system32\drivers\dvd43llh.sys (RIF)
DRV - (SandBox) -- C:\WINDOWS\system32\drivers\SandBox.sys (Agnitum Ltd.)
DRV - (afw) -- C:\WINDOWS\system32\drivers\afw.sys (Agnitum Ltd.)
DRV - (afwcore) -- C:\WINDOWS\system32\drivers\afwcore.sys (Agnitum Ltd.)
DRV - (USB_RNDIS_XP) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows ® Server 2003 DDK provider)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.bing.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.98
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/02 18:30:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/28 08:19:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/28 08:19:12 | 000,000,000 | ---D | M]

[2010/01/24 11:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Mozilla\Extensions
[2010/01/21 23:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\7y8wpos9.default\extensions
[2010/01/24 11:40:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\7y8wpos9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/06 16:33:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\hvqr0waw.default\extensions
[2010/04/27 16:51:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\hvqr0waw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/06 16:33:13 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\hvqr0waw.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/05/04 14:24:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\hvqr0waw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/02 18:28:58 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\hvqr0waw.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2009/12/03 11:54:24 | 000,002,476 | ---- | M] () -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\hvqr0waw.default\searchplugins\BearShareWebSearch.xml
[2010/07/06 16:33:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2009/12/03 11:54:24 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml

O1 HOSTS File: ([2010/01/29 18:36:43 | 000,619,896 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 data2.activshopper.com #[Trackware.ActivShopper]
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 16418 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Parental Control Toolbar) - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - C:\Program Files\parentalcontrol\parentalcontrol.dll ()
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll ()
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O3 - HKLM\..\Toolbar: (Parental Control Toolbar) - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - C:\Program Files\parentalcontrol\parentalcontrol.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Parental Control Toolbar) - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - C:\Program Files\parentalcontrol\parentalcontrol.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMultiIE = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1194199305268 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1202609130078 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FBEBF3DD-EF0E-44D3-9194-E8B3FDA9EBF8} http://67.221.122.133/WebCamX.cab (WebCamX Control)
O16 - DPF: vzTCPConfig http://www2.verizon....vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll) - C:\Program Files\BearShare Applications\MediaBar\DataMngr\datamngr.dll ()
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\End User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\End User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/03 22:46:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/05/16 17:04:48 | 000,367,328 | R--- | M] (NETGEAR Inc.) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2000/05/18 03:22:36 | 000,000,045 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{891bb5b5-8917-11df-9b3c-001558369bea}\Shell\AutoRun\command - "" = E:\setupSNK.exe -- File not found
O33 - MountPoints2\{c23dfac2-8a54-11dc-940c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c23dfac2-8a54-11dc-940c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c23dfac2-8a54-11dc-940c-806d6172696f}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2007/05/16 17:04:48 | 000,367,328 | R--- | M] (NETGEAR Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/06 17:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2010/07/04 18:29:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/02 20:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\End User\Application Data\AVG8
[2010/06/07 08:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/05/18 11:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/05/18 11:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/24 19:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\End User\Application Data\TuneUp Software
[2010/04/24 19:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010
[2010/04/24 19:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/04/24 19:04:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/01/22 18:52:02 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDXhcp.dll
[2010/01/22 18:52:01 | 001,105,920 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxserv.dll
[2010/01/22 18:52:01 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxusb1.dll
[2010/01/22 18:52:01 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxinpa.dll
[2010/01/22 18:52:01 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxiesc.dll
[2010/01/22 18:52:00 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxpmui.dll
[2010/01/22 18:52:00 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxprox.dll
[2010/01/22 18:51:59 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxlmpm.dll
[2010/01/22 18:51:58 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxhbn3.dll
[2010/01/22 18:51:56 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomc.dll
[2010/01/22 18:51:56 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomm.dll
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/06 20:16:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A03861EE-BCF6-44A1-95B0-4E302B7FDA1D}.job
[2010/07/06 17:56:19 | 061,697,329 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/06 17:51:15 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{63677EAF-870D-4C0B-B179-923662675D6D}.job
[2010/07/06 17:45:21 | 000,034,972 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/06 17:43:58 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\End User\NTUSER.DAT
[2010/07/06 06:13:42 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/05 20:48:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/05 20:48:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/05 20:39:37 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\End User\ntuser.ini
[2010/07/05 20:36:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/05 19:40:04 | 005,361,908 | -H-- | M] () -- C:\Documents and Settings\End User\Local Settings\Application Data\IconCache.db
[2010/07/02 14:50:06 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\End User\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/07/01 17:46:35 | 000,027,054 | ---- | M] () -- C:\Documents and Settings\End User\Desktop\image.jpg
[2010/07/01 17:38:40 | 000,046,204 | ---- | M] () -- C:\Documents and Settings\End User\Desktop\mr image.jpg
[2010/07/01 17:38:40 | 000,042,750 | ---- | M] () -- C:\Documents and Settings\End User\Desktop\mr image 4.jpg
[2010/07/01 17:37:04 | 000,047,040 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\image.jpg
[2010/07/01 17:37:04 | 000,046,204 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\mr image.jpg
[2010/07/01 17:37:04 | 000,042,750 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\mr image 4.jpg
[2010/06/23 21:13:14 | 000,010,446 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\BJ quotes.odt
[2010/06/22 16:34:30 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\End User\Desktop\NTREGOPT.lnk
[2010/06/22 16:34:30 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\End User\Desktop\ERUNT.lnk
[2010/06/22 16:21:03 | 000,501,780 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/22 16:21:03 | 000,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/22 16:21:03 | 000,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/09 17:40:07 | 000,106,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/09 17:14:51 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/06 15:46:15 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\End User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/02 18:37:50 | 000,026,064 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Box cake recipe.odt
[2010/06/02 09:17:36 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/02 09:17:35 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/31 22:24:51 | 000,032,686 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Envelope Address format.odt
[2010/05/31 22:12:42 | 000,149,152 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\BJs 4th Bday invite.odt
[2010/05/27 15:52:18 | 000,045,042 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\grad.odt
[2010/05/27 15:50:27 | 000,031,707 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\graduation_2.gif
[2010/05/27 14:28:29 | 000,034,558 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Address.odt
[2010/05/19 12:19:49 | 001,084,484 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\BJs 4th Bday invite 2.odt
[2010/05/18 11:24:51 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/05/15 20:16:25 | 000,000,619 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\lion simba circle.map
[2010/05/15 20:10:41 | 000,034,753 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Lion-King-simba grass.jpg
[2010/05/15 20:08:51 | 000,062,684 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\LionKingCliff.gif
[2010/05/15 20:08:12 | 000,029,723 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\the_lion_king_pride rock.jpg
[2010/05/14 19:02:07 | 000,017,718 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Core snacks.odt
[2010/05/12 21:20:09 | 000,028,079 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\lionking-simbacub.jpg
[2010/05/12 21:19:00 | 000,020,700 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\lionking20.gif
[2010/05/12 21:14:23 | 000,021,568 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\simbacub.gif
[2010/05/07 18:22:24 | 002,362,112 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Canon PowerShot S3 advanced manual.pdf
[2010/05/07 18:21:00 | 001,255,270 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Canon PowereShot S3 basic manual.pdf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/24 19:26:45 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\End User\NTUSER.DAT_tureg_old
[2010/04/19 22:19:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/08 20:34:18 | 000,018,141 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Please fill out on 2nd line & return to [email protected](2)(2).ods
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/01 14:36:20 | 000,047,040 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\image.jpg
[2010/07/01 14:36:20 | 000,046,204 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\mr image.jpg
[2010/07/01 14:36:20 | 000,046,204 | ---- | C] () -- C:\Documents and Settings\End User\Desktop\mr image.jpg
[2010/07/01 14:36:20 | 000,042,750 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\mr image 4.jpg
[2010/07/01 14:36:20 | 000,042,750 | ---- | C] () -- C:\Documents and Settings\End User\Desktop\mr image 4.jpg
[2010/07/01 14:36:20 | 000,027,054 | ---- | C] () -- C:\Documents and Settings\End User\Desktop\image.jpg
[2010/06/23 21:13:13 | 000,010,446 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\BJ quotes.odt
[2010/06/02 18:37:49 | 000,026,064 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Box cake recipe.odt
[2010/05/31 22:24:50 | 000,032,686 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Envelope Address format.odt
[2010/05/27 15:52:16 | 000,045,042 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\grad.odt
[2010/05/27 15:50:27 | 000,031,707 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\graduation_2.gif
[2010/05/27 14:14:04 | 000,034,558 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Address.odt
[2010/05/19 12:16:19 | 001,084,484 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\BJs 4th Bday invite 2.odt
[2010/05/18 11:24:51 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/05/15 20:16:25 | 000,000,619 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\lion simba circle.map
[2010/05/15 20:10:41 | 000,034,753 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Lion-King-simba grass.jpg
[2010/05/15 20:08:51 | 000,062,684 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\LionKingCliff.gif
[2010/05/15 20:08:11 | 000,029,723 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\the_lion_king_pride rock.jpg
[2010/05/14 19:02:07 | 000,017,718 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Core snacks.odt
[2010/05/13 15:44:39 | 000,149,152 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\BJs 4th Bday invite.odt
[2010/05/12 21:20:08 | 000,028,079 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\lionking-simbacub.jpg
[2010/05/12 21:19:00 | 000,020,700 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\lionking20.gif
[2010/05/12 21:14:22 | 000,021,568 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\simbacub.gif
[2010/05/12 17:01:02 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/07 18:22:24 | 002,362,112 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Canon PowerShot S3 advanced manual.pdf
[2010/05/07 18:21:00 | 001,255,270 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Canon PowereShot S3 basic manual.pdf
[2010/04/24 19:29:00 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\End User\NTUSER.DAT_tureg_new.LOG
[2010/04/08 20:34:17 | 000,018,141 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Please fill out on 2nd line & return to [email protected](2)(2).ods
[2010/01/22 18:54:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdxvs.dll
[2010/01/22 18:54:44 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\lxdxcoin.dll
[2010/01/22 18:53:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdxcaps.dll
[2010/01/22 18:53:37 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdxdrs.dll
[2010/01/22 18:53:37 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdxcnv4.dll
[2010/01/22 18:52:20 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdxrwrd.ini
[2010/01/22 18:52:02 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDXinst.dll
[2010/01/22 18:51:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdxgrd.dll
[2009/01/15 18:01:54 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/10/09 14:35:38 | 000,801,792 | ---- | C] () -- C:\WINDOWS\System32\NVD110.dll
[2008/10/09 14:35:38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\NVD410.dll
[2008/10/09 14:35:38 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\NVD210.dll
[2008/10/09 14:35:38 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\NVD510.dll
[2008/09/09 13:20:38 | 000,417,792 | ---- | C] () -- C:\WINDOWS\System32\RTClientSDK71.dll
[2008/09/09 13:20:38 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\decode.dll
[2008/09/09 13:20:38 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\NetworkAPI.dll
[2008/09/09 13:20:38 | 000,001,147 | ---- | C] () -- C:\WINDOWS\System32\IPCamera.ini
[2008/02/09 02:25:44 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/02/09 02:02:27 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/02/09 02:02:27 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/11/24 16:48:25 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/10 11:28:57 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2007/11/10 11:28:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2007/09/17 02:07:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/09/17 02:07:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/09/17 02:07:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/09/17 02:07:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/09/17 02:07:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/09/17 02:07:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/28 19:09:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

