Here are the results of all of the scans. Thank you again.
OTL.txtOTL logfile created on: 6/15/2010 6:53:56 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\CASEY\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,014.00 Mb Total Physical Memory | 222.00 Mb Available Physical Memory | 22.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 41.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.48 Gb Total Space | 13.60 Gb Free Space | 18.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NO-PUEDE-SER
Current User Name: CASEY
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\Users\CASEY\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\CASEY\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
========== Modules (SafeList) ========== MOD - C:\Users\CASEY\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ========== SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
========== Driver Services (SafeList) ========== DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (RTL8187B) -- C:\Windows\System32\drivers\wg111v3.sys (NETGEAR Inc. )
DRV - (TsLwWfF) -- C:\Windows\System32\drivers\TsLwWfF.sys (TamoSoft)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (SQTECH905C) -- C:\Windows\System32\drivers\Capt905c.sys (Service & Quality Technology.)
DRV - (BASFND) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3324046170-1720674440-2931111238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.com/IE - HKU\S-1-5-21-3324046170-1720674440-2931111238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/IE - HKU\S-1-5-21-3324046170-1720674440-2931111238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3324046170-1720674440-2931111238-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE 94 6F DB BB EF C9 01 [binary data]
IE - HKU\S-1-5-21-3324046170-1720674440-2931111238-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3324046170-1720674440-2931111238-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.52
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/06/02 19:41:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/15 15:13:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/09 11:57:59 | 000,000,000 | ---D | M]
[2009/10/31 14:02:47 | 000,000,000 | ---D | M] -- C:\Users\CASEY\AppData\Roaming\mozilla\Extensions
[2009/05/28 16:53:28 | 000,000,000 | ---D | M] -- C:\Users\CASEY\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/06/08 23:23:24 | 000,000,000 | ---D | M] -- C:\Users\CASEY\AppData\Roaming\mozilla\Firefox\Profiles\vt3iblsg.default\extensions
[2009/10/31 14:02:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\CASEY\AppData\Roaming\mozilla\Firefox\Profiles\vt3iblsg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/02 23:22:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\CASEY\AppData\Roaming\mozilla\Firefox\Profiles\vt3iblsg.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/10/31 13:44:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3324046170-1720674440-2931111238-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3324046170-1720674440-2931111238-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3324046170-1720674440-2931111238-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/get/f ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\CASEY\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\CASEY\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3324046170-1720674440-2931111238-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ========== [2010/06/15 18:46:37 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\CASEY\Desktop\OTL.exe
[2010/06/09 15:57:22 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/09 12:47:32 | 000,000,000 | ---D | C] -- C:\Users\CASEY\AppData\Roaming\AVG9
[2010/06/09 11:41:58 | 001,924,976 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\CASEY\Desktop\install_flash_player.exe
[2010/06/02 00:21:30 | 000,029,056 | ---- | C] (Service & Quality Technology.) -- C:\Windows\System32\drivers\Capt905c.sys
[2010/06/02 00:21:30 | 000,025,088 | ---- | C] (Service & Quality Technology.) -- C:\Windows\System32\drivers\Camd905c.sys
[2010/06/02 00:21:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MyDSC2
[2010/06/02 00:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\MyDSC2
[2010/06/02 00:19:40 | 000,000,000 | ---D | C] -- C:\Users\CASEY\AppData\Roaming\InstallShield
[2010/05/30 01:17:43 | 000,000,000 | ---D | C] -- C:\Users\CASEY\AppData\Local\Apps
[2010/05/30 01:17:41 | 000,000,000 | ---D | C] -- C:\Users\CASEY\AppData\Local\Deployment
[2010/05/22 14:39:58 | 024,184,872 | ---- | C] (Lime Wire LLC) -- C:\Users\CASEY\Desktop\LimeWireWin.exe
[2010/05/19 20:29:58 | 006,250,584 | ---- | C] (Intel(R) Corporation) -- C:\Users\CASEY\Desktop\th.exe
[2010/05/19 17:23:33 | 000,000,000 | ---D | C] -- C:\Users\CASEY\Documents\CommView for WiFi
[2010/05/19 17:23:19 | 000,022,632 | ---- | C] (TamoSoft) -- C:\Windows\System32\drivers\TsLwWfF.sys
[2010/05/19 17:23:18 | 000,000,000 | ---D | C] -- C:\Program Files\CommViewWiFi
[2010/05/19 17:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\TamoSoft
[2010/05/19 16:59:43 | 000,047,208 | ---- | C] (TamoSoft) -- C:\Windows\System32\tsnotify.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2010/06/15 19:04:39 | 003,670,016 | -HS- | M] () -- C:\Users\CASEY\NTUSER.DAT
[2010/06/15 18:52:24 | 000,293,376 | ---- | M] () -- C:\Users\CASEY\Desktop\533tobu0.exe
[2010/06/15 18:52:02 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3324046170-1720674440-2931111238-1000UA.job
[2010/06/15 18:46:38 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\CASEY\Desktop\OTL.exe
[2010/06/15 16:40:54 | 061,096,097 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/06/15 16:37:13 | 000,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/15 16:37:13 | 000,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/15 16:32:07 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/15 16:31:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/15 16:31:56 | 797,417,472 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/14 16:26:35 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/06/14 13:52:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3324046170-1720674440-2931111238-1000Core.job
[2010/06/14 04:04:29 | 001,764,268 | -H-- | M] () -- C:\Users\CASEY\AppData\Local\IconCache.db
[2010/06/12 15:29:14 | 001,228,992 | ---- | M] () -- C:\Users\CASEY\Desktop\D630_A17.EXE
[2010/06/09 15:57:23 | 000,002,963 | ---- | M] () -- C:\Users\CASEY\Desktop\HiJackThis.lnk
[2010/06/09 15:52:53 | 000,007,618 | ---- | M] () -- C:\Users\CASEY\AppData\Local\Resmon.ResmonCfg
[2010/06/09 15:50:57 | 001,402,880 | ---- | M] () -- C:\Users\CASEY\Desktop\HiJackThis.msi
[2010/06/09 11:41:58 | 001,924,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\CASEY\Desktop\install_flash_player.exe
[2010/06/09 01:43:48 | 000,008,024 | ---- | M] () -- C:\Users\CASEY\Desktop\cc_20100609_014335.reg
[2010/06/04 22:03:02 | 000,748,740 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/04 22:03:02 | 000,638,946 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/04 22:03:02 | 000,113,676 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/02 12:18:32 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/06/02 12:18:31 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/06/02 00:21:30 | 000,000,300 | ---- | M] () -- C:\Windows\win.ini
[2010/06/02 00:17:32 | 004,193,940 | ---- | M] () -- C:\Users\CASEY\Desktop\SQ905C_DSC_Driver_V2.004_2007MAY28.zip
[2010/05/24 20:44:57 | 000,032,307 | ---- | M] () -- C:\Users\CASEY\Desktop\Casey Santana Transcript 2010.docx
[2010/05/22 14:45:24 | 024,184,872 | ---- | M] (Lime Wire LLC) -- C:\Users\CASEY\Desktop\LimeWireWin.exe
[2010/05/19 20:31:48 | 006,250,584 | ---- | M] (Intel(R) Corporation) -- C:\Users\CASEY\Desktop\th.exe
[2010/05/19 17:23:26 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\CommView for WiFi.lnk
[2010/05/19 17:20:44 | 010,021,934 | ---- | M] () -- C:\Users\CASEY\Desktop\ca6.zip
[2010/05/19 16:57:00 | 009,490,855 | ---- | M] () -- C:\Users\CASEY\Desktop\cv6.zip
[2010/05/19 15:00:03 | 000,185,420 | ---- | M] () -- C:\Users\CASEY\Desktop\bt4-final-vm.zip
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ========== [2010/06/15 18:52:23 | 000,293,376 | ---- | C] () -- C:\Users\CASEY\Desktop\533tobu0.exe
[2010/06/12 15:29:14 | 001,228,992 | ---- | C] () -- C:\Users\CASEY\Desktop\D630_A17.EXE
[2010/06/09 15:57:23 | 000,002,963 | ---- | C] () -- C:\Users\CASEY\Desktop\HiJackThis.lnk
[2010/06/09 15:52:53 | 000,007,618 | ---- | C] () -- C:\Users\CASEY\AppData\Local\Resmon.ResmonCfg
[2010/06/09 15:50:55 | 001,402,880 | ---- | C] () -- C:\Users\CASEY\Desktop\HiJackThis.msi
[2010/06/09 01:43:43 | 000,008,024 | ---- | C] () -- C:\Users\CASEY\Desktop\cc_20100609_014335.reg
[2010/06/02 00:15:04 | 004,193,940 | ---- | C] () -- C:\Users\CASEY\Desktop\SQ905C_DSC_Driver_V2.004_2007MAY28.zip
[2010/05/24 20:44:55 | 000,032,307 | ---- | C] () -- C:\Users\CASEY\Desktop\Casey Santana Transcript 2010.docx
[2010/05/19 17:23:26 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\CommView for WiFi.lnk
[2010/05/19 17:11:56 | 010,021,934 | ---- | C] () -- C:\Users\CASEY\Desktop\ca6.zip
[2010/05/19 16:44:48 | 009,490,855 | ---- | C] () -- C:\Users\CASEY\Desktop\cv6.zip
[2010/05/19 14:43:43 | 000,185,420 | ---- | C] () -- C:\Users\CASEY\Desktop\bt4-final-vm.zip
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/05/28 09:11:17 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll
[2009/05/28 08:38:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/05/28 01:18:41 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2006/04/30 00:34:04 | 000,049,152 | ---- | C] () -- C:\Windows\System32\WbxRMenu.dll
[2006/04/13 23:18:24 | 000,196,608 | ---- | C] () -- C:\Windows\System32\atonres.dll
[2006/04/13 23:18:24 | 000,131,072 | ---- | C] () -- C:\Windows\System32\WbxMSAI.dll
[2006/04/13 23:18:24 | 000,098,304 | ---- | C] () -- C:\Windows\System32\atonecli.dll
========== Alternate Data Streams ========== @Alternate Data Stream - 12 bytes -> C:\Windows\System32:{DA6227CB-326B-4B4D-9A81-04B61F1538DD}
@Alternate Data Stream - 12 bytes -> C:\Windows\System32:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}
< End of report >
Extras.txtOTL Extras logfile created on: 6/15/2010 6:53:56 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\CASEY\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,014.00 Mb Total Physical Memory | 222.00 Mb Available Physical Memory | 22.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 41.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.48 Gb Total Space | 13.60 Gb Free Space | 18.26% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NO-PUEDE-SER
Current User Name: CASEY
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3324046170-1720674440-2931111238-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0E2B767B-EA6A-489B-BF83-8083FE1DB661}" = Pcsx2 0.9.6
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F7E7CEE-54EE-4882-AA16-64F3D84EE27D}" = Tic-Tac-Toe Gadget for Windows SideShow
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{52A7C6A6-6B88-47D1-922E-9F8A7E089E6A}" = Intel(R) PROSet/Wireless WiFi Software
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6F6594CB-DA1B-4FFB-B397-CACE3D5F668B}" = Windows Live Movie Maker Beta
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BFB7485D-A200-33CA-A2E1-E1600CA76484}" = Google Talk Plugin
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FC98FBE9-E931-494C-8717-497185371033}" = Nero 7 Premium
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner
"CommView for WiFi" = CommView for WiFi
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Emicsoft FLV Converter_is1" = Emicsoft FLV Converter
"FLV to WMV Convert_is1" = FLV to WMV Convert 2.7
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"MainApp.exe_is1" = CloneDVD 4.1.0.23
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"PokerStars.net" = PokerStars.net
"ProInst" = Intel PROSet Wireless
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 12.0" = RealPlayer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SystemRequirementsLab" = System Requirements Lab
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 0.9.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3324046170-1720674440-2931111238-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Gmer.txtGMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-06-15 19:51:28
Windows 6.1.7600
Running: 533tobu0.exe; Driver: C:\Users\CASEY\AppData\Local\Temp\pwlcifoc.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83232AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83232104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832323F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8321A634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8321A898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832321DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83232958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832326F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83232F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 832331A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82E4B5C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E70052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 96816C9D 28 Bytes [55, 1A, 62, DA, F4, FD, 5F, ...]
.text peauth.sys 96816CC1 28 Bytes [55, 1A, 62, DA, F4, FD, 5F, ...]
---- User code sections - GMER 1.0.15 ----
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtCreateFile + 6 77654A16 4 Bytes [28, 00, 17, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtCreateFile + B 77654A1B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtMapViewOfSection + 6 77655076 1 Byte [28]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtMapViewOfSection + 6 77655076 4 Bytes [28, 03, 17, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtMapViewOfSection + B 7765507B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenFile + 6 77655126 4 Bytes [68, 00, 17, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenFile + B 7765512B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenProcess + 6 776551D6 4 Bytes [A8, 01, 17, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenProcess + B 776551DB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenProcessToken + B 776551EB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenProcessTokenEx + 6 776551F6 4 Bytes [A8, 02, 17, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenProcessTokenEx + B 776551FB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenThread + 6 77655256 4 Bytes [68, 01, 17, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenThread + B 7765525B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenThreadToken + 6 77655266 4 Bytes [68, 02, 17, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenThreadToken + B 7765526B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtOpenThreadTokenEx + B 7765527B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtQueryAttributesFile + 6 77655386 4 Bytes [A8, 00, 17, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtQueryAttributesFile + B 7765538B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtQueryFullAttributesFile + B 7765543B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtSetInformationFile + 6 77655A86 4 Bytes [28, 01, 17, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtSetInformationFile + B 77655A8B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtSetInformationThread + 6 77655AE6 4 Bytes [28, 02, 17, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtSetInformationThread + B 77655AEB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtUnmapViewOfSection + 6 77655E06 1 Byte [68]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtUnmapViewOfSection + 6 77655E06 4 Bytes [68, 03, 17, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3044] ntdll.dll!NtUnmapViewOfSection + B 77655E0B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtCreateFile + 6 77654A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtCreateFile + B 77654A1B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtMapViewOfSection + 6 77655076 1 Byte [28]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtMapViewOfSection + 6 77655076 4 Bytes [28, 03, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtMapViewOfSection + B 7765507B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenFile + 6 77655126 4 Bytes [68, 00, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenFile + B 7765512B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenProcess + 6 776551D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenProcess + B 776551DB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenProcessToken + B 776551EB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenProcessTokenEx + 6 776551F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenProcessTokenEx + B 776551FB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenThread + 6 77655256 4 Bytes [68, 01, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenThread + B 7765525B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenThreadToken + 6 77655266 4 Bytes [68, 02, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenThreadToken + B 7765526B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtOpenThreadTokenEx + B 7765527B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtQueryAttributesFile + 6 77655386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtQueryAttributesFile + B 7765538B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtQueryFullAttributesFile + B 7765543B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtSetInformationFile + 6 77655A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtSetInformationFile + B 77655A8B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtSetInformationThread + 6 77655AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtSetInformationThread + B 77655AEB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtUnmapViewOfSection + 6 77655E06 1 Byte [68]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtUnmapViewOfSection + 6 77655E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[3696] ntdll.dll!NtUnmapViewOfSection + B 77655E0B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtCreateFile + 6 77654A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtCreateFile + B 77654A1B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtMapViewOfSection + 6 77655076 1 Byte [28]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtMapViewOfSection + 6 77655076 4 Bytes [28, 03, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtMapViewOfSection + B 7765507B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenFile + 6 77655126 4 Bytes [68, 00, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenFile + B 7765512B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcess + 6 776551D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcess + B 776551DB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcessToken + B 776551EB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcessTokenEx + 6 776551F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcessTokenEx + B 776551FB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThread + 6 77655256 4 Bytes [68, 01, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThread + B 7765525B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThreadToken + 6 77655266 4 Bytes [68, 02, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThreadToken + B 7765526B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThreadTokenEx + B 7765527B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtQueryAttributesFile + 6 77655386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtQueryAttributesFile + B 7765538B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtQueryFullAttributesFile + B 7765543B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtSetInformationFile + 6 77655A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtSetInformationFile + B 77655A8B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtSetInformationThread + 6 77655AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtSetInformationThread + B 77655AEB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtUnmapViewOfSection + 6 77655E06 1 Byte [68]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtUnmapViewOfSection + 6 77655E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtUnmapViewOfSection + B 77655E0B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtCreateFile + 6 77654A16 4 Bytes [28, 00, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtCreateFile + B 77654A1B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtMapViewOfSection + 6 77655076 1 Byte [28]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtMapViewOfSection + 6 77655076 4 Bytes [28, 03, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtMapViewOfSection + B 7765507B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenFile + 6 77655126 4 Bytes [68, 00, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenFile + B 7765512B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcess + 6 776551D6 4 Bytes [A8, 01, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcess + B 776551DB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcessToken + B 776551EB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcessTokenEx + 6 776551F6 4 Bytes [A8, 02, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenProcessTokenEx + B 776551FB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThread + 6 77655256 4 Bytes [68, 01, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThread + B 7765525B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThreadToken + 6 77655266 4 Bytes [68, 02, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThreadToken + B 7765526B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtOpenThreadTokenEx + B 7765527B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtQueryAttributesFile + 6 77655386 4 Bytes [A8, 00, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtQueryAttributesFile + B 7765538B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtQueryFullAttributesFile + B 7765543B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtSetInformationFile + 6 77655A86 4 Bytes [28, 01, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtSetInformationFile + B 77655A8B 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtSetInformationThread + 6 77655AE6 4 Bytes [28, 02, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtSetInformationThread + B 77655AEB 1 Byte [E2]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtUnmapViewOfSection + 6 77655E06 1 Byte [68]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtUnmapViewOfSection + 6 77655E06 4 Bytes [68, 03, 07, 00]
.text C:\Users\CASEY\AppData\Local\Google\Chrome\Application\chrome.exe[5588] ntdll.dll!NtUnmapViewOfSection + B 77655E0B 1 Byte [E2]
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Bind ?????????????????????????????????????????5????????????0????????????e???????????????????????????????????????????g?9???????????????????????????m?????????????????????????????????e?????????????? ??v???1??pc??????26???????6??????????????????????????????t????e???????????????????????????????????? ??s??????p???????????????p???????????????????????????????*6to4mp?????????????????????????????????Microsoft?????6?????????????16????????????????????:??????5????h?????????????????????????????????????????????????6-21-2006???????????????????????????????????? ???????,???????????????????0?g02???????????D?????eIR????d????????????n??????8???????????h?????*6to4mp???????????????????????????????????????????????????????????:???????????h?????????????? ???????g????????????X??????????t??????p???????????iPod?????????????????????????????????????????????}???}??????? ??????????????t???? ?????????????????????????????????????g????????????????????Microsoft????????????????????????????????????z???????????e????????????????????????????????v????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Route ?????????????????z?{?????????????????????B????????????8???????????h???????2???????????h?????????????????????????????????disk.inf????system32\drivers\nsiproxy.sys???System32\drivers\partmgr.sys??????????????????????????????????????????????????????????????????????????^????????????n????????????????????????*6to4mp??t????????????:???????????h?????????????????t????????????_??BB???????X???????????????t??????s???????????????????????????????*6to4mp???????????????:???????????h?????????????????t????????????4??t-??system32\DRIVERS\AgileVpn.sys????????r???????????????????B??????????????????????????????????????t????????????_?gtB??WAN Miniport (IKEv2)??????????????????????????????????????????????????????????????????????????????????????????????<???????????h?????????????????????????????????????????????????????????????????????????s?????6??????-????h8EC??system32\DRIVERS\rasl2tp.sys????????????????????????????????????????????????????t?????6???????????h???????????????????????????????????:???????????h?????tunnel??????Microsoft??
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Linkage@Export ?????????????????e??? ????????????????????????????????????????????????????????<??????f??????????????????????????????????t????????????d??ma????????????????????????????????????????R????????????????????????????????????????? ??????????????????e????????t???????????????? ????????????????????????.???????????????????s?????? ?????????????????????-????????????????????????????? ?????????????????????-????????N????????r??? ????????????????????N?????????????{8366751f-c91a-11de-adbf-001c23040a00}??????????????????? ???????????????????????????????????????f??????????????? ?????????????????????1??L????????? ???????? ????????????????f_x8??? ?????????????????????1????????????&???????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????J????????????????????o??me??Basic_Install???wpdbusenum\fs?????*?????????????text????? ?????????????????????1????????????&???????????????????????????os??t???? ?????????????????????1????????????????????? ?????????????????????1????????~?????????????8???????????h
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Bind ????????????????????????????????????????????????WpdFs????????????????e???????e??? ??????????????x????????????????????????????????????t???? ??s??????p????????????????????????????r???d??,-??????????volsnap.inf?????? ??????????????????SeChangeNotifyPrivilege?SeImpersonatePrivilege?SeTcbPrivilege???????? ???????????????????s?????????????????????a????????? ????????????????????????????$??????????????????????l?????????-23??????????? ???????F??????dA??WpdFsGroup???????????E??? ??????????????????????????????????????????????????????? ?????????????????????1??L????????? ?????????????????????????al_0??? ?????????????????????1????????????&???????????????????????? ?????????????????????1????????????????????? ???????????????????~?1????????????????????????????????????????9-15-2009???????????????????? ?????????????????????1????????????&???????????????????????2.0.30??????? ?????????????????????1????????????????????? ???????????????????{?1??????????????????????T??????????????d??????????????????????????????? ?????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Route ??????????????????*????????????n??????????????????????<???????????h?????????????????? ???????????C??23?????a??????????^????????????n??????b????????????n??????:???????????h??????????????B??????????????????????????system32\DRIVERS\rassstp.sys????????????????????????????????????????????????????????????x????????????????????(*?????????????????????????system32\drivers\peauth.sys?????????????????t???????????????????????*ISATAP??0??Video Save??????tunnel??????@%systemroot%\system32\wkssvc.dll,-1001???????????????????????????????????????b????????????e??????N???????????D???????????????????????m?????????????????int?el???????????{????????????????????????????????????????????????????\??????C?????e0???????????????????????????????????6-21-2006???????????????t???????????????????????Compbatt?t????R???????????h?????p???????????????????????????????????11???????????????????????????????????????????|???r??al??????????????????????????????? ??Wa??????????Microsoft??????????????????????????????????????????????????????????????????????
Reg HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Linkage@Export ????????????or??????????*6to4mp?73??????????????oem5.inf????SeCreateGlobalPrivilege?SeChangeNotifyPrivilege?SeIncreaseBasePriorityPrivilege?SeIncreaseQuotaPrivilege????%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe??????<????????????n????Microsoft .NET Framework NGEN???????????????????? ??????????????????????????????????????????????????p??????????????g?????????????????????????3????????????????????????????????8???????????h?????@%SystemRoot%\system32\drivers\fileinfo.sys,-100????Keyboard Port????????????l??23??ANY?????tunnel?l????Microsoft???????????????t???@%SystemRoot%\system32\drivers\fileinfo.sys,-101????system32\drivers\fltmgr.sys?????????t???Controls the underlying video driver stacks to provide fully-featured display capabilities.?????@%SystemRoot%\system32\drivers\http.sys,-1?????????????????g??????????????????????????????X??????8???????????????????????????????????????????????????????????????????????????????????{????b????????????n????GEAR ASPI Filter Driver???????<???????????h????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Bind ???s?????????r???;???<???s?s?6??????????? ?????s?5??????$???4????? ??????? ????????????????????????? ??????\???????????????]???]???????]??? ???]???????????????]???]???]???????]???????]??????????????????b????]???]???]???????]???]???????????????????????????\???]???]??? ???]???????]???????]??????????? ??? ???????]??? ??? ???]??? ????????????$???4????? ??????? ????t???????????????????????????????????????? ??????????? ???????machine.inf??<??tunnel??????????$???4????? ??????? ????????????????????????? ???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????(????????????????????????????????????????????????????????????????????????????????????????????????&??????????$???4????? ??????? ??????????????????????????????????????????????????????? ??????????? ???????D?P??????0?????????????????????????????????????????????????r???????????????r????????????:??u???e?gus???????{??????ma???{?{8b???????????<???e??????????*6to4mp??????t?t?u??????$???4????? ????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Route ???t?????????w???p??MD???????\???7???e????<??z???P?g?????????r????????????N????????????e_0???????w???0??e2???????????t??{00000000-0000-0000-ffff-ffffffffffff}???????????????????????w?x????? ???r???R???????????????????????????????w???????????????????????????x?x???????w?????????w???????????x?x????? ???r???.????????????????????<??{???r?ge\??@system32\DRIVERS\pci.sys,#65536;PCI bus %1, device %2, function %3;(0,28,1)????@system32\DRIVERS\pci.sys,#1540;PCI to PCI Bridge????????????????????x?x????? ???????w?????w?????]????.???&???????????????s??????w?x??????X??????p???t??????????? ???????w?????????????-???????????????????????w????? ???????w???????????w?3??????6??????????????????????????????????????????w?w?w?w????? ???????w???????????w?3??????"???????????????????????????????????????:??x??????????????? ???????w???????????w?3??????$??????????????????????????4?????????evi???w?x?????w??????????????? ??????????????d???????????????????????????????????????????????? ???????w???????????w?3????????????????i??????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanServer\Linkage@Export ??????????????????????????X??????8???????????????????????????????????????????????????????????????????????????????????{????b????????????n????GEAR ASPI Filter Driver???????<???????????h?????????????Microsoft?????????????????????????????????V????????????e????System Bus Extender?????RpcSs?????????????????????????8???????????h?????System32\drivers\hwpolicy.sys???system32\DRIVERS\i8042prt.sys?8042prt.sys???????or??????????s???.NTx86??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????2346?;????4?????????????????????????????????????????????????????????t???Loopback????????????????????????????LocalSystem?????????????????????????????????????????????????????????????????????????????*6to4mp?mR?????????????g????????????????????????wscsvc??????????-9???????????????????x??????????system32\DRIVERS\intelide.sys???@%systemroot%\system32\wkssvc.dll,-1004????????????????????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Bind ???|?????}?}???????????????????s?&???|?|???????|????? ???????|?????|???????1????????????????????? ???????|???????????x?1????????(?????????????N??????????????????????v???????????????|??6.1.7600.16385?????????|????? ???????|?????|???????1????????????????????? ???????|???????????y?1?????????????????????????|???????????????????????????????|???????????|?????|????? ???????|?????|???????1???????????????????????|???|???|???|???|???|???|???|??6d??(?????????? ???????|???????????y?1?????????????????????|?|???????|????? ???????{?????|??????????????????Q??????????T??? ???????|?????|?? ???????"?????h???????????\??\USB#ROOT_HUB#4&75387b2&0#{f18a0e88-c30c-11d0-8815-00a0c906bed8}002???????????*???*?????|?&??usbport.inf:Generic.Section.NTx86:ROOTHUB.Dev:6.1.7600.16385:usb\root_hub???USB\ROOT_HUB20&VID8086&PID2836&REV0002?USB\ROOT_HUB20&VID8086&PID2836?USB\ROOT_HUB20??????B????????g{4????*??|???m?????????n t???????{??????????????????Microsoft????|???????????????????????????????????|??????????{36fc9e60-c465-11cf-8056-4445535400
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Route ?????????????????????????????????????????????????????{????b????????????n????GEAR ASPI Filter Driver???????<???????????h?????????????Microsoft?????????????????????????????????V????????????e????System Bus Extender?????RpcSs?????????????????????????8???????????h?????System32\drivers\hwpolicy.sys???system32\DRIVERS\i8042prt.sys?8042prt.sys???????or??????????s???.NTx86??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????2346?;????4?????????????????????????????????????????????????????????t???Loopback????????????????????????????LocalSystem?????????????????????????????????????????????????????????????????????????????*6to4mp?mR?????????????g????????????????????????wscsvc??????????-9???????????????????x??????????system32\DRIVERS\intelide.sys???@%systemroot%\system32\wkssvc.dll,-1004???????????????????????????????????????????????????????????????????????????????6????????
Reg HKLM\SYSTEM\ControlSet002\services\LanmanWorkstation\Linkage@Export ??????????????????6????????????e????????????????????6-21-2006???@%SystemRoot%\system32\drivers\fltmgr.sys,-10000????extended base?????b????????????e??????(?????????p??????????????g??????`????????????e????????????????????11??????Microsoft???Intel Processor Driver??????????????????Tcpip??9?9????????????T????????????e??????????????????????????<???????????h?????????????@???os??text????*6to4mp???????????????<???????????h?????????????????t???????????????????system32\drivers\HTTP.sys???mshdc.inf_x86_neutral_f64b9c35a3a5be81??????????????Microsoft UAA Bus Driver for High Definition Audio????????.????????????e????????????????p?????????????????????????????????????4???????????h?????Keyboard Class????????<???????????h???????????????????????????????:???????????h?????????????????????????????????????????????????????????????Microsoft??????????????????????????????????????????g??????????X?????????????@%SystemRoot%\system32\drivers\fvevol.sys,-100????????N??????????????d?????????????????????g?????????????o??????????6-21-2006??
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR
---- EOF - GMER 1.0.15 ----