Michele
--------------------------
OTL logfile created on: 6/22/2010 6:04:28 PM - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\End User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
990.00 Mb Total Physical Memory | 404.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 68.51 Gb Free Space | 61.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: END-5EB8223EDBA
Current User Name: End User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Processes (SafeList) ==========<!--colorc--></span><!--/colorc-->
PRC - [2010/06/22 18:02:59 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\End User\My Documents\Downloads\OTL.exe
PRC - [2010/06/02 09:17:37 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/02 09:17:35 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/02 09:17:34 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/02 09:16:55 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/02 09:16:53 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/05 08:54:01 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/12 18:13:07 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/23 20:34:36 | 000,827,904 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 20:53:25 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdxcoms.exe
PRC - [2008/02/27 20:53:22 | 000,098,984 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxserv.exe
PRC - [2007/08/31 14:58:50 | 000,357,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Modules (SafeList) ==========<!--colorc--></span><!--/colorc-->
MOD - [2010/06/22 18:02:59 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\End User\My Documents\Downloads\OTL.exe
MOD - [2009/04/28 11:05:56 | 000,715,264 | ---- | M] (Agnitum Ltd.) -- c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Win32 Services (SafeList) ==========<!--colorc--></span><!--/colorc-->
SRV - File not found [Auto | Stopped] -- -- (AntiVirUpgradeService)
SRV - [2010/03/12 18:13:07 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/04/28 11:06:06 | 001,195,008 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe -- (acssrv)
SRV - [2008/02/27 20:53:25 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdxcoms.exe -- (lxdx_device)
SRV - [2008/02/27 20:53:22 | 000,098,984 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe -- (lxdxCATSCustConnectService)
<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Driver Services (SafeList) ==========<!--colorc--></span><!--/colorc-->
DRV - [2010/06/02 09:17:36 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 09:17:35 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/12 18:12:24 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/19 21:43:45 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/19 21:43:45 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 21:43:45 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/07 23:56:49 | 000,018,816 | ---- | M] (RIF) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dvd43llh.sys -- (dvd43llh)
DRV - [2010/01/24 20:54:46 | 000,000,000 | ---- | M] () [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\浍湉ࢰ蘽륀聕뀈蘿蘼.sys [WARNING: C:\WINDOWS\system32\drivers\??????????.sys] -- (浍湉ࢰ蘽륀聕뀈蘿蘼)
DRV - [2009/04/06 12:37:12 | 000,704,384 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SandBox.sys -- (SandBox)
DRV - [2009/02/18 18:30:56 | 000,031,128 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw)
DRV - [2009/02/10 17:15:42 | 000,257,432 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006/08/28 19:09:00 | 003,506,528 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/08/01 18:07:54 | 000,013,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/08/01 18:07:52 | 000,035,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/04/25 17:26:08 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005/10/18 15:15:42 | 004,034,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/01/07 18:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2001/08/17 09:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Standard Registry (SafeList) ==========<!--colorc--></span><!--/colorc-->
<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Internet Explorer ==========<!--colorc--></span><!--/colorc-->
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = www.bing.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = <a href="http://www.msn.com" target="_blank">http://www.msn.com</a>
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = <a href="http://search.bearshare.com/" target="_blank">http://search.bearshare.com/</a>
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = <a href="http://www.msn.com/" target="_blank">http://www.msn.com/</a>
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== FireFox ==========<!--colorc--></span><!--/colorc-->
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.87
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: {E84D42CA-64EB-11DE-A65F-8C3656D89593}:3.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/02 18:30:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/18 11:24:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/18 11:24:14 | 000,000,000 | ---D | M]
[2010/01/24 11:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Mozilla\Extensions
[2010/01/21 23:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\7y8wpos9.default\extensions
[2010/01/24 11:40:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\7y8wpos9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/22 14:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\hvqr0waw.default\extensions
[2010/04/27 16:51:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\hvqr0waw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/12 13:11:46 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\hvqr0waw.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/05/04 14:24:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\hvqr0waw.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/02 18:28:58 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\hvqr0waw.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2009/12/03 11:54:24 | 000,002,476 | ---- | M] () -- C:\Documents and Settings\End User\Application Data\Mozilla\Firefox\Profiles\hvqr0waw.default\searchplugins\BearShareWebSearch.xml
[2010/06/22 14:08:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/01/18 12:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2009/12/03 11:54:24 | 000,002,476 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\BearShareWebSearch.xml
O1 HOSTS File: ([2010/01/29 18:36:43 | 000,619,896 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 data2.activshopper.com #[Trackware.ActivShopper]
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 16418 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Parental Control Toolbar) - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - C:\Program Files\parentalcontrol\parentalcontrol.dll ()
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\DataMngr\IEBHO.dll ()
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\BearshareMediabarDx.dll ()
O3 - HKLM\..\Toolbar: (Parental Control Toolbar) - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - C:\Program Files\parentalcontrol\parentalcontrol.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Parental Control Toolbar) - {4E7BD74F-2B8D-469E-9FA5-A33DE8DBE931} - C:\Program Files\parentalcontrol\parentalcontrol.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMultiIE = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWB = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWC = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWD = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWE = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWF = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWG = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWH = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWI = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWJ = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWK = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWL = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWM = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWN = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWO = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWP = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWQ = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWR = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWS = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWT = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWU = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWV = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWW = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWX = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWY = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LWZ = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <a href="http://appldnld.appl...x/qtplugin.cab" target="_blank">http://appldnld.appl...tplugin.cab</a> (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} <a href="http://download.macr...irector/sw.cab" target="_blank">http://download.macr...ctor/sw.cab</a> (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} <a href="http://www.update.mi...?1194199305268" target="_blank">http://www.update.mi...94199305268</a> (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <a href="http://www.update.mi...?1202609130078" target="_blank">http://www.update.mi...02609130078</a> (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} <a href="http://java.sun.com/...ndows-i586.cab" target="_blank">http://java.sun.com/...ws-i586.cab</a> (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <a href="http://fpdownload.ma.../ultrashim.cab" target="_blank">http://fpdownload.ma...trashim.cab</a> (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} <a href="http://java.sun.com/...ndows-i586.cab" target="_blank">http://java.sun.com/...ws-i586.cab</a> (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <a href="http://java.sun.com/...ndows-i586.cab" target="_blank">http://java.sun.com/...ws-i586.cab</a> (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} <a href="http://platformdl.ad...lus/1.6/gp.cab" target="_blank">http://platformdl.ad.../1.6/gp.cab</a> (Reg Error: Key error.)
O16 - DPF: {FBEBF3DD-EF0E-44D3-9194-E8B3FDA9EBF8} <a href="http://67.221.122.13...33/WebCamX.cab" target="_blank">http://67.221.122.13...WebCamX.cab</a> (WebCamX Control)
O16 - DPF: vzTCPConfig <a href="http://www2.verizon....zTCPConfig.CAB" target="_blank">http://www2.verizon....PConfig.CAB</a> (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\DataMngr\datamngr.dll) - C:\Program Files\BearShare Applications\MediaBar\DataMngr\datamngr.dll ()
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\End User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\End User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/03 22:46:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/11/03 22:45:54 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mp42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)
<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Files/Folders - Created Within 90 Days ==========<!--colorc--></span><!--/colorc-->
[2010/06/07 08:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2010/05/18 11:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/05/18 11:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/24 19:05:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\End User\Application Data\TuneUp Software
[2010/04/24 19:05:15 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010
[2010/04/24 19:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/04/24 19:04:56 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/01/22 18:52:02 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDXhcp.dll
[2010/01/22 18:52:01 | 001,105,920 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxserv.dll
[2010/01/22 18:52:01 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxusb1.dll
[2010/01/22 18:52:01 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxinpa.dll
[2010/01/22 18:52:01 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxiesc.dll
[2010/01/22 18:52:00 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxpmui.dll
[2010/01/22 18:52:00 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxprox.dll
[2010/01/22 18:51:59 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxlmpm.dll
[2010/01/22 18:51:58 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxhbn3.dll
[2010/01/22 18:51:56 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomc.dll
[2010/01/22 18:51:56 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomm.dll
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Files - Modified Within 90 Days ==========<!--colorc--></span><!--/colorc-->
[2010/06/22 18:06:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A03861EE-BCF6-44A1-95B0-4E302B7FDA1D}.job
[2010/06/22 17:54:33 | 061,327,002 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/22 16:52:01 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\End User\Local Settings\Application Data\prvlcl.dat
[2010/06/22 16:48:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/22 16:47:53 | 000,034,972 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/06/22 16:47:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/22 16:47:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/22 16:38:26 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\End User\NTUSER.DAT
[2010/06/22 16:38:26 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\End User\ntuser.ini
[2010/06/22 16:34:30 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\End User\Desktop\NTREGOPT.lnk
[2010/06/22 16:34:30 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\End User\Desktop\ERUNT.lnk
[2010/06/22 16:21:03 | 000,501,780 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/22 16:21:03 | 000,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/22 16:21:03 | 000,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/22 14:13:08 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{63677EAF-870D-4C0B-B179-923662675D6D}.job
[2010/06/21 20:33:21 | 005,370,276 | -H-- | M] () -- C:\Documents and Settings\End User\Local Settings\Application Data\IconCache.db
[2010/06/14 20:36:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/09 17:40:07 | 000,106,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/09 17:14:51 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/06 15:46:15 | 000,039,424 | ---- | M] () -- C:\Documents and Settings\End User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/02 18:37:50 | 000,026,064 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Box cake recipe.odt
[2010/06/02 09:17:36 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/02 09:17:35 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/31 22:24:51 | 000,032,686 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Envelope Address format.odt
[2010/05/31 22:12:42 | 000,149,152 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\BJs 4th Bday invite.odt
[2010/05/27 15:52:18 | 000,045,042 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\grad.odt
[2010/05/27 15:50:27 | 000,031,707 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\graduation_2.gif
[2010/05/27 14:28:29 | 000,034,558 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Address.odt
[2010/05/19 12:19:49 | 001,084,484 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\BJs 4th Bday invite 2.odt
[2010/05/18 11:24:51 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/05/15 20:16:25 | 000,000,619 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\lion simba circle.map
[2010/05/15 20:10:41 | 000,034,753 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Lion-King-simba grass.jpg
[2010/05/15 20:08:51 | 000,062,684 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\LionKingCliff.gif
[2010/05/15 20:08:12 | 000,029,723 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\the_lion_king_pride rock.jpg
[2010/05/14 19:02:07 | 000,017,718 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Core snacks.odt
[2010/05/12 21:20:09 | 000,028,079 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\lionking-simbacub.jpg
[2010/05/12 21:19:00 | 000,020,700 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\lionking20.gif
[2010/05/12 21:14:23 | 000,021,568 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\simbacub.gif
[2010/05/07 18:22:24 | 002,362,112 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Canon PowerShot S3 advanced manual.pdf
[2010/05/07 18:21:00 | 001,255,270 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Canon PowereShot S3 basic manual.pdf
[2010/04/24 19:26:45 | 004,718,592 | -H-- | M] () -- C:\Documents and Settings\End User\NTUSER.DAT_tureg_old
[2010/04/19 22:19:35 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/08 20:34:18 | 000,018,141 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Please fill out on 2nd line & return to [email protected](2)(2).ods
[2010/04/06 21:04:43 | 000,017,448 | ---- | M] () -- C:\Documents and Settings\End User\My Documents\Please fill out on 2nd line & return to [email protected](2).ods
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Files Created - No Company Name ==========<!--colorc--></span><!--/colorc-->
[2010/06/02 18:37:49 | 000,026,064 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Box cake recipe.odt
[2010/05/31 22:24:50 | 000,032,686 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Envelope Address format.odt
[2010/05/27 15:52:16 | 000,045,042 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\grad.odt
[2010/05/27 15:50:27 | 000,031,707 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\graduation_2.gif
[2010/05/27 14:14:04 | 000,034,558 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Address.odt
[2010/05/19 12:16:19 | 001,084,484 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\BJs 4th Bday invite 2.odt
[2010/05/18 11:24:51 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/05/15 20:16:25 | 000,000,619 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\lion simba circle.map
[2010/05/15 20:10:41 | 000,034,753 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Lion-King-simba grass.jpg
[2010/05/15 20:08:51 | 000,062,684 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\LionKingCliff.gif
[2010/05/15 20:08:11 | 000,029,723 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\the_lion_king_pride rock.jpg
[2010/05/14 19:02:07 | 000,017,718 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Core snacks.odt
[2010/05/13 15:44:39 | 000,149,152 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\BJs 4th Bday invite.odt
[2010/05/12 21:20:08 | 000,028,079 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\lionking-simbacub.jpg
[2010/05/12 21:19:00 | 000,020,700 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\lionking20.gif
[2010/05/12 21:14:22 | 000,021,568 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\simbacub.gif
[2010/05/12 17:01:02 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/07 18:22:24 | 002,362,112 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Canon PowerShot S3 advanced manual.pdf
[2010/05/07 18:21:00 | 001,255,270 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Canon PowereShot S3 basic manual.pdf
[2010/04/24 19:29:00 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\End User\NTUSER.DAT_tureg_new.LOG
[2010/04/08 20:34:17 | 000,018,141 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Please fill out on 2nd line & return to [email protected](2)(2).ods
[2010/04/06 21:00:23 | 000,017,448 | ---- | C] () -- C:\Documents and Settings\End User\My Documents\Please fill out on 2nd line & return to [email protected](2).ods
[2010/01/22 18:54:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdxvs.dll
[2010/01/22 18:54:44 | 000,360,448 | ---- | C] () -- C:\WINDOWS\System32\lxdxcoin.dll
[2010/01/22 18:53:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdxcaps.dll
[2010/01/22 18:53:37 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdxdrs.dll
[2010/01/22 18:53:37 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdxcnv4.dll
[2010/01/22 18:52:20 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdxrwrd.ini
[2010/01/22 18:52:02 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDXinst.dll
[2010/01/22 18:51:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdxgrd.dll
[2009/01/15 18:01:54 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/10/09 14:35:38 | 000,801,792 | ---- | C] () -- C:\WINDOWS\System32\NVD110.dll
[2008/10/09 14:35:38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\NVD410.dll
[2008/10/09 14:35:38 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\NVD210.dll
[2008/10/09 14:35:38 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\NVD510.dll
[2008/09/09 13:20:38 | 000,417,792 | ---- | C] () -- C:\WINDOWS\System32\RTClientSDK71.dll
[2008/09/09 13:20:38 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\decode.dll
[2008/09/09 13:20:38 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\NetworkAPI.dll
[2008/09/09 13:20:38 | 000,001,147 | ---- | C] () -- C:\WINDOWS\System32\IPCamera.ini
[2008/02/09 02:25:44 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/02/09 02:02:27 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/02/09 02:02:27 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/11/24 16:48:25 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/10 11:28:57 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2007/11/10 11:28:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2007/09/17 02:07:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/09/17 02:07:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/09/17 02:07:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/09/17 02:07:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/09/17 02:07:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/09/17 02:07:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/28 19:09:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== LOP Check ==========<!--colorc--></span><!--/colorc-->
[2010/02/08 21:53:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy
[2010/01/29 19:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2009/01/03 11:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2010/01/29 19:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/12/07 09:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2007/11/04 14:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2010/01/11 20:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/12/07 09:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2008/01/15 07:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2010/02/09 21:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/06/06 19:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R
[2010/04/24 19:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/02/08 01:25:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/04/24 19:04:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010/02/02 18:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\BearShare
[2010/06/02 14:46:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\bearsharemediabartb
[2008/02/15 11:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\FrostWire
[2007/11/04 14:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Infineon
[2009/12/16 22:30:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\IObit
[2010/01/22 19:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Lexmark Productivity Studio
[2009/12/12 07:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\LimeWire
[2008/05/07 13:49:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\ParentalControl
[2009/12/07 09:30:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\ParetoLogic
[2009/12/31 00:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Simply Super Software
[2008/06/03 23:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Snapfish
[2010/04/24 19:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\TuneUp Software
[2010/02/08 00:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\End User\Application Data\Vso
[2010/06/22 14:13:08 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{63677EAF-870D-4C0B-B179-923662675D6D}.job
[2010/06/22 18:06:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A03861EE-BCF6-44A1-95B0-4E302B7FDA1D}.job
<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Purity Check ==========<!--colorc--></span><!--/colorc-->
<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Custom Scans ==========<!--colorc--></span><!--/colorc-->
<!--coloro:#A23BEC--><span style="color:#A23BEC"><!--/coloro-->< %SYSTEMDRIVE%\*.* ><!--colorc--></span><!--/colorc-->
[2010/01/09 03:11:20 | 000,011,238 | ---- | M] () -- C:\aaw7boot.log
[2007/11/03 22:46:22 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2007/11/03 22:41:40 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/01/26 17:55:36 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/04 00:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2007/11/03 22:46:22 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/11/03 22:46:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/01/22 19:17:44 | 000,001,630 | ---- | M] () -- C:\lxcy.log
[2010/01/22 19:17:42 | 000,000,505 | ---- | M] () -- C:\lxcyscan.log
[2008/03/20 19:48:55 | 000,012,063 | ---- | M] () -- C:\Mike work chart.odt
[2007/11/03 22:46:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 22:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/16 09:11:29 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/06/22 16:46:44 | 1560,281,088 | -HS- | M] () -- C:\pagefile.sys
[2007/11/13 09:07:33 | 000,000,146 | ---- | M] () -- C:\YServer.txt
<!--coloro:#A23BEC--><span style="color:#A23BEC"><!--/coloro-->< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll ><!--colorc--></span><!--/colorc-->
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/02/27 20:15:28 | 000,115,200 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdxdrpp.dll
<!--coloro:#A23BEC--><span style="color:#A23BEC"><!--/coloro-->< %systemroot%\*. /mp /s ><!--colorc--></span><!--/colorc-->
<!--coloro:#A23BEC--><span style="color:#A23BEC"><!--/coloro-->< %systemroot%\system32\*.dll /lockedfiles ><!--colorc--></span><!--/colorc-->
<!--coloro:#A23BEC--><span style="color:#A23BEC"><!--/coloro-->< %systemroot%\Tasks\*.job /lockedfiles ><!--colorc--></span><!--/colorc-->
<!--coloro:#A23BEC--><span style="color:#A23BEC"><!--/coloro-->< %systemroot%\System32\config\*.sav ><!--colorc--></span><!--/colorc-->
[2007/11/03 17:35:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/11/03 17:35:10 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/11/03 17:35:09 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
<!--coloro:#A23BEC--><span style="color:#A23BEC"><!--/coloro-->< %systemroot%\system32\user32.dll /md5 ><!--colorc--></span><!--/colorc-->
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
<!--coloro:#A23BEC--><span style="color:#A23BEC"><!--/coloro-->< %systemroot%\system32\ws2_32.dll /md5 ><!--colorc--></span><!--/colorc-->
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
<!--coloro:#A23BEC--><span style="color:#A23BEC"><!--/coloro-->< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU ><!--colorc--></span><!--/colorc-->
<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Files - Unicode (All) ==========<!--colorc--></span><!--/colorc-->
[2010/01/24 20:54:46 | 000,000,000 | ---- | M] ()(C:\WINDOWS\System32\drivers\??????????.sys) -- C:\WINDOWS\System32\drivers\浍湉ࢰ蘽륀聕뀈蘿蘼.sys
[2010/01/24 20:54:46 | 000,000,000 | ---- | C] ()(C:\WINDOWS\System32\drivers\??????????.sys) -- C:\WINDOWS\System32\drivers\浍湉ࢰ蘽륀聕뀈蘿蘼.sys
<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Alternate Data Streams ==========<!--colorc--></span><!--/colorc-->
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
-----------------------------------------
OTL Extras logfile created on: 6/22/2010 6:04:28 PM - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Documents and Settings\End User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
990.00 Mb Total Physical Memory | 404.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 68.51 Gb Free Space | 61.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: END-5EB8223EDBA
Current User Name: End User
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Extra Registry (SafeList) ==========<!--colorc--></span><!--/colorc-->
<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== File Associations ==========<!--colorc--></span><!--/colorc-->
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Shell Spawning ==========<!--colorc--></span><!--/colorc-->
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Security Center Settings ==========<!--colorc--></span><!--/colorc-->
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Authorized Applications List ==========<!--colorc--></span><!--/colorc-->
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Documents and Settings\End User\My Documents\Mike's MP3's\LimeWire\LimeWire.exe" = C:\Documents and Settings\End User\My Documents\Mike's MP3's\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:LimeWire -- (FrostWire Group)
"C:\Program Files\remoteAP\phone.exe" = C:\Program Files\remoteAP\phone.exe:*:Enabled:phone -- ()
"C:\WINDOWS\system32\lxdxcoms.exe" = C:\WINDOWS\system32\lxdxcoms.exe:*:Enabled:3600-4600 Series Server -- ( )
"C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe" = C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxpswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxtime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxjswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Lexmark 3600-4600 Series\lxdxlscn.exe" = C:\Program Files\Lexmark 3600-4600 Series\lxdxlscn.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxwbgw.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxwbgw.exe:*:Enabled:Lexmark Web Gateway -- ()
<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== HKEY_LOCAL_MACHINE Uninstall List ==========<!--colorc--></span><!--/colorc-->
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C03FBE-4492-4133-BBAB-421CD88ADA32}" = OpenOffice.org 2.3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B3B4E8E4-E2A4-11D6-8D31-00105A629F49}" = eMedia Guitar Method
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB360AE2-CF24-420B-8E31-7597E9499DD2}" = Zoom Cable Modem
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"1Click DVD Copy 5_is1" = 1Click DVD Copy 5.8.5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agnitum Outpost Firewall_is1" = Outpost Firewall 2009
"AVG9Uninstall" = AVG Free 9.0
"BearShare" = BearShare
"BearShare MediaBar" = MediaBar
"DVD43_is1" = DVD43 v4.6.0
"ERUNT_is1" = ERUNT 1.1j
"evfpzvmakmzlg" = RON Tool Netupbanner
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Lexmark 3600-4600 Series" = Lexmark 3600-4600 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"parentalcontrol" = Parental Control Toolbar
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Verizon Online DSL_is1" = Verizon Online DSL
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
<!--coloro:#E56717--><span style="color:#E56717"><!--/coloro-->========== Last 10 Event Log Errors ==========<!--colorc--></span><!--/colorc-->
[ Application Events ]
Error - 12/21/2009 1:05:02 PM | Computer Name = END-5EB8223EDBA | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3622, faulting module
unknown, version 0.0.0.0, fault address 0x76f2345a.
Error - 12/21/2009 1:19:14 PM | Computer Name = END-5EB8223EDBA | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x71ab2a6f.
Error - 12/21/2009 1:20:52 PM | Computer Name = END-5EB8223EDBA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x76f2345a.
Error - 12/21/2009 1:21:11 PM | Computer Name = END-5EB8223EDBA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x3d943480.
Error - 12/29/2009 8:39:21 PM | Computer Name = END-5EB8223EDBA | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 12/30/2009 10:04:42 PM | Computer Name = END-5EB8223EDBA | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BF from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro
Error - 12/30/2009 10:04:42 PM | Computer Name = END-5EB8223EDBA | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.
Error - 12/30/2009 11:22:12 PM | Computer Name = END-5EB8223EDBA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.
Error - 1/19/2010 3:35:06 PM | Computer Name = END-5EB8223EDBA | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x01b6c11c.
Error - 1/20/2010 7:10:54 AM | Computer Name = END-5EB8223EDBA | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0011977c.
[ System Events ]
Error - 6/21/2010 5:25:50 PM | Computer Name = END-5EB8223EDBA | Source = Service Control Manager | ID = 7031
Description = The AVG Free WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.
Error - 6/21/2010 5:25:53 PM | Computer Name = END-5EB8223EDBA | Source = Service Control Manager | ID = 7034
Description = The lxdx_device service terminated unexpectedly. It has done this
1 time(s).
Error - 6/21/2010 5:25:53 PM | Computer Name = END-5EB8223EDBA | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 6/22/2010 1:52:41 PM | Computer Name = END-5EB8223EDBA | Source = Service Control Manager | ID = 7000
Description = The Avira Upgrade Service service failed to start due to the following
error: %%3
Error - 6/22/2010 4:37:39 PM | Computer Name = END-5EB8223EDBA | Source = Service Control Manager | ID = 7031
Description = The AVG Free WatchDog service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.
Error - 6/22/2010 4:37:39 PM | Computer Name = END-5EB8223EDBA | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).
Error - 6/22/2010 4:37:43 PM | Computer Name = END-5EB8223EDBA | Source = Service Control Manager | ID = 7034
Description = The lxdxCATSCustConnectService service terminated unexpectedly. It
has done this 1 time(s).
Error - 6/22/2010 4:37:43 PM | Computer Name = END-5EB8223EDBA | Source = Service Control Manager | ID = 7034
Description = The lxdx_device service terminated unexpectedly. It has done this
1 time(s).
Error - 6/22/2010 4:37:43 PM | Computer Name = END-5EB8223EDBA | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 6/22/2010 4:48:04 PM | Computer Name = END-5EB8223EDBA | Source = Service Control Manager | ID = 7000
Description = The Avira Upgrade Service service failed to start due to the following
error: %%3
< End of report >
--------------------------------------
Malwarebytes' Anti-Malware 1.44
Database version: 3817
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
6/22/2010 4:16:55 PM
mbam-log-2010-06-22 (16-16-55).txt
Scan type: Full Scan (A:\|C:\|D:\|)
Objects scanned: 180494
Time elapsed: 33 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-----------------------------------------------
GMER 1.0.15.15281 - <a href="http://www.gmer.net" target="_blank">http://www.gmer.net</a>
Rootkit scan 2010-06-22 18:02:13
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ENDUSE~1\LOCALS~1\Temp\kfadiaow.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwAssignProcessToJobObject [0xF33CCA60]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwClose [0xF33B1BF0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwConnectPort [0xF33CE920]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateFile [0xF33ADF60]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateKey [0xF33B9090]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcess [0xF33C52B0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateProcessEx [0xF33C5BB0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSection [0xF33ACD10]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateSymbolicLinkObject [0xF33B8E40]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwCreateThread [0xF33C3D70]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDebugActiveProcess [0xF33D1F30]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteFile [0xF33B7B20]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteKey [0xF33BA900]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwDeleteValueKey [0xF33C13A0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwLoadDriver [0xF33C2BB0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwMakeTemporaryObject [0xF33B86B0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile [0xF33B0C10]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenKey [0xF33B9FC0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenProcess [0xF33C7CA0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenSection [0xF33AD580]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenThread [0xF33C7060]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwProtectVirtualMemory [0xF33CDDA0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryDirectoryFile [0xF33B28A0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryKey [0xF33BC750]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueryValueKey [0xF33BCFA0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwQueueApcThread [0xF33CBED0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRenameKey [0xF33C0590]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwReplaceKey [0xF33BE500]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestPort [0xF33D0A50]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRequestWaitReplyPort [0xF33D0D70]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwRestoreKey [0xF33BFD20]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey [0xF33BEC80]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKeyEx [0xF33BF4D0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSecureConnectPort [0xF33CF480]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetContextThread [0xF33CB440]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationDebugObject [0xF33D2520]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetInformationFile [0xF33B3BF0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetSystemInformation [0xF33C21C0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSetValueKey [0xF33BD820]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendProcess [0xF33CA190]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSuspendThread [0xF33CAAC0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSystemDebugControl [0xF33D1770]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateProcess [0xF33C8790]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwTerminateThread [0xF33C9620]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwUnloadDriver [0xF33C3530]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwWriteVirtualMemory [0xF33CD2B0]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 23E8 80501C20 4 Bytes JMP 8E890F61
.text ntkrnlpa.exe!ZwCallbackReturn + 2760 80501F98 12 Bytes [90, A1, 3C, F3, C0, AA, 3C, ...]
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF5E72360, 0x200B6D, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[248] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 00C8A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[248] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 00C8A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[248] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 00C8A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\AVG\AVG9\avgtray.exe[248] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 00C8A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[264] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0059EB4C C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[264] kernel32.dll!LoadResource 7C80A055 5 Bytes JMP 0059E828 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[264] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 0059EA88 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[264] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 0059EB20 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[264] USER32.dll!EnableWindow 7E429849 5 Bytes JMP 011A944C C:\PROGRA~1\Agnitum\OUTPOS~1\op_cmn.dll (Outpost Common Controls Library/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[264] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 0059EAF4 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\Program Files\dvd43\dvd43_tray.exe[280] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 00B6A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\dvd43\dvd43_tray.exe[280] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 00B6A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\dvd43\dvd43_tray.exe[280] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 00B6A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\dvd43\dvd43_tray.exe[280] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 00B6A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[340] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 007DA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[340] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 007DA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[340] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 007DA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[340] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 007DA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[384] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 0094A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[384] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 0094A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[384] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 0094A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[384] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 0094A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[516] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 00AEA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[516] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 00AEA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[516] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 00AEA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe[516] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 00AEA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[552] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 007DA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[552] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 007DA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[552] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 007DA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe[552] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 007DA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[576] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 00F2A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[576] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 00F2A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[576] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 00F2A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgchsvx.exe[576] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 00F2A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\lxdxcoms.exe[632] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 00B2A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\lxdxcoms.exe[632] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 00B2A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\lxdxcoms.exe[632] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 00B2A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\lxdxcoms.exe[632] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 00B2A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[1244] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 0091A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[1244] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 0091A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[1244] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 0091A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[1244] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 0091A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\End User\My Documents\Downloads\gmer\gmer.exe[1280] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 00B4A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\End User\My Documents\Downloads\gmer\gmer.exe[1280] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 00B4A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\End User\My Documents\Downloads\gmer\gmer.exe[1280] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 00B4A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Documents and Settings\End User\My Documents\Downloads\gmer\gmer.exe[1280] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 00B4A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[1348] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 00522570 C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe (Agnitum Outpost Service/Agnitum Ltd.)
.text C:\WINDOWS\system32\nvsvc32.exe[1356] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 007BA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\nvsvc32.exe[1356] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 007BA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\nvsvc32.exe[1356] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 007BA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\nvsvc32.exe[1356] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 007BA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1420] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 0080A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1420] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 0080A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1420] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 0080A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgwdsvc.exe[1420] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 0080A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1484] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 0087A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1484] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 0087A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1484] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 0087A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[1484] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 0087A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[1568] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 0094A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[1568] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 0094A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[1568] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 0094A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[1568] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 0094A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1696] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 0058A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1696] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 0058A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1696] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 0058A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1696] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 0058A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1804] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 0069A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1804] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 0069A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1804] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 0069A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1804] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 0069A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2000] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 00B9A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2000] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 00B9A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2000] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 00B9A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2000] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 00B9A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgnsx.exe[2468] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 00DAA1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgnsx.exe[2468] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 00DAA174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgnsx.exe[2468] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 00DAA1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\AVG\AVG9\avgnsx.exe[2468] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 00DAA224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\explorer.exe[3052] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 0094A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\explorer.exe[3052] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 0094A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\explorer.exe[3052] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 0094A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\explorer.exe[3052] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 0094A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3832] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3832] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5 Bytes JMP 00F9A1F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3832] USER32.dll!SetForegroundWindow 7E4242ED 5 Bytes JMP 00F9A174 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3832] USER32.dll!SetWindowPos 7E4299F3 5 Bytes JMP 00F9A1A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3832] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5 Bytes JMP 00F9A224 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
---- Devices - GMER 1.0.15 ----
Device \Driver\Tcpip \Device\Ip afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\Tcp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-16 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort0 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort1 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort2 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort3 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort4 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\atapi \Device\Ide\IdePort5 dvd43llh.sys (dvd43llh.sys/RIF)
Device \Driver\Tcpip \Device\Udp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\RawIp afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\IPMULTICAST afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Edited by admin, 08 August 2010 - 06:20 PM.