========== LOP Check ==========

[2010/07/04 20:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy
[2010/01/29 19:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2009/01/03 11:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2010/01/29 19:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/07 09:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2007/11/04 14:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2010/01/11 20:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/12/07 09:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2008/01/15 07:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/02/09 21:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/06 19:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R
[2010/04/24 19:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/07/04 20:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/04/24 19:04:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/02/02 18:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\BearShare
[2010/06/02 14:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\bearsharemediabartb
[2008/02/15 11:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\FrostWire
[2007/11/04 14:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Infineon
[2009/12/16 22:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\IObit
[2010/01/22 19:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Lexmark Productivity Studio
[2009/12/12 07:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\LimeWire
[2008/05/07 13:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\ParentalControl
[2009/12/07 09:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\ParetoLogic
[2009/12/31 00:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Simply Super Software
[2008/06/03 23:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Snapfish
[2010/04/24 19:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\TuneUp Software
[2010/02/08 00:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Vso
[2010/07/06 17:51:15 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{63677EAF-870D-4C0B-B179-923662675D6D}.job
[2010/07/06 20:16:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A03861EE-BCF6-44A1-95B0-4E302B7FDA1D}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

Thanks!
  • 0

#14
mpascal
Posted 06 July 2010 - 08:15 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
At what point does it take a while to boot up? Before you log in? After?
  • 0

#15
mooshell9174
Posted 07 July 2010 - 07:18 AM

mooshell9174

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Before I log in. I turn on power and it goes to the black screen that has some writing(can't remember what cause I'm at work)and stays there for about 6 min. ???
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